Windows Analysis Report
Odeme_belgesi.exe

Overview

General Information

Sample name: Odeme_belgesi.exe
Analysis ID: 1523245
MD5: fc9c0d308e1e66caf355a329f171362a
SHA1: f88d0427a7fab032dcc647f68facf43fcda1857e
SHA256: 079f962ef81e19092c633fe2e44d5ebb31eb83c0cb5d1052e1a048e15ba549c8
Tags: exeuser-lowmal3
Infos:

Detection

Lokibot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Lokibot
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Yara detected aPLib compressed binary
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Loki Password Stealer (PWS), LokiBot "Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2
  • SWEED
  • The Gorgon Group
  • Cobalt
 https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

AV Detection
barindex
Found malware configuration
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://solutviewmen.viewdns.net/bdifygidj/five/fre.php"]}
Multi AV Scanner detection for domain / URL
Source: solutviewmen.viewdns.net Virustotal: Detection: 5% Perma Link
Source: http://alphastand.trade/alien/fre.php Virustotal: Detection: 13% Perma Link
Source: http://kbfvzoboss.bid/alien/fre.php Virustotal: Detection: 12% Perma Link
Source: http://alphastand.win/alien/fre.php Virustotal: Detection: 12% Perma Link
Source: http://alphastand.top/alien/fre.php Virustotal: Detection: 15% Perma Link
Multi AV Scanner detection for submitted file
Source: Odeme_belgesi.exe ReversingLabs: Detection: 55%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: Odeme_belgesi.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: Odeme_belgesi.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Odeme_belgesi.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW, 1_2_00403D74

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49732 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49790 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49734 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49732 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49734 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49801 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49734 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49776 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49776 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49754 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49776 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49773 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49805 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49773 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49773 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49754 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49771 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49730 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49754 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49769 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49807 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49807 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49807 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49776 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49734 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49790 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49734 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49790 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49807 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49807 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49732 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49767 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49790 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49790 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49753 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49734
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49771 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49825 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49771 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49740 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49740 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49754 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49740 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49777 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49777 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49777 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49790
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49776 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49732 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49771 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49732 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49771 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49752 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49744 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49805 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49756 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49805 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49756 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49763 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49730 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49763 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49730 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49740 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49805 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49805 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49740 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49788 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49754 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49735 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49738 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49772 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49731 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49773 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49801 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49774 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49841 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49841 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49841 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49771
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49739 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49777 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49736 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49756 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49752 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49767 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49763 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49730 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49733 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49769 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49772 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49731 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49788 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49773 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49756 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49737 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49788 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49737 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49732
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49749 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49749 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49754
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49749 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49805
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49825 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49753 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49769 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49753 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49825 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49763 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49763 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49772 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49753 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49772 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49753 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49744 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49763
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49744 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49753
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49776
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49825 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49744 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49742 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49737 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49772 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49825 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49788 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49756 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49788 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49841 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49774 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49769 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49841 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49738 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49731 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49756
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49737 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49777 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49738 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49736 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49767 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49735 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49760 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49769 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49740
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49755 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49755 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49755 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49829 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49738 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49755 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49738 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49801 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49739 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49788
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49733 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49733 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49801 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49801 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49733 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49792 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49769
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49792 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49800 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49752 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49827 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49744 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49801
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49827 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49731 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49827 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49761 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49737 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49807
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49761 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49752 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49760 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49752 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49760 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49821 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49752
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49735 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49760 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49760 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49831 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49811 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49783 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49811 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49783 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49749 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49783 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49749 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49757 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49738
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49757 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49757 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49800 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49780 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49780 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49757 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49757 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49829 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49736 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49737
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49735 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49733 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49827 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49767 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49827 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49767 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49773
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49811 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49742 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49742 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49812 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49812 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49779 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49780 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49783 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49779 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49783 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49841
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49829 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49739 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49755 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49760
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49780 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49766 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49772
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49819 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49819 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49766 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49777
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49825
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49762 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49762 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49739 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49762 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49739 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49824 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49824 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49824 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49759 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49767
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49736 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49749
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49812 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49736 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49739
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49787 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49787 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49787 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49779 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49834 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49787 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49742 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49742 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49821 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49821 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49786 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49786 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49786 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49829 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49829 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49829
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49819 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49800 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49779 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49839 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49831 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49786 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49774 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49786 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49827
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49821 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49824 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49821 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49824 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49781 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49781 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49811 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49781 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49811 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49787 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49744
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49828 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49828 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49812 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49793 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49781 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49780 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49781 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49834 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49811
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49783
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49834 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49780
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49836 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49735 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49759 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49762 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49792 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49831 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49742
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49824
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49736
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49828 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49758 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49834 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49834 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49828 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49800 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49828 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49800 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49792 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49792 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49792
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49814 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49814 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49814 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49814 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49814 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49814
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49766 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49819 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49819 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49839 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49782 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49782 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49781
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49839 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49747 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49747 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49836 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49766 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49774 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49795 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49766 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49795 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49795 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49766
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49770 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49770 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49770 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49812 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49758 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49758 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49822 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49755
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49787
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49786
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49831 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49735
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49819
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49747 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49817 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49817 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49817 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49770 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49747 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49770 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49762 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49761 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49836 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49844 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49844 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49762
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49844 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49774 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49821
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49812
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49761 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49822 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49761 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49774
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49795 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49822 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49795 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49834
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49831 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49782 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49804 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49747 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49817 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49839 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49793 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49793 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49782 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49779 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49758 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49758 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49828
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49822 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49761
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49836 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49741 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49836 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49822 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49839 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49784 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49784 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49784 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49782 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49733
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49793 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49757
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49782
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49795
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49758
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49804 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49804 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49831
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49789 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49815 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49789 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49789 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49844 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49836
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49779
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49778 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49778 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49839
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49822
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49759 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49817 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49817
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49794 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49794 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49794 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49759 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49759 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49804 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49784 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49844 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49784 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49793 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49813 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49794 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49813 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49789 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49813 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49789 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49815 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49797 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49800
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49764 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49797 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49741 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49804 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49741 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49793
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49759
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49815 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49789
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49815 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49815 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49810 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49810 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49810 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49747
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49764 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49764 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49797 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49813 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49815
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49794 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49741 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49816 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49816 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49797 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49810 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49797 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49741 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49810 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49768 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49764 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49764 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49844
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49840 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49840 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49802 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49802 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49802 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49816 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49830 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49830 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49830 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49816 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49816 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49770
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49830 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49830 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49768 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49820 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49820 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49820 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49810
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49840 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49778 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49802 -> 45.66.231.242:80
Source: Network traffic Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49830
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor URLs: http://solutviewmen.viewdns.net/bdifygidj/five/fre.php
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CMCSUS CMCSUS
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 176Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 176Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 1_2_00404ED4 recv, 1_2_00404ED4
Source: global traffic DNS traffic detected: DNS query: solutviewmen.viewdns.net
Source: unknown HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 176Connection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:32 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:33 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:33 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:34 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:35 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:36 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:37 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:38 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:42 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:43 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:44 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:45 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:46 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:47 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:48 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:49 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:52 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:53 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:54 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:55 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:56 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:57 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:58 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:59 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:00 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:01 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:01 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:02 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:03 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:04 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:05 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:06 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:07 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:07 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:08 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:09 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:10 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:11 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:12 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:13 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:14 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:15 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:19 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:20 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:21 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:22 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:23 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:24 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:25 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:26 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:26 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:27 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:28 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:29 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:30 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:31 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:32 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:42 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:43 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:44 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:45 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:45 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:46 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:47 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:48 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:49 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:53 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:55 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:55 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:59 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:00 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:01 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:02 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:03 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:04 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:05 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:06 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:07 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:08 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:09 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:10 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:10 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:11 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:12 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:13 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:14 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:15 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:16 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:17 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:18 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:18 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:19 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:20 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:21 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:22 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:23 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:24 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:25 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:25 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:26 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:27 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:28 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:29 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:30 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:31 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:32 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:33 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:34 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: Odeme_belgesi.exe, 00000001.00000002.2914383353.0000000001268000.00000004.00000020.00020000.00000000.sdmp, Odeme_belgesi.exe, 00000001.00000002.2914113707.000000000049F000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: http://solutviewmen.viewdns.net/bdifygidj/five/fre.php
Source: Odeme_belgesi.exe, 00000001.00000002.2914383353.0000000001268000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://solutviewmen.viewdns.net/bdifygidj/five/fre.phpwD
Source: Odeme_belgesi.exe, Odeme_belgesi.exe, 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: http://www.ibsensoftware.com/

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Loki Payload Author: kevoreilly
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Loki Payload Author: kevoreilly
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Loki Payload Author: kevoreilly
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: Odeme_belgesi.exe PID: 6912, type: MEMORYSTR Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: Odeme_belgesi.exe PID: 7124, type: MEMORYSTR Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
PE file contains section with special chars
Source: Odeme_belgesi.exe Static PE information: section name: pNld"O
PE file has nameless sections
Source: Odeme_belgesi.exe Static PE information: section name:
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6ED2D0 NtReadVirtualMemory, 0_2_0A6ED2D0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6ED800 NtSetContextThread, 0_2_0A6ED800
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6ED6A8 NtWriteVirtualMemory, 0_2_0A6ED6A8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6ED488 NtResumeThread, 0_2_0A6ED488
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6ED2C8 NtReadVirtualMemory, 0_2_0A6ED2C8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6ED6A1 NtWriteVirtualMemory, 0_2_0A6ED6A1
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6ED7F9 NtSetContextThread, 0_2_0A6ED7F9
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6ED480 NtResumeThread, 0_2_0A6ED480
Detected potential crypto function
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E46D0 0_2_028E46D0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028ED310 0_2_028ED310
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E08E0 0_2_028E08E0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028EBCF8 0_2_028EBCF8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E3811 0_2_028E3811
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E2D89 0_2_028E2D89
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028EB980 0_2_028EB980
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028EF590 0_2_028EF590
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E2548 0_2_028E2548
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E6D50 0_2_028E6D50
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E4685 0_2_028E4685
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028EAAE0 0_2_028EAAE0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E6B89 0_2_028E6B89
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E6B98 0_2_028E6B98
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028EA3F8 0_2_028EA3F8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E6758 0_2_028E6758
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E6768 0_2_028E6768
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E24EB 0_2_028E24EB
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E5580 0_2_028E5580
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028EB198 0_2_028EB198
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E6109 0_2_028E6109
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E6118 0_2_028E6118
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E1937 0_2_028E1937
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E6943 0_2_028E6943
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E6950 0_2_028E6950
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_028E5573 0_2_028E5573
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF4D68 0_2_04FF4D68
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF6FA0 0_2_04FF6FA0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF88F0 0_2_04FF88F0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF6888 0_2_04FF6888
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF79F9 0_2_04FF79F9
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF5BF8 0_2_04FF5BF8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF74C9 0_2_04FF74C9
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF7471 0_2_04FF7471
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF05E8 0_2_04FF05E8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF05D8 0_2_04FF05D8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF96F0 0_2_04FF96F0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF96E0 0_2_04FF96E0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF87F8 0_2_04FF87F8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF67E0 0_2_04FF67E0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFA0EA 0_2_04FFA0EA
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFF198 0_2_04FFF198
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF1C58 0_2_04FF1C58
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF1C4B 0_2_04FF1C4B
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFAE30 0_2_04FFAE30
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFAE22 0_2_04FFAE22
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFAFE8 0_2_04FFAFE8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF6FE0 0_2_04FF6FE0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFBF48 0_2_04FFBF48
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFF8E8 0_2_04FFF8E8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF1810 0_2_04FF1810
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF1800 0_2_04FF1800
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFA968 0_2_04FFA968
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFA95A 0_2_04FFA95A
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFEAE0 0_2_04FFEAE0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF1A18 0_2_04FF1A18
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FF1A08 0_2_04FF1A08
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFABB8 0_2_04FFABB8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_04FFABA8 0_2_04FFABA8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6EC658 0_2_0A6EC658
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6E2D52 0_2_0A6E2D52
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6E25D8 0_2_0A6E25D8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6ED958 0_2_0A6ED958
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6EC64F 0_2_0A6EC64F
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6E1E29 0_2_0A6E1E29
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6E1E38 0_2_0A6E1E38
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6E8458 0_2_0A6E8458
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6EB530 0_2_0A6EB530
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 1_2_0040549C 1_2_0040549C
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 1_2_004029D4 1_2_004029D4
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: String function: 00405B6F appears 42 times
One or more processes crash
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 80
Sample file is different than original file name gathered from version info
Source: Odeme_belgesi.exe, 00000000.00000002.1680393686.0000000000B3E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs Odeme_belgesi.exe
Source: Odeme_belgesi.exe, 00000000.00000002.1692289357.000000000DBBA000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameserver1.exe: vs Odeme_belgesi.exe
Source: Odeme_belgesi.exe, 00000000.00000000.1665120062.0000000000632000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameserver1.exe: vs Odeme_belgesi.exe
Source: Odeme_belgesi.exe Binary or memory string: OriginalFilenameserver1.exe: vs Odeme_belgesi.exe
Uses 32bit PE files
Source: Odeme_belgesi.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: Odeme_belgesi.exe PID: 6912, type: MEMORYSTR Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: Odeme_belgesi.exe PID: 7124, type: MEMORYSTR Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Odeme_belgesi.exe Static PE information: Section: pNld"O ZLIB complexity 1.0003274877265862
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@6/3@3/1
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 1_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges, 1_2_0040650A
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 1_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize, 1_2_0040434D
Source: C:\Users\user\Desktop\Odeme_belgesi.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Odeme_belgesi.exe.log Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7128
Source: C:\Windows\SysWOW64\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\fe982138-f3da-4d31-99ef-675c1f388bd3 Jump to behavior
Source: Odeme_belgesi.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Odeme_belgesi.exe ReversingLabs: Detection: 55%
Source: unknown Process created: C:\Users\user\Desktop\Odeme_belgesi.exe "C:\Users\user\Desktop\Odeme_belgesi.exe"
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 80
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: samlib.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook Jump to behavior
Source: Odeme_belgesi.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Odeme_belgesi.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Unpacked PE file: 0.2.Odeme_belgesi.exe.5d0000.0.unpack pNld"O:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;
Yara detected aPLib compressed binary
Source: Yara match File source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Odeme_belgesi.exe PID: 6912, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Odeme_belgesi.exe PID: 7124, type: MEMORYSTR
PE file contains sections with non-standard names
Source: Odeme_belgesi.exe Static PE information: section name: pNld"O
Source: Odeme_belgesi.exe Static PE information: section name:
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6E2AF0 pushad ; ret 0_2_0A6E2AF1
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6E9BBF push 8BFFFFFFh; retf 0_2_0A6E9BC5
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 0_2_0A6E31D0 pushad ; retf 0_2_0A6E31D1
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 1_2_00402AC0 push eax; ret 1_2_00402AD4
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 1_2_00402AC0 push eax; ret 1_2_00402AFC
Source: Odeme_belgesi.exe Static PE information: section name: pNld"O entropy: 7.999478956820455
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 2770000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 2930000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 4930000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 5010000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 6010000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 6140000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 7140000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 7490000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 8490000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 9490000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: A6D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: B6D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: BB60000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: CB60000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 5010000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 6140000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 7490000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 8490000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: 9490000 memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Odeme_belgesi.exe TID: 6972 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe TID: 7120 Thread sleep count: 34 > 30 Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe TID: 7120 Thread sleep time: -2040000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW, 1_2_00403D74
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Thread delayed: delay time: 60000 Jump to behavior
Source: Odeme_belgesi.exe, 00000001.00000002.2914383353.0000000001268000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process queried: DebugPort Jump to behavior
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 1_2_0040317B mov eax, dword ptr fs:[00000030h] 1_2_0040317B
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: 1_2_00402B7C GetProcessHeap,RtlAllocateHeap, 1_2_00402B7C
Enables debug privileges
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Memory written: C:\Users\user\Desktop\Odeme_belgesi.exe base: 400000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Queries volume information: C:\Users\user\Desktop\Odeme_belgesi.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected Lokibot
Source: Yara match File source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Odeme_belgesi.exe PID: 6912, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Odeme_belgesi.exe PID: 7124, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 00000001.00000002.2914383353.0000000001268000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\Odeme_belgesi.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\Desktop\Odeme_belgesi.exe File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook Jump to behavior
Tries to steal Mail credentials (via file registry)
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: PopPassword 1_2_0040D069
Source: C:\Users\user\Desktop\Odeme_belgesi.exe Code function: SmtpPassword 1_2_0040D069
Yara detected Credential Stealer
Source: Yara match File source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523245 Sample: Odeme_belgesi.exe Startdate: 01/10/2024 Architecture: WINDOWS Score: 100 22 solutviewmen.viewdns.net 2->22 26 Multi AV Scanner detection for domain / URL 2->26 28 Suricata IDS alerts for network traffic 2->28 30 Found malware configuration 2->30 32 9 other signatures 2->32 8 Odeme_belgesi.exe 1 2->8         started        signatures3 process4 file5 20 C:\Users\user\...\Odeme_belgesi.exe.log, ASCII 8->20 dropped 34 Detected unpacking (changes PE section rights) 8->34 36 Tries to steal Mail credentials (via file registry) 8->36 38 Injects a PE file into a foreign processes 8->38 12 Odeme_belgesi.exe 120 8->12         started        16 Odeme_belgesi.exe 8->16         started        signatures6 process7 dnsIp8 24 solutviewmen.viewdns.net 45.66.231.242, 49730, 49731, 49732 CMCSUS Germany 12->24 40 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->40 42 Tries to steal Mail credentials (via file / registry access) 12->42 44 Tries to harvest and steal ftp login credentials 12->44 46 Tries to harvest and steal browser information (history, passwords, etc) 12->46 18 WerFault.exe 2 16->18         started        signatures9 process10
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
45.66.231.242
 solutviewmen.viewdns.net Germany
33657 CMCSUS true

Contacted Domains

Name IP Active
solutviewmen.viewdns.net 45.66.231.242 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://kbfvzoboss.bid/alien/fre.php true unknown
http://alphastand.win/alien/fre.php true unknown
http://solutviewmen.viewdns.net/bdifygidj/five/fre.php true unknown
http://alphastand.trade/alien/fre.php true unknown
http://alphastand.top/alien/fre.php true unknown