Edit tour

Windows Analysis Report
Request for quotation -6001845515-XLSX.exe

Overview

General Information

Sample name:	Request for quotation -6001845515-XLSX.exe
Analysis ID:	1619790
MD5:	533e9a82e11e4d2d1cc7859baa9bd565
SHA1:	7040dfb325e5177adf012e1519f5cb3c7ea761e1
SHA256:	9baa9eae4ac972c6ec77daa29929d86ea2462c9b2a8e4934b35cfab2a331de49
Tags:	exeuser-threatcat_ch
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Lokibot

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Initial sample is a PE file and has a suspicious name

Joe Sandbox ML detected suspicious sample

Maps a DLL or memory area into another process

Switches to a custom stack to bypass stack traces

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Writes to foreign memory regions

Yara detected aPLib compressed binary

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample file is different than original file name gathered from version info

Sigma detected: Uncommon Svchost Parent Process

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Request for quotation -6001845515-XLSX.exe (PID: 5588 cmdline: "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe" MD5: 533E9A82E11E4D2D1CC7859BAA9BD565)

svchost.exe (PID: 4672 cmdline: "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://0xmrmagnezi.github.io/malware%20analysis/LokiBot/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
00000002.00000002.3267274948.0000000002E12000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
Process Memory Space: Request for quotation -6001845515-XLSX.exe PID: 5588	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: Request for quotation -6001845515-XLSX.exe PID: 5588	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: Request for quotation -6001845515-XLSX.exe PID: 5588	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1046ef:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: svchost.exe PID: 4672	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: svchost.exe PID: 4672	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: svchost.exe PID: 4672	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: svchost.exe PID: 4672	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x5aca2:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 19 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
2.2.svchost.exe.400000.1.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.svchost.exe.400000.1.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.svchost.exe.400000.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.svchost.exe.400000.1.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.svchost.exe.400000.1.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.svchost.exe.400000.1.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
2.2.svchost.exe.400000.1.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.svchost.exe.400000.1.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
2.2.svchost.exe.400000.1.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.svchost.exe.400000.1.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.svchost.exe.400000.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.svchost.exe.400000.1.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.svchost.exe.400000.1.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.svchost.exe.400000.1.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
2.2.svchost.exe.400000.1.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.svchost.exe.400000.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Click to see the 24 entries

Sigma Signatures

System Summary

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe", CommandLine: "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe", CommandLine|base64offset|contains: ~, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe", ParentImage: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe, ParentProcessId: 5588, ParentProcessName: Request for quotation -6001845515-XLSX.exe, ProcessCommandLine: "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe", ProcessId: 4672, ProcessName: svchost.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe", CommandLine: "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe", CommandLine|base64offset|contains: ~, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe", ParentImage: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe, ParentProcessId: 5588, ParentProcessName: Request for quotation -6001845515-XLSX.exe, ProcessCommandLine: "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe", ProcessId: 4672, ProcessName: svchost.exe

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-20T10:13:15.881849+0100	2024312	1	A Network Trojan was detected	192.168.2.5	49704	104.21.64.1	80	TCP
2025-02-20T10:13:16.907670+0100	2024312	1	A Network Trojan was detected	192.168.2.5	49705	104.21.64.1	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-20T10:13:15.081894+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49704	104.21.64.1	80	TCP
2025-02-20T10:13:16.110922+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49705	104.21.64.1	80	TCP
2025-02-20T10:13:16.975470+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49706	104.21.64.1	80	TCP
2025-02-20T10:13:17.907957+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49707	104.21.64.1	80	TCP
2025-02-20T10:13:18.829167+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49708	104.21.64.1	80	TCP
2025-02-20T10:13:19.801755+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49709	104.21.64.1	80	TCP
2025-02-20T10:13:20.696172+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49710	104.21.64.1	80	TCP
2025-02-20T10:13:21.584352+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49711	104.21.64.1	80	TCP
2025-02-20T10:13:22.669449+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49712	104.21.64.1	80	TCP
2025-02-20T10:13:23.606320+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49713	104.21.64.1	80	TCP
2025-02-20T10:13:24.526943+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49714	104.21.64.1	80	TCP
2025-02-20T10:13:25.463332+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49715	104.21.64.1	80	TCP
2025-02-20T10:13:26.389115+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49716	104.21.64.1	80	TCP
2025-02-20T10:13:27.301459+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49717	104.21.64.1	80	TCP
2025-02-20T10:13:28.240263+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49718	104.21.64.1	80	TCP
2025-02-20T10:13:29.116784+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49720	104.21.64.1	80	TCP
2025-02-20T10:13:29.990469+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49723	104.21.64.1	80	TCP
2025-02-20T10:13:30.926823+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49726	104.21.64.1	80	TCP
2025-02-20T10:13:32.833601+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49729	104.21.64.1	80	TCP
2025-02-20T10:13:33.729780+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49730	104.21.64.1	80	TCP
2025-02-20T10:13:34.627783+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49736	104.21.64.1	80	TCP
2025-02-20T10:13:35.545582+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49744	104.21.64.1	80	TCP
2025-02-20T10:13:36.502105+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49753	104.21.64.1	80	TCP
2025-02-20T10:13:37.302710+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49759	104.21.64.1	80	TCP
2025-02-20T10:13:38.218875+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49765	104.21.64.1	80	TCP
2025-02-20T10:13:39.017400+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49771	104.21.64.1	80	TCP
2025-02-20T10:13:39.956823+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49777	104.21.64.1	80	TCP
2025-02-20T10:13:40.904735+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49783	104.21.64.1	80	TCP
2025-02-20T10:13:41.806827+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49790	104.21.64.1	80	TCP
2025-02-20T10:13:43.148942+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49795	104.21.64.1	80	TCP
2025-02-20T10:13:44.073935+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49801	104.21.64.1	80	TCP
2025-02-20T10:13:45.094096+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49807	104.21.64.1	80	TCP
2025-02-20T10:13:46.033336+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49818	104.21.64.1	80	TCP
2025-02-20T10:13:46.968048+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49824	104.21.64.1	80	TCP
2025-02-20T10:13:47.929897+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49830	104.21.64.1	80	TCP
2025-02-20T10:13:48.701328+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49836	104.21.64.1	80	TCP
2025-02-20T10:13:50.610903+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49847	104.21.64.1	80	TCP
2025-02-20T10:13:51.568236+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49853	104.21.64.1	80	TCP
2025-02-20T10:13:52.495161+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49862	104.21.64.1	80	TCP
2025-02-20T10:13:53.377278+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49870	104.21.64.1	80	TCP
2025-02-20T10:13:54.321037+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49876	104.21.64.1	80	TCP
2025-02-20T10:13:55.230212+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49882	104.21.64.1	80	TCP
2025-02-20T10:13:56.207997+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49888	104.21.64.1	80	TCP
2025-02-20T10:13:57.266815+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49897	104.21.64.1	80	TCP
2025-02-20T10:13:58.204765+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49905	104.21.64.1	80	TCP
2025-02-20T10:13:59.141185+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49911	104.21.64.1	80	TCP
2025-02-20T10:14:00.071334+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49917	104.21.64.1	80	TCP
2025-02-20T10:14:00.973860+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49923	104.21.64.1	80	TCP
2025-02-20T10:14:01.945862+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49930	104.21.64.1	80	TCP
2025-02-20T10:14:02.868865+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49938	104.21.64.1	80	TCP
2025-02-20T10:14:03.794801+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49945	104.21.64.1	80	TCP
2025-02-20T10:14:04.594593+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49951	104.21.64.1	80	TCP
2025-02-20T10:14:05.493770+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49957	104.21.64.1	80	TCP
2025-02-20T10:14:06.462040+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49964	104.21.64.1	80	TCP
2025-02-20T10:14:07.482914+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49972	104.21.64.1	80	TCP
2025-02-20T10:14:08.298686+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49978	104.21.64.1	80	TCP
2025-02-20T10:14:09.283781+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49986	104.21.64.1	80	TCP
2025-02-20T10:14:10.366846+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49993	104.21.64.1	80	TCP
2025-02-20T10:14:11.240130+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50000	104.21.64.1	80	TCP
2025-02-20T10:14:12.182014+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50006	104.21.64.1	80	TCP
2025-02-20T10:14:13.201823+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50012	104.21.64.1	80	TCP
2025-02-20T10:14:14.021246+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50018	104.21.64.1	80	TCP
2025-02-20T10:14:15.756043+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50024	104.21.64.1	80	TCP
2025-02-20T10:14:16.674805+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50030	104.21.64.1	80	TCP
2025-02-20T10:14:17.569526+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50038	104.21.64.1	80	TCP
2025-02-20T10:14:19.020320+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50042	104.21.64.1	80	TCP
2025-02-20T10:14:19.945942+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50043	104.21.64.1	80	TCP
2025-02-20T10:14:20.841760+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50044	104.21.64.1	80	TCP
2025-02-20T10:14:21.767334+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50045	104.21.64.1	80	TCP
2025-02-20T10:14:22.649168+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50046	104.21.64.1	80	TCP
2025-02-20T10:14:23.582675+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50047	104.21.64.1	80	TCP
2025-02-20T10:14:24.522942+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50048	104.21.64.1	80	TCP
2025-02-20T10:14:25.451542+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50049	104.21.64.1	80	TCP
2025-02-20T10:14:26.231195+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50050	104.21.64.1	80	TCP
2025-02-20T10:14:27.139076+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50051	104.21.64.1	80	TCP
2025-02-20T10:14:28.185874+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50052	104.21.64.1	80	TCP
2025-02-20T10:14:29.082427+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50053	104.21.64.1	80	TCP
2025-02-20T10:14:30.060868+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50054	104.21.64.1	80	TCP
2025-02-20T10:14:31.224089+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50055	104.21.64.1	80	TCP
2025-02-20T10:14:32.157311+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50056	104.21.64.1	80	TCP
2025-02-20T10:14:33.112135+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50057	104.21.64.1	80	TCP
2025-02-20T10:14:33.915960+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50058	104.21.64.1	80	TCP
2025-02-20T10:14:34.806551+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50059	104.21.64.1	80	TCP
2025-02-20T10:14:35.733557+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50060	104.21.64.1	80	TCP
2025-02-20T10:14:36.564181+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50061	104.21.64.1	80	TCP
2025-02-20T10:14:37.521304+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50062	104.21.64.1	80	TCP
2025-02-20T10:14:38.475270+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50063	104.21.64.1	80	TCP
2025-02-20T10:14:39.393326+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50064	104.21.64.1	80	TCP
2025-02-20T10:14:40.221300+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50065	104.21.64.1	80	TCP
2025-02-20T10:14:41.169145+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50066	104.21.64.1	80	TCP
2025-02-20T10:14:42.097231+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50067	104.21.64.1	80	TCP
2025-02-20T10:14:43.050017+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50068	104.21.64.1	80	TCP
2025-02-20T10:14:43.969833+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50069	104.21.64.1	80	TCP
2025-02-20T10:14:44.915680+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50070	104.21.64.1	80	TCP
2025-02-20T10:14:45.869690+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50071	104.21.64.1	80	TCP
2025-02-20T10:14:46.686697+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50072	104.21.64.1	80	TCP
2025-02-20T10:14:47.500381+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50073	104.21.64.1	80	TCP
2025-02-20T10:14:48.528589+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50074	104.21.64.1	80	TCP
2025-02-20T10:14:49.438442+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50075	104.21.64.1	80	TCP
2025-02-20T10:14:50.350861+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50076	104.21.64.1	80	TCP
2025-02-20T10:14:51.351646+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50077	104.21.64.1	80	TCP
2025-02-20T10:14:52.249175+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50078	104.21.64.1	80	TCP
2025-02-20T10:14:53.218790+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50079	104.21.64.1	80	TCP
2025-02-20T10:14:54.245501+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50080	104.21.64.1	80	TCP
2025-02-20T10:14:55.081040+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50081	104.21.64.1	80	TCP
2025-02-20T10:14:55.995930+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50082	104.21.64.1	80	TCP
2025-02-20T10:14:57.043576+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50083	104.21.64.1	80	TCP
2025-02-20T10:14:58.008815+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50084	104.21.64.1	80	TCP
2025-02-20T10:14:58.963987+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50085	104.21.64.1	80	TCP
2025-02-20T10:14:59.981376+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50086	104.21.64.1	80	TCP
2025-02-20T10:15:00.914125+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50087	104.21.64.1	80	TCP
2025-02-20T10:15:01.904061+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50088	104.21.64.1	80	TCP
2025-02-20T10:15:02.875195+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50089	104.21.64.1	80	TCP
2025-02-20T10:15:03.793836+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50090	104.21.64.1	80	TCP
2025-02-20T10:15:04.720760+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50091	104.21.64.1	80	TCP
2025-02-20T10:15:05.646383+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50092	104.21.64.1	80	TCP
2025-02-20T10:15:06.633625+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50093	104.21.64.1	80	TCP
2025-02-20T10:15:09.732809+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50094	104.21.64.1	80	TCP
2025-02-20T10:15:10.683763+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50095	104.21.64.1	80	TCP
2025-02-20T10:15:11.483887+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50096	104.21.64.1	80	TCP
2025-02-20T10:15:12.412030+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50097	104.21.64.1	80	TCP
2025-02-20T10:15:13.315382+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50098	104.21.64.1	80	TCP
2025-02-20T10:15:14.385062+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50099	104.21.64.1	80	TCP
2025-02-20T10:15:15.346860+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50100	104.21.64.1	80	TCP
2025-02-20T10:15:16.273255+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50101	104.21.64.1	80	TCP

ET MALWARE LokiBot Fake 404 Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-20T10:13:17.751497+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49706	TCP
2025-02-20T10:13:18.689386+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49707	TCP
2025-02-20T10:13:19.655580+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49708	TCP
2025-02-20T10:13:22.391953+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49711	TCP
2025-02-20T10:13:23.448204+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49712	TCP
2025-02-20T10:13:24.366327+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49713	TCP
2025-02-20T10:13:25.302971+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49714	TCP
2025-02-20T10:13:27.148394+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49716	TCP
2025-02-20T10:13:28.066905+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49717	TCP
2025-02-20T10:13:30.770347+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49723	TCP
2025-02-20T10:13:35.404334+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49736	TCP
2025-02-20T10:13:36.348347+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49744	TCP
2025-02-20T10:13:37.148984+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49753	TCP
2025-02-20T10:13:38.865107+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49765	TCP
2025-02-20T10:13:39.812356+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49771	TCP
2025-02-20T10:13:40.751570+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49777	TCP
2025-02-20T10:13:42.997692+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49790	TCP
2025-02-20T10:13:44.950523+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49801	TCP
2025-02-20T10:13:45.885113+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49807	TCP
2025-02-20T10:13:46.823156+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49818	TCP
2025-02-20T10:13:47.777764+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49824	TCP
2025-02-20T10:13:48.561139+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49830	TCP
2025-02-20T10:13:51.417404+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49847	TCP
2025-02-20T10:13:54.170988+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49870	TCP
2025-02-20T10:13:55.072875+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49876	TCP
2025-02-20T10:13:56.027568+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49882	TCP
2025-02-20T10:13:57.006729+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49888	TCP
2025-02-20T10:13:58.044992+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49897	TCP
2025-02-20T10:13:58.976948+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49905	TCP
2025-02-20T10:13:59.913149+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49911	TCP
2025-02-20T10:14:01.765323+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49923	TCP
2025-02-20T10:14:02.718322+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49930	TCP
2025-02-20T10:14:03.626526+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49938	TCP
2025-02-20T10:14:04.430103+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49945	TCP
2025-02-20T10:14:06.302583+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49957	TCP
2025-02-20T10:14:07.239433+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49964	TCP
2025-02-20T10:14:08.120540+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49972	TCP
2025-02-20T10:14:09.092082+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49978	TCP
2025-02-20T10:14:10.081542+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	49986	TCP
2025-02-20T10:14:11.991676+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50000	TCP
2025-02-20T10:14:12.972293+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50006	TCP
2025-02-20T10:14:13.839457+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50012	TCP
2025-02-20T10:14:15.504940+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50018	TCP
2025-02-20T10:14:16.508860+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50024	TCP
2025-02-20T10:14:18.355204+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50038	TCP
2025-02-20T10:14:19.797340+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50042	TCP
2025-02-20T10:14:23.410462+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50046	TCP
2025-02-20T10:14:24.367510+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50047	TCP
2025-02-20T10:14:26.079890+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50049	TCP
2025-02-20T10:14:27.922014+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50051	TCP
2025-02-20T10:14:28.919114+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50052	TCP
2025-02-20T10:14:29.876907+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50053	TCP
2025-02-20T10:14:30.834805+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50054	TCP
2025-02-20T10:14:32.002166+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50055	TCP
2025-02-20T10:14:32.943226+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50056	TCP
2025-02-20T10:14:33.757236+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50057	TCP
2025-02-20T10:14:35.564423+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50059	TCP
2025-02-20T10:14:36.370739+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50060	TCP
2025-02-20T10:14:37.350185+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50061	TCP
2025-02-20T10:14:38.306885+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50062	TCP
2025-02-20T10:14:40.043366+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50064	TCP
2025-02-20T10:14:40.991413+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50065	TCP
2025-02-20T10:14:42.878992+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50067	TCP
2025-02-20T10:14:43.807765+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50068	TCP
2025-02-20T10:14:44.762295+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50069	TCP
2025-02-20T10:14:45.698225+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50070	TCP
2025-02-20T10:14:46.530960+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50071	TCP
2025-02-20T10:14:47.346290+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50072	TCP
2025-02-20T10:14:48.308278+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50073	TCP
2025-02-20T10:14:53.065286+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50078	TCP
2025-02-20T10:14:53.846174+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50079	TCP
2025-02-20T10:14:54.898857+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50080	TCP
2025-02-20T10:14:57.835233+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50083	TCP
2025-02-20T10:14:58.790625+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50084	TCP
2025-02-20T10:15:01.752859+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50087	TCP
2025-02-20T10:15:02.710709+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50088	TCP
2025-02-20T10:15:06.460951+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50092	TCP
2025-02-20T10:15:11.321998+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50095	TCP
2025-02-20T10:15:12.251386+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50096	TCP
2025-02-20T10:15:15.151310+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50099	TCP
2025-02-20T10:15:16.111850+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50100	TCP
2025-02-20T10:15:16.899921+0100	2025483	1	A Network Trojan was detected	104.21.64.1	80	192.168.2.5	50101	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-20T10:13:17.746440+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49706	104.21.64.1	80	TCP
2025-02-20T10:13:18.683996+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49707	104.21.64.1	80	TCP
2025-02-20T10:13:19.647891+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49708	104.21.64.1	80	TCP
2025-02-20T10:13:20.524878+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49709	104.21.64.1	80	TCP
2025-02-20T10:13:21.427841+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49710	104.21.64.1	80	TCP
2025-02-20T10:13:22.386666+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49711	104.21.64.1	80	TCP
2025-02-20T10:13:23.443238+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49712	104.21.64.1	80	TCP
2025-02-20T10:13:24.361211+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49713	104.21.64.1	80	TCP
2025-02-20T10:13:25.297817+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49714	104.21.64.1	80	TCP
2025-02-20T10:13:26.231692+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49715	104.21.64.1	80	TCP
2025-02-20T10:13:27.142137+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49716	104.21.64.1	80	TCP
2025-02-20T10:13:28.061719+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49717	104.21.64.1	80	TCP
2025-02-20T10:13:28.960651+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49718	104.21.64.1	80	TCP
2025-02-20T10:13:29.839822+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49720	104.21.64.1	80	TCP
2025-02-20T10:13:30.765321+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49723	104.21.64.1	80	TCP
2025-02-20T10:13:32.673192+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49726	104.21.64.1	80	TCP
2025-02-20T10:13:33.561517+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49729	104.21.64.1	80	TCP
2025-02-20T10:13:34.472183+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49730	104.21.64.1	80	TCP
2025-02-20T10:13:35.399284+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49736	104.21.64.1	80	TCP
2025-02-20T10:13:36.343276+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49744	104.21.64.1	80	TCP
2025-02-20T10:13:37.143392+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49753	104.21.64.1	80	TCP
2025-02-20T10:13:38.073641+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49759	104.21.64.1	80	TCP
2025-02-20T10:13:38.860061+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49765	104.21.64.1	80	TCP
2025-02-20T10:13:39.807199+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49771	104.21.64.1	80	TCP
2025-02-20T10:13:40.746510+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49777	104.21.64.1	80	TCP
2025-02-20T10:13:41.634758+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49783	104.21.64.1	80	TCP
2025-02-20T10:13:42.987961+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49790	104.21.64.1	80	TCP
2025-02-20T10:13:43.879948+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49795	104.21.64.1	80	TCP
2025-02-20T10:13:44.944704+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49801	104.21.64.1	80	TCP
2025-02-20T10:13:45.878028+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49807	104.21.64.1	80	TCP
2025-02-20T10:13:46.818200+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49818	104.21.64.1	80	TCP
2025-02-20T10:13:47.765222+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49824	104.21.64.1	80	TCP
2025-02-20T10:13:48.556167+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49830	104.21.64.1	80	TCP
2025-02-20T10:13:50.455564+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49836	104.21.64.1	80	TCP
2025-02-20T10:13:51.412337+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49847	104.21.64.1	80	TCP
2025-02-20T10:13:52.337278+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49853	104.21.64.1	80	TCP
2025-02-20T10:13:53.225154+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49862	104.21.64.1	80	TCP
2025-02-20T10:13:54.165904+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49870	104.21.64.1	80	TCP
2025-02-20T10:13:55.067756+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49876	104.21.64.1	80	TCP
2025-02-20T10:13:56.022452+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49882	104.21.64.1	80	TCP
2025-02-20T10:13:57.001492+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49888	104.21.64.1	80	TCP
2025-02-20T10:13:58.039970+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49897	104.21.64.1	80	TCP
2025-02-20T10:13:58.971768+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49905	104.21.64.1	80	TCP
2025-02-20T10:13:59.908113+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49911	104.21.64.1	80	TCP
2025-02-20T10:14:00.808208+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49917	104.21.64.1	80	TCP
2025-02-20T10:14:01.760197+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49923	104.21.64.1	80	TCP
2025-02-20T10:14:02.713249+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49930	104.21.64.1	80	TCP
2025-02-20T10:14:03.619102+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49938	104.21.64.1	80	TCP
2025-02-20T10:14:04.424880+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49945	104.21.64.1	80	TCP
2025-02-20T10:14:05.322398+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49951	104.21.64.1	80	TCP
2025-02-20T10:14:06.297449+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49957	104.21.64.1	80	TCP
2025-02-20T10:14:07.233999+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49964	104.21.64.1	80	TCP
2025-02-20T10:14:08.115457+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49972	104.21.64.1	80	TCP
2025-02-20T10:14:09.086878+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49978	104.21.64.1	80	TCP
2025-02-20T10:14:10.071935+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49986	104.21.64.1	80	TCP
2025-02-20T10:14:11.070624+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49993	104.21.64.1	80	TCP
2025-02-20T10:14:11.986221+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50000	104.21.64.1	80	TCP
2025-02-20T10:14:12.967185+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50006	104.21.64.1	80	TCP
2025-02-20T10:14:13.834200+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50012	104.21.64.1	80	TCP
2025-02-20T10:14:15.494751+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50018	104.21.64.1	80	TCP
2025-02-20T10:14:16.503779+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50024	104.21.64.1	80	TCP
2025-02-20T10:14:17.403486+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50030	104.21.64.1	80	TCP
2025-02-20T10:14:18.348318+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50038	104.21.64.1	80	TCP
2025-02-20T10:14:19.792363+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50042	104.21.64.1	80	TCP
2025-02-20T10:14:20.657632+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50043	104.21.64.1	80	TCP
2025-02-20T10:14:21.565419+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50044	104.21.64.1	80	TCP
2025-02-20T10:14:22.484415+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50045	104.21.64.1	80	TCP
2025-02-20T10:14:23.405482+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50046	104.21.64.1	80	TCP
2025-02-20T10:14:24.362477+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50047	104.21.64.1	80	TCP
2025-02-20T10:14:25.286943+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50048	104.21.64.1	80	TCP
2025-02-20T10:14:26.074878+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50049	104.21.64.1	80	TCP
2025-02-20T10:14:26.967726+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50050	104.21.64.1	80	TCP
2025-02-20T10:14:27.916991+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50051	104.21.64.1	80	TCP
2025-02-20T10:14:28.914162+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50052	104.21.64.1	80	TCP
2025-02-20T10:14:29.871682+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50053	104.21.64.1	80	TCP
2025-02-20T10:14:30.824279+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50054	104.21.64.1	80	TCP
2025-02-20T10:14:31.997036+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50055	104.21.64.1	80	TCP
2025-02-20T10:14:32.938253+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50056	104.21.64.1	80	TCP
2025-02-20T10:14:33.750265+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50057	104.21.64.1	80	TCP
2025-02-20T10:14:34.652232+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50058	104.21.64.1	80	TCP
2025-02-20T10:14:35.555957+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50059	104.21.64.1	80	TCP
2025-02-20T10:14:36.365737+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50060	104.21.64.1	80	TCP
2025-02-20T10:14:37.345140+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50061	104.21.64.1	80	TCP
2025-02-20T10:14:38.301785+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50062	104.21.64.1	80	TCP
2025-02-20T10:14:39.199791+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50063	104.21.64.1	80	TCP
2025-02-20T10:14:40.038361+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50064	104.21.64.1	80	TCP
2025-02-20T10:14:40.986005+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50065	104.21.64.1	80	TCP
2025-02-20T10:14:41.923367+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50066	104.21.64.1	80	TCP
2025-02-20T10:14:42.873946+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50067	104.21.64.1	80	TCP
2025-02-20T10:14:43.802702+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50068	104.21.64.1	80	TCP
2025-02-20T10:14:44.757231+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50069	104.21.64.1	80	TCP
2025-02-20T10:14:45.692615+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50070	104.21.64.1	80	TCP
2025-02-20T10:14:46.525427+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50071	104.21.64.1	80	TCP
2025-02-20T10:14:47.341243+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50072	104.21.64.1	80	TCP
2025-02-20T10:14:48.288778+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50073	104.21.64.1	80	TCP
2025-02-20T10:14:49.272612+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50074	104.21.64.1	80	TCP
2025-02-20T10:14:50.169533+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50075	104.21.64.1	80	TCP
2025-02-20T10:14:51.094173+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50076	104.21.64.1	80	TCP
2025-02-20T10:14:52.088882+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50077	104.21.64.1	80	TCP
2025-02-20T10:14:53.060085+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50078	104.21.64.1	80	TCP
2025-02-20T10:14:53.840874+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50079	104.21.64.1	80	TCP
2025-02-20T10:14:54.892748+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50080	104.21.64.1	80	TCP
2025-02-20T10:14:55.817124+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50081	104.21.64.1	80	TCP
2025-02-20T10:14:56.726186+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50082	104.21.64.1	80	TCP
2025-02-20T10:14:57.829114+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50083	104.21.64.1	80	TCP
2025-02-20T10:14:58.785524+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50084	104.21.64.1	80	TCP
2025-02-20T10:14:59.790386+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50085	104.21.64.1	80	TCP
2025-02-20T10:15:00.742402+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50086	104.21.64.1	80	TCP
2025-02-20T10:15:01.746789+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50087	104.21.64.1	80	TCP
2025-02-20T10:15:02.705656+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50088	104.21.64.1	80	TCP
2025-02-20T10:15:03.601326+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50089	104.21.64.1	80	TCP
2025-02-20T10:15:04.542986+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50090	104.21.64.1	80	TCP
2025-02-20T10:15:05.462320+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50091	104.21.64.1	80	TCP
2025-02-20T10:15:06.455208+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50092	104.21.64.1	80	TCP
2025-02-20T10:15:09.546042+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50093	104.21.64.1	80	TCP
2025-02-20T10:15:10.495694+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50094	104.21.64.1	80	TCP
2025-02-20T10:15:11.316977+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50095	104.21.64.1	80	TCP
2025-02-20T10:15:12.246331+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50096	104.21.64.1	80	TCP
2025-02-20T10:15:13.149903+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50097	104.21.64.1	80	TCP
2025-02-20T10:15:14.053859+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50098	104.21.64.1	80	TCP
2025-02-20T10:15:15.146255+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50099	104.21.64.1	80	TCP
2025-02-20T10:15:16.106142+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50100	104.21.64.1	80	TCP
2025-02-20T10:15:16.894796+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50101	104.21.64.1	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-20T10:13:17.746440+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49706	104.21.64.1	80	TCP
2025-02-20T10:13:18.683996+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49707	104.21.64.1	80	TCP
2025-02-20T10:13:19.647891+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49708	104.21.64.1	80	TCP
2025-02-20T10:13:20.524878+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49709	104.21.64.1	80	TCP
2025-02-20T10:13:21.427841+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49710	104.21.64.1	80	TCP
2025-02-20T10:13:22.386666+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49711	104.21.64.1	80	TCP
2025-02-20T10:13:23.443238+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49712	104.21.64.1	80	TCP
2025-02-20T10:13:24.361211+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49713	104.21.64.1	80	TCP
2025-02-20T10:13:25.297817+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49714	104.21.64.1	80	TCP
2025-02-20T10:13:26.231692+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49715	104.21.64.1	80	TCP
2025-02-20T10:13:27.142137+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49716	104.21.64.1	80	TCP
2025-02-20T10:13:28.061719+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49717	104.21.64.1	80	TCP
2025-02-20T10:13:28.960651+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49718	104.21.64.1	80	TCP
2025-02-20T10:13:29.839822+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49720	104.21.64.1	80	TCP
2025-02-20T10:13:30.765321+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49723	104.21.64.1	80	TCP
2025-02-20T10:13:32.673192+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49726	104.21.64.1	80	TCP
2025-02-20T10:13:33.561517+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49729	104.21.64.1	80	TCP
2025-02-20T10:13:34.472183+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49730	104.21.64.1	80	TCP
2025-02-20T10:13:35.399284+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49736	104.21.64.1	80	TCP
2025-02-20T10:13:36.343276+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49744	104.21.64.1	80	TCP
2025-02-20T10:13:37.143392+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49753	104.21.64.1	80	TCP
2025-02-20T10:13:38.073641+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49759	104.21.64.1	80	TCP
2025-02-20T10:13:38.860061+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49765	104.21.64.1	80	TCP
2025-02-20T10:13:39.807199+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49771	104.21.64.1	80	TCP
2025-02-20T10:13:40.746510+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49777	104.21.64.1	80	TCP
2025-02-20T10:13:41.634758+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49783	104.21.64.1	80	TCP
2025-02-20T10:13:42.987961+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49790	104.21.64.1	80	TCP
2025-02-20T10:13:43.879948+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49795	104.21.64.1	80	TCP
2025-02-20T10:13:44.944704+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49801	104.21.64.1	80	TCP
2025-02-20T10:13:45.878028+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49807	104.21.64.1	80	TCP
2025-02-20T10:13:46.818200+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49818	104.21.64.1	80	TCP
2025-02-20T10:13:47.765222+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49824	104.21.64.1	80	TCP
2025-02-20T10:13:48.556167+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49830	104.21.64.1	80	TCP
2025-02-20T10:13:50.455564+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49836	104.21.64.1	80	TCP
2025-02-20T10:13:51.412337+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49847	104.21.64.1	80	TCP
2025-02-20T10:13:52.337278+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49853	104.21.64.1	80	TCP
2025-02-20T10:13:53.225154+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49862	104.21.64.1	80	TCP
2025-02-20T10:13:54.165904+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49870	104.21.64.1	80	TCP
2025-02-20T10:13:55.067756+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49876	104.21.64.1	80	TCP
2025-02-20T10:13:56.022452+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49882	104.21.64.1	80	TCP
2025-02-20T10:13:57.001492+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49888	104.21.64.1	80	TCP
2025-02-20T10:13:58.039970+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49897	104.21.64.1	80	TCP
2025-02-20T10:13:58.971768+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49905	104.21.64.1	80	TCP
2025-02-20T10:13:59.908113+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49911	104.21.64.1	80	TCP
2025-02-20T10:14:00.808208+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49917	104.21.64.1	80	TCP
2025-02-20T10:14:01.760197+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49923	104.21.64.1	80	TCP
2025-02-20T10:14:02.713249+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49930	104.21.64.1	80	TCP
2025-02-20T10:14:03.619102+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49938	104.21.64.1	80	TCP
2025-02-20T10:14:04.424880+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49945	104.21.64.1	80	TCP
2025-02-20T10:14:05.322398+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49951	104.21.64.1	80	TCP
2025-02-20T10:14:06.297449+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49957	104.21.64.1	80	TCP
2025-02-20T10:14:07.233999+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49964	104.21.64.1	80	TCP
2025-02-20T10:14:08.115457+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49972	104.21.64.1	80	TCP
2025-02-20T10:14:09.086878+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49978	104.21.64.1	80	TCP
2025-02-20T10:14:10.071935+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49986	104.21.64.1	80	TCP
2025-02-20T10:14:11.070624+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49993	104.21.64.1	80	TCP
2025-02-20T10:14:11.986221+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50000	104.21.64.1	80	TCP
2025-02-20T10:14:12.967185+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50006	104.21.64.1	80	TCP
2025-02-20T10:14:13.834200+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50012	104.21.64.1	80	TCP
2025-02-20T10:14:15.494751+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50018	104.21.64.1	80	TCP
2025-02-20T10:14:16.503779+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50024	104.21.64.1	80	TCP
2025-02-20T10:14:17.403486+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50030	104.21.64.1	80	TCP
2025-02-20T10:14:18.348318+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50038	104.21.64.1	80	TCP
2025-02-20T10:14:19.792363+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50042	104.21.64.1	80	TCP
2025-02-20T10:14:20.657632+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50043	104.21.64.1	80	TCP
2025-02-20T10:14:21.565419+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50044	104.21.64.1	80	TCP
2025-02-20T10:14:22.484415+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50045	104.21.64.1	80	TCP
2025-02-20T10:14:23.405482+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50046	104.21.64.1	80	TCP
2025-02-20T10:14:24.362477+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50047	104.21.64.1	80	TCP
2025-02-20T10:14:25.286943+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50048	104.21.64.1	80	TCP
2025-02-20T10:14:26.074878+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50049	104.21.64.1	80	TCP
2025-02-20T10:14:26.967726+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50050	104.21.64.1	80	TCP
2025-02-20T10:14:27.916991+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50051	104.21.64.1	80	TCP
2025-02-20T10:14:28.914162+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50052	104.21.64.1	80	TCP
2025-02-20T10:14:29.871682+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50053	104.21.64.1	80	TCP
2025-02-20T10:14:30.824279+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50054	104.21.64.1	80	TCP
2025-02-20T10:14:31.997036+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50055	104.21.64.1	80	TCP
2025-02-20T10:14:32.938253+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50056	104.21.64.1	80	TCP
2025-02-20T10:14:33.750265+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50057	104.21.64.1	80	TCP
2025-02-20T10:14:34.652232+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50058	104.21.64.1	80	TCP
2025-02-20T10:14:35.555957+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50059	104.21.64.1	80	TCP
2025-02-20T10:14:36.365737+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50060	104.21.64.1	80	TCP
2025-02-20T10:14:37.345140+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50061	104.21.64.1	80	TCP
2025-02-20T10:14:38.301785+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50062	104.21.64.1	80	TCP
2025-02-20T10:14:39.199791+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50063	104.21.64.1	80	TCP
2025-02-20T10:14:40.038361+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50064	104.21.64.1	80	TCP
2025-02-20T10:14:40.986005+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50065	104.21.64.1	80	TCP
2025-02-20T10:14:41.923367+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50066	104.21.64.1	80	TCP
2025-02-20T10:14:42.873946+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50067	104.21.64.1	80	TCP
2025-02-20T10:14:43.802702+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50068	104.21.64.1	80	TCP
2025-02-20T10:14:44.757231+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50069	104.21.64.1	80	TCP
2025-02-20T10:14:45.692615+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50070	104.21.64.1	80	TCP
2025-02-20T10:14:46.525427+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50071	104.21.64.1	80	TCP
2025-02-20T10:14:47.341243+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50072	104.21.64.1	80	TCP
2025-02-20T10:14:48.288778+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50073	104.21.64.1	80	TCP
2025-02-20T10:14:49.272612+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50074	104.21.64.1	80	TCP
2025-02-20T10:14:50.169533+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50075	104.21.64.1	80	TCP
2025-02-20T10:14:51.094173+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50076	104.21.64.1	80	TCP
2025-02-20T10:14:52.088882+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50077	104.21.64.1	80	TCP
2025-02-20T10:14:53.060085+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50078	104.21.64.1	80	TCP
2025-02-20T10:14:53.840874+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50079	104.21.64.1	80	TCP
2025-02-20T10:14:54.892748+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50080	104.21.64.1	80	TCP
2025-02-20T10:14:55.817124+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50081	104.21.64.1	80	TCP
2025-02-20T10:14:56.726186+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50082	104.21.64.1	80	TCP
2025-02-20T10:14:57.829114+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50083	104.21.64.1	80	TCP
2025-02-20T10:14:58.785524+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50084	104.21.64.1	80	TCP
2025-02-20T10:14:59.790386+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50085	104.21.64.1	80	TCP
2025-02-20T10:15:00.742402+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50086	104.21.64.1	80	TCP
2025-02-20T10:15:01.746789+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50087	104.21.64.1	80	TCP
2025-02-20T10:15:02.705656+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50088	104.21.64.1	80	TCP
2025-02-20T10:15:03.601326+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50089	104.21.64.1	80	TCP
2025-02-20T10:15:04.542986+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50090	104.21.64.1	80	TCP
2025-02-20T10:15:05.462320+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50091	104.21.64.1	80	TCP
2025-02-20T10:15:06.455208+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50092	104.21.64.1	80	TCP
2025-02-20T10:15:09.546042+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50093	104.21.64.1	80	TCP
2025-02-20T10:15:10.495694+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50094	104.21.64.1	80	TCP
2025-02-20T10:15:11.316977+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50095	104.21.64.1	80	TCP
2025-02-20T10:15:12.246331+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50096	104.21.64.1	80	TCP
2025-02-20T10:15:13.149903+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50097	104.21.64.1	80	TCP
2025-02-20T10:15:14.053859+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50098	104.21.64.1	80	TCP
2025-02-20T10:15:15.146255+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50099	104.21.64.1	80	TCP
2025-02-20T10:15:16.106142+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50100	104.21.64.1	80	TCP
2025-02-20T10:15:16.894796+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50101	104.21.64.1	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-20T10:13:15.081894+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49704	104.21.64.1	80	TCP
2025-02-20T10:13:16.110922+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49705	104.21.64.1	80	TCP
2025-02-20T10:13:16.975470+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49706	104.21.64.1	80	TCP
2025-02-20T10:13:17.907957+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49707	104.21.64.1	80	TCP
2025-02-20T10:13:18.829167+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49708	104.21.64.1	80	TCP
2025-02-20T10:13:19.801755+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49709	104.21.64.1	80	TCP
2025-02-20T10:13:20.696172+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49710	104.21.64.1	80	TCP
2025-02-20T10:13:21.584352+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49711	104.21.64.1	80	TCP
2025-02-20T10:13:22.669449+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49712	104.21.64.1	80	TCP
2025-02-20T10:13:23.606320+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49713	104.21.64.1	80	TCP
2025-02-20T10:13:24.526943+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49714	104.21.64.1	80	TCP
2025-02-20T10:13:25.463332+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49715	104.21.64.1	80	TCP
2025-02-20T10:13:26.389115+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49716	104.21.64.1	80	TCP
2025-02-20T10:13:27.301459+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49717	104.21.64.1	80	TCP
2025-02-20T10:13:28.240263+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49718	104.21.64.1	80	TCP
2025-02-20T10:13:29.116784+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49720	104.21.64.1	80	TCP
2025-02-20T10:13:29.990469+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49723	104.21.64.1	80	TCP
2025-02-20T10:13:30.926823+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49726	104.21.64.1	80	TCP
2025-02-20T10:13:32.833601+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49729	104.21.64.1	80	TCP
2025-02-20T10:13:33.729780+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49730	104.21.64.1	80	TCP
2025-02-20T10:13:34.627783+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49736	104.21.64.1	80	TCP
2025-02-20T10:13:35.545582+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49744	104.21.64.1	80	TCP
2025-02-20T10:13:36.502105+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49753	104.21.64.1	80	TCP
2025-02-20T10:13:37.302710+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49759	104.21.64.1	80	TCP
2025-02-20T10:13:38.218875+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49765	104.21.64.1	80	TCP
2025-02-20T10:13:39.017400+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49771	104.21.64.1	80	TCP
2025-02-20T10:13:39.956823+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49777	104.21.64.1	80	TCP
2025-02-20T10:13:40.904735+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49783	104.21.64.1	80	TCP
2025-02-20T10:13:41.806827+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49790	104.21.64.1	80	TCP
2025-02-20T10:13:43.148942+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49795	104.21.64.1	80	TCP
2025-02-20T10:13:44.073935+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49801	104.21.64.1	80	TCP
2025-02-20T10:13:45.094096+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49807	104.21.64.1	80	TCP
2025-02-20T10:13:46.033336+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49818	104.21.64.1	80	TCP
2025-02-20T10:13:46.968048+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49824	104.21.64.1	80	TCP
2025-02-20T10:13:47.929897+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49830	104.21.64.1	80	TCP
2025-02-20T10:13:48.701328+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49836	104.21.64.1	80	TCP
2025-02-20T10:13:50.610903+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49847	104.21.64.1	80	TCP
2025-02-20T10:13:51.568236+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49853	104.21.64.1	80	TCP
2025-02-20T10:13:52.495161+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49862	104.21.64.1	80	TCP
2025-02-20T10:13:53.377278+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49870	104.21.64.1	80	TCP
2025-02-20T10:13:54.321037+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49876	104.21.64.1	80	TCP
2025-02-20T10:13:55.230212+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49882	104.21.64.1	80	TCP
2025-02-20T10:13:56.207997+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49888	104.21.64.1	80	TCP
2025-02-20T10:13:57.266815+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49897	104.21.64.1	80	TCP
2025-02-20T10:13:58.204765+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49905	104.21.64.1	80	TCP
2025-02-20T10:13:59.141185+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49911	104.21.64.1	80	TCP
2025-02-20T10:14:00.071334+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49917	104.21.64.1	80	TCP
2025-02-20T10:14:00.973860+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49923	104.21.64.1	80	TCP
2025-02-20T10:14:01.945862+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49930	104.21.64.1	80	TCP
2025-02-20T10:14:02.868865+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49938	104.21.64.1	80	TCP
2025-02-20T10:14:03.794801+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49945	104.21.64.1	80	TCP
2025-02-20T10:14:04.594593+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49951	104.21.64.1	80	TCP
2025-02-20T10:14:05.493770+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49957	104.21.64.1	80	TCP
2025-02-20T10:14:06.462040+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49964	104.21.64.1	80	TCP
2025-02-20T10:14:07.482914+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49972	104.21.64.1	80	TCP
2025-02-20T10:14:08.298686+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49978	104.21.64.1	80	TCP
2025-02-20T10:14:09.283781+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49986	104.21.64.1	80	TCP
2025-02-20T10:14:10.366846+0100	2021641	1	A Network Trojan was detected	192.168.2.5	49993	104.21.64.1	80	TCP
2025-02-20T10:14:11.240130+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50000	104.21.64.1	80	TCP
2025-02-20T10:14:12.182014+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50006	104.21.64.1	80	TCP
2025-02-20T10:14:13.201823+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50012	104.21.64.1	80	TCP
2025-02-20T10:14:14.021246+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50018	104.21.64.1	80	TCP
2025-02-20T10:14:15.756043+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50024	104.21.64.1	80	TCP
2025-02-20T10:14:16.674805+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50030	104.21.64.1	80	TCP
2025-02-20T10:14:17.569526+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50038	104.21.64.1	80	TCP
2025-02-20T10:14:19.020320+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50042	104.21.64.1	80	TCP
2025-02-20T10:14:19.945942+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50043	104.21.64.1	80	TCP
2025-02-20T10:14:20.841760+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50044	104.21.64.1	80	TCP
2025-02-20T10:14:21.767334+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50045	104.21.64.1	80	TCP
2025-02-20T10:14:22.649168+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50046	104.21.64.1	80	TCP
2025-02-20T10:14:23.582675+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50047	104.21.64.1	80	TCP
2025-02-20T10:14:24.522942+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50048	104.21.64.1	80	TCP
2025-02-20T10:14:25.451542+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50049	104.21.64.1	80	TCP
2025-02-20T10:14:26.231195+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50050	104.21.64.1	80	TCP
2025-02-20T10:14:27.139076+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50051	104.21.64.1	80	TCP
2025-02-20T10:14:28.185874+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50052	104.21.64.1	80	TCP
2025-02-20T10:14:29.082427+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50053	104.21.64.1	80	TCP
2025-02-20T10:14:30.060868+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50054	104.21.64.1	80	TCP
2025-02-20T10:14:31.224089+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50055	104.21.64.1	80	TCP
2025-02-20T10:14:32.157311+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50056	104.21.64.1	80	TCP
2025-02-20T10:14:33.112135+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50057	104.21.64.1	80	TCP
2025-02-20T10:14:33.915960+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50058	104.21.64.1	80	TCP
2025-02-20T10:14:34.806551+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50059	104.21.64.1	80	TCP
2025-02-20T10:14:35.733557+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50060	104.21.64.1	80	TCP
2025-02-20T10:14:36.564181+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50061	104.21.64.1	80	TCP
2025-02-20T10:14:37.521304+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50062	104.21.64.1	80	TCP
2025-02-20T10:14:38.475270+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50063	104.21.64.1	80	TCP
2025-02-20T10:14:39.393326+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50064	104.21.64.1	80	TCP
2025-02-20T10:14:40.221300+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50065	104.21.64.1	80	TCP
2025-02-20T10:14:41.169145+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50066	104.21.64.1	80	TCP
2025-02-20T10:14:42.097231+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50067	104.21.64.1	80	TCP
2025-02-20T10:14:43.050017+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50068	104.21.64.1	80	TCP
2025-02-20T10:14:43.969833+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50069	104.21.64.1	80	TCP
2025-02-20T10:14:44.915680+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50070	104.21.64.1	80	TCP
2025-02-20T10:14:45.869690+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50071	104.21.64.1	80	TCP
2025-02-20T10:14:46.686697+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50072	104.21.64.1	80	TCP
2025-02-20T10:14:47.500381+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50073	104.21.64.1	80	TCP
2025-02-20T10:14:48.528589+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50074	104.21.64.1	80	TCP
2025-02-20T10:14:49.438442+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50075	104.21.64.1	80	TCP
2025-02-20T10:14:50.350861+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50076	104.21.64.1	80	TCP
2025-02-20T10:14:51.351646+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50077	104.21.64.1	80	TCP
2025-02-20T10:14:52.249175+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50078	104.21.64.1	80	TCP
2025-02-20T10:14:53.218790+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50079	104.21.64.1	80	TCP
2025-02-20T10:14:54.245501+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50080	104.21.64.1	80	TCP
2025-02-20T10:14:55.081040+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50081	104.21.64.1	80	TCP
2025-02-20T10:14:55.995930+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50082	104.21.64.1	80	TCP
2025-02-20T10:14:57.043576+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50083	104.21.64.1	80	TCP
2025-02-20T10:14:58.008815+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50084	104.21.64.1	80	TCP
2025-02-20T10:14:58.963987+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50085	104.21.64.1	80	TCP
2025-02-20T10:14:59.981376+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50086	104.21.64.1	80	TCP
2025-02-20T10:15:00.914125+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50087	104.21.64.1	80	TCP
2025-02-20T10:15:01.904061+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50088	104.21.64.1	80	TCP
2025-02-20T10:15:02.875195+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50089	104.21.64.1	80	TCP
2025-02-20T10:15:03.793836+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50090	104.21.64.1	80	TCP
2025-02-20T10:15:04.720760+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50091	104.21.64.1	80	TCP
2025-02-20T10:15:05.646383+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50092	104.21.64.1	80	TCP
2025-02-20T10:15:06.633625+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50093	104.21.64.1	80	TCP
2025-02-20T10:15:09.732809+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50094	104.21.64.1	80	TCP
2025-02-20T10:15:10.683763+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50095	104.21.64.1	80	TCP
2025-02-20T10:15:11.483887+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50096	104.21.64.1	80	TCP
2025-02-20T10:15:12.412030+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50097	104.21.64.1	80	TCP
2025-02-20T10:15:13.315382+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50098	104.21.64.1	80	TCP
2025-02-20T10:15:14.385062+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50099	104.21.64.1	80	TCP
2025-02-20T10:15:15.346860+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50100	104.21.64.1	80	TCP
2025-02-20T10:15:16.273255+0100	2021641	1	A Network Trojan was detected	192.168.2.5	50101	104.21.64.1	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-20T10:13:15.081894+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49704	104.21.64.1	80	TCP
2025-02-20T10:13:16.110922+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49705	104.21.64.1	80	TCP
2025-02-20T10:13:16.975470+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49706	104.21.64.1	80	TCP
2025-02-20T10:13:17.907957+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49707	104.21.64.1	80	TCP
2025-02-20T10:13:18.829167+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49708	104.21.64.1	80	TCP
2025-02-20T10:13:19.801755+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49709	104.21.64.1	80	TCP
2025-02-20T10:13:20.696172+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49710	104.21.64.1	80	TCP
2025-02-20T10:13:21.584352+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49711	104.21.64.1	80	TCP
2025-02-20T10:13:22.669449+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49712	104.21.64.1	80	TCP
2025-02-20T10:13:23.606320+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49713	104.21.64.1	80	TCP
2025-02-20T10:13:24.526943+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49714	104.21.64.1	80	TCP
2025-02-20T10:13:25.463332+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49715	104.21.64.1	80	TCP
2025-02-20T10:13:26.389115+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49716	104.21.64.1	80	TCP
2025-02-20T10:13:27.301459+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49717	104.21.64.1	80	TCP
2025-02-20T10:13:28.240263+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49718	104.21.64.1	80	TCP
2025-02-20T10:13:29.116784+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49720	104.21.64.1	80	TCP
2025-02-20T10:13:29.990469+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49723	104.21.64.1	80	TCP
2025-02-20T10:13:30.926823+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49726	104.21.64.1	80	TCP
2025-02-20T10:13:32.833601+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49729	104.21.64.1	80	TCP
2025-02-20T10:13:33.729780+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49730	104.21.64.1	80	TCP
2025-02-20T10:13:34.627783+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49736	104.21.64.1	80	TCP
2025-02-20T10:13:35.545582+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49744	104.21.64.1	80	TCP
2025-02-20T10:13:36.502105+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49753	104.21.64.1	80	TCP
2025-02-20T10:13:37.302710+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49759	104.21.64.1	80	TCP
2025-02-20T10:13:38.218875+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49765	104.21.64.1	80	TCP
2025-02-20T10:13:39.017400+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49771	104.21.64.1	80	TCP
2025-02-20T10:13:39.956823+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49777	104.21.64.1	80	TCP
2025-02-20T10:13:40.904735+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49783	104.21.64.1	80	TCP
2025-02-20T10:13:41.806827+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49790	104.21.64.1	80	TCP
2025-02-20T10:13:43.148942+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49795	104.21.64.1	80	TCP
2025-02-20T10:13:44.073935+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49801	104.21.64.1	80	TCP
2025-02-20T10:13:45.094096+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49807	104.21.64.1	80	TCP
2025-02-20T10:13:46.033336+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49818	104.21.64.1	80	TCP
2025-02-20T10:13:46.968048+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49824	104.21.64.1	80	TCP
2025-02-20T10:13:47.929897+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49830	104.21.64.1	80	TCP
2025-02-20T10:13:48.701328+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49836	104.21.64.1	80	TCP
2025-02-20T10:13:50.610903+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49847	104.21.64.1	80	TCP
2025-02-20T10:13:51.568236+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49853	104.21.64.1	80	TCP
2025-02-20T10:13:52.495161+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49862	104.21.64.1	80	TCP
2025-02-20T10:13:53.377278+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49870	104.21.64.1	80	TCP
2025-02-20T10:13:54.321037+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49876	104.21.64.1	80	TCP
2025-02-20T10:13:55.230212+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49882	104.21.64.1	80	TCP
2025-02-20T10:13:56.207997+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49888	104.21.64.1	80	TCP
2025-02-20T10:13:57.266815+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49897	104.21.64.1	80	TCP
2025-02-20T10:13:58.204765+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49905	104.21.64.1	80	TCP
2025-02-20T10:13:59.141185+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49911	104.21.64.1	80	TCP
2025-02-20T10:14:00.071334+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49917	104.21.64.1	80	TCP
2025-02-20T10:14:00.973860+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49923	104.21.64.1	80	TCP
2025-02-20T10:14:01.945862+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49930	104.21.64.1	80	TCP
2025-02-20T10:14:02.868865+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49938	104.21.64.1	80	TCP
2025-02-20T10:14:03.794801+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49945	104.21.64.1	80	TCP
2025-02-20T10:14:04.594593+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49951	104.21.64.1	80	TCP
2025-02-20T10:14:05.493770+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49957	104.21.64.1	80	TCP
2025-02-20T10:14:06.462040+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49964	104.21.64.1	80	TCP
2025-02-20T10:14:07.482914+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49972	104.21.64.1	80	TCP
2025-02-20T10:14:08.298686+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49978	104.21.64.1	80	TCP
2025-02-20T10:14:09.283781+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49986	104.21.64.1	80	TCP
2025-02-20T10:14:10.366846+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49993	104.21.64.1	80	TCP
2025-02-20T10:14:11.240130+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50000	104.21.64.1	80	TCP
2025-02-20T10:14:12.182014+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50006	104.21.64.1	80	TCP
2025-02-20T10:14:13.201823+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50012	104.21.64.1	80	TCP
2025-02-20T10:14:14.021246+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50018	104.21.64.1	80	TCP
2025-02-20T10:14:15.756043+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50024	104.21.64.1	80	TCP
2025-02-20T10:14:16.674805+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50030	104.21.64.1	80	TCP
2025-02-20T10:14:17.569526+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50038	104.21.64.1	80	TCP
2025-02-20T10:14:19.020320+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50042	104.21.64.1	80	TCP
2025-02-20T10:14:19.945942+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50043	104.21.64.1	80	TCP
2025-02-20T10:14:20.841760+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50044	104.21.64.1	80	TCP
2025-02-20T10:14:21.767334+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50045	104.21.64.1	80	TCP
2025-02-20T10:14:22.649168+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50046	104.21.64.1	80	TCP
2025-02-20T10:14:23.582675+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50047	104.21.64.1	80	TCP
2025-02-20T10:14:24.522942+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50048	104.21.64.1	80	TCP
2025-02-20T10:14:25.451542+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50049	104.21.64.1	80	TCP
2025-02-20T10:14:26.231195+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50050	104.21.64.1	80	TCP
2025-02-20T10:14:27.139076+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50051	104.21.64.1	80	TCP
2025-02-20T10:14:28.185874+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50052	104.21.64.1	80	TCP
2025-02-20T10:14:29.082427+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50053	104.21.64.1	80	TCP
2025-02-20T10:14:30.060868+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50054	104.21.64.1	80	TCP
2025-02-20T10:14:31.224089+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50055	104.21.64.1	80	TCP
2025-02-20T10:14:32.157311+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50056	104.21.64.1	80	TCP
2025-02-20T10:14:33.112135+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50057	104.21.64.1	80	TCP
2025-02-20T10:14:33.915960+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50058	104.21.64.1	80	TCP
2025-02-20T10:14:34.806551+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50059	104.21.64.1	80	TCP
2025-02-20T10:14:35.733557+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50060	104.21.64.1	80	TCP
2025-02-20T10:14:36.564181+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50061	104.21.64.1	80	TCP
2025-02-20T10:14:37.521304+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50062	104.21.64.1	80	TCP
2025-02-20T10:14:38.475270+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50063	104.21.64.1	80	TCP
2025-02-20T10:14:39.393326+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50064	104.21.64.1	80	TCP
2025-02-20T10:14:40.221300+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50065	104.21.64.1	80	TCP
2025-02-20T10:14:41.169145+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50066	104.21.64.1	80	TCP
2025-02-20T10:14:42.097231+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50067	104.21.64.1	80	TCP
2025-02-20T10:14:43.050017+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50068	104.21.64.1	80	TCP
2025-02-20T10:14:43.969833+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50069	104.21.64.1	80	TCP
2025-02-20T10:14:44.915680+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50070	104.21.64.1	80	TCP
2025-02-20T10:14:45.869690+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50071	104.21.64.1	80	TCP
2025-02-20T10:14:46.686697+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50072	104.21.64.1	80	TCP
2025-02-20T10:14:47.500381+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50073	104.21.64.1	80	TCP
2025-02-20T10:14:48.528589+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50074	104.21.64.1	80	TCP
2025-02-20T10:14:49.438442+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50075	104.21.64.1	80	TCP
2025-02-20T10:14:50.350861+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50076	104.21.64.1	80	TCP
2025-02-20T10:14:51.351646+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50077	104.21.64.1	80	TCP
2025-02-20T10:14:52.249175+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50078	104.21.64.1	80	TCP
2025-02-20T10:14:53.218790+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50079	104.21.64.1	80	TCP
2025-02-20T10:14:54.245501+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50080	104.21.64.1	80	TCP
2025-02-20T10:14:55.081040+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50081	104.21.64.1	80	TCP
2025-02-20T10:14:55.995930+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50082	104.21.64.1	80	TCP
2025-02-20T10:14:57.043576+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50083	104.21.64.1	80	TCP
2025-02-20T10:14:58.008815+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50084	104.21.64.1	80	TCP
2025-02-20T10:14:58.963987+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50085	104.21.64.1	80	TCP
2025-02-20T10:14:59.981376+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50086	104.21.64.1	80	TCP
2025-02-20T10:15:00.914125+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50087	104.21.64.1	80	TCP
2025-02-20T10:15:01.904061+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50088	104.21.64.1	80	TCP
2025-02-20T10:15:02.875195+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50089	104.21.64.1	80	TCP
2025-02-20T10:15:03.793836+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50090	104.21.64.1	80	TCP
2025-02-20T10:15:04.720760+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50091	104.21.64.1	80	TCP
2025-02-20T10:15:05.646383+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50092	104.21.64.1	80	TCP
2025-02-20T10:15:06.633625+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50093	104.21.64.1	80	TCP
2025-02-20T10:15:09.732809+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50094	104.21.64.1	80	TCP
2025-02-20T10:15:10.683763+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50095	104.21.64.1	80	TCP
2025-02-20T10:15:11.483887+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50096	104.21.64.1	80	TCP
2025-02-20T10:15:12.412030+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50097	104.21.64.1	80	TCP
2025-02-20T10:15:13.315382+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50098	104.21.64.1	80	TCP
2025-02-20T10:15:14.385062+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50099	104.21.64.1	80	TCP
2025-02-20T10:15:15.346860+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50100	104.21.64.1	80	TCP
2025-02-20T10:15:16.273255+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50101	104.21.64.1	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://touxzw.ir/tking3/five/fre.php

Avira URL Cloud: Label: malware

Found malware configuration

Source: 2.2.svchost.exe.400000.1.raw.unpack

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Multi AV Scanner detection for submitted file

Source: Request for quotation -6001845515-XLSX.exe	ReversingLabs: Detection: 57%
Source: Request for quotation -6001845515-XLSX.exe	Virustotal: Detection: 34%			Perma Link

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: Request for quotation -6001845515-XLSX.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source:	Binary string: wntdll.pdbUGP source: Request for quotation -6001845515-XLSX.exe, 00000000.00000003.2033614224.0000000003AA0000.00000004.00001000.00020000.00000000.sdmp, Request for quotation -6001845515-XLSX.exe, 00000000.00000003.2032780991.0000000003C40000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Request for quotation -6001845515-XLSX.exe, 00000000.00000003.2033614224.0000000003AA0000.00000004.00001000.00020000.00000000.sdmp, Request for quotation -6001845515-XLSX.exe, 00000000.00000003.2032780991.0000000003C40000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: svchost.exe, svchost.exe, 00000002.00000002.3266806929.00000000001A1000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: svchost.pdbUGP source: svchost.exe, 00000002.00000002.3266806929.00000000001A1000.00000020.00000001.01000000.00000005.sdmp

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00614696 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00614696
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061C93C FindFirstFileW,FindClose,	0_2_0061C93C
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	0_2_0061C9C7
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0061F200
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0061F35D
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0061F65E
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00613A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00613A2B
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00613D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00613D4E
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0061BF27
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,	2_2_00403D74

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49744 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49744 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49710 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49744 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49710 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49710 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49708 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49708 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49708 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49720 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49713 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49713 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49713 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49706 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49706 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49706 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49709 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49709 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49709 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49729 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49712 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49726 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49712 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49818 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49726 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49726 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49729 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49710 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49729 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49824 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49710 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49704 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49704 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49704 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49726 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49744 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49726 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49744 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49709 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49818 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49709 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49818 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49715 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49715 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49765 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49830 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49765 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49765 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49704 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49729 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49729 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49818 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49720 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49720 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49712 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49836 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49830 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49830 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49765 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49765 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49712 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49712 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49795 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49720 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49713 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49720 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49705 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49759 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49795 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49759 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49708 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49713 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49818 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49795 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49830 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49708 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49759 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49830 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49759 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49759 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49777 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49777 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49777 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49795 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49795 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49777 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49777 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49818
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49713
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49830
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49765
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49836 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49836 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49712
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49717 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49717 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49717 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49836 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49717 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49717 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49836 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49777
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49888 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49888 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49888 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49711 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49717
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49715 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49888 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49888 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49744
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49824 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49715 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49715 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49708
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49790 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49706 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49790 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49790 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49706 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49707 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49882 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49801 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49801 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49801 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49790 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49807 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49790 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49911 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49911 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49801 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49911 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49801 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49807 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49807 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49705 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49824 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49807 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49716 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49807 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49824 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49930 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49930 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49930 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49938 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49716 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49716 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49753 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49714 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49714 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49824 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49714 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49930 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49938 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49716 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49716 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49888
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49930 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49714 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49938 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49801
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49951 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49951 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49951 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49945 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49945 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49945 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49911 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49938 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49911 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49807
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49938 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49716
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49945 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49705 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49736 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49882 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49705 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49824
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49707 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49790
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49930
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49707 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49723 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49736 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49723 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49723 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49736 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49723 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49723 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49957 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49957 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49882 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49706
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49882 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49882 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49911
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49993 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49993 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49993 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49736 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49711 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49707 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49707 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49957 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49951 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49993 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49993 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49938
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49986 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49736 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49986 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49718 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49986 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49723
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50012 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50012 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50012 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50012 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49753 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50024 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49951 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49964 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50012 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49986 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49957 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49957 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49986 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49707
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50038 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50038 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50024 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50030 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50030 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50038 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50024 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49847 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49847 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49847 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49964 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49972 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49972 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49882
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50038 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50038 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49847 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49847 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50051 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50051 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50044 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50052 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50052 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50052 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49964 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50051 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50050 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50052 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50052 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50024 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50044 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50024 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50044 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50051 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50051 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50044 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49753 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50057 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50057 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49718 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50044 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49718 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50012
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49718 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49718 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49847
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49736
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49753 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49714 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50057 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50065 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50065 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50065 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50064 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50065 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50065 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50057 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50057 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50064 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50024
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50064 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50049 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50049 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49957
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50030 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50049 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50064 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50050 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50064 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50050 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49972 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50050 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50050 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49711 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50030 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50030 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49711 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50052
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49972 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49972 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49964 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50049 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49964 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49711 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50064
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50066 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49753 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49853 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49853 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49853 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50071 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50071 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50071 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49853 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49853 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50078 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50049 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50083 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50083 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50083 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50086 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50065
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50075 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50075 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50075 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50083 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50083 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50088 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50088 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50075 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50075 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50091 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50066 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50066 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50057
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50071 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50071 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50086 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50066 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50066 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50051
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50074 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50074 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50094 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50074 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50094 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50094 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49986
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50088 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49771 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50086 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50083
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49714
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50074 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50074 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50068 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50086 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50086 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50060 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50088 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50088 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49905 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50079 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50043 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50043 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50043 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50092 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50068 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50092 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50068 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50078 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50094 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50093 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50093 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49771 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50049
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50045 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49771 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50079 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50079 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50092 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49771 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49771 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50092 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50092 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50078 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49711
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50060 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50060 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50094 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50006 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50078 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50078 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50060 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50060 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49730 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49730 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49730 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49905 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50045 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49945 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50045 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50091 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50091 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50045 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50070 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50058 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49730 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50058 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49730 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50093 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50070 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50070 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49964
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49905 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50093 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50093 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49905 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49905 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50070 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50070 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50091 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50091 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50045 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49945
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50038
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50046 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50058 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50068 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50006 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50068 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50047 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50047 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50000 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50000 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50000 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50071
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50006 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50076 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50076 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50076 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50058 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50058 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50006 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50006 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50076 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50076 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50047 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50000 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50000 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50079 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50079 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50092
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50078
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49771
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50072 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50047 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50072 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50060
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50088
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:49753
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50047 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50043 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50063 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50063 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50068
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50043 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50063 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50063 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50063 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50096 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50096 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50096 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50080 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50080 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50080 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50006
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50096 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50096 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49783 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49917 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49783 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49917 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49862 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50046 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49783 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.64.1:80 -> 192.168.2.5:50079
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49862 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50042 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49862 -> 104.21.64.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50042 -> 104.21.64.1:80

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\svchost.exe

Network Connect: 104.21.64.1 80

Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php

Source: Joe Sandbox View	IP Address: 104.21.64.1 104.21.64.1
Source: Joe Sandbox View	IP Address: 104.21.64.1 104.21.64.1

Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 180Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 180Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 153Connection: close

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_006225E2 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,

0_2_006225E2

Source: global traffic

DNS traffic detected: DNS query: touxzw.ir

Source: unknown

HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 180Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MV02bX%2FrIA%2BZbDSBHebdYVpWCR8wTOp8HBw6KxKDszal75e1Vd0ENXatN67l%2BcGpZJESWGby7R3E%2Fi%2BlvZuVf5ZjUN%2BgFh5lvKFKuJIyVBLvLV1vwZQMksAz5ZI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d612fdeeede93-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1549&min_rtt=1549&rtt_var=774&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=421&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TAFzxcM6RvgfyTnZUn7SSIEWtmDuyzEnl%2Fb2lizsmO2K7JDpcwPO6tlYkr2vuxwXsvvbDBByGU4wAPcxVz75U91E3tY9V%2F3EV2qAz%2BCZVUlMA9zwda5yCKV2ByY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61363ba18c47-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2218&min_rtt=2218&rtt_var=1109&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=421&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCs6nkCpcNVXC115lT0bLqEZ6pptgiS%2FJ3Q2hoskHKKA5byxdAJ14sR7FLeXsUtzxWNEepVrb3Cf0KGfWGEHmlKQVyAQIdOphgfgQS9bGxbe1gQbLFTnJNVaCUE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d613b88774345-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1578&min_rtt=1578&rtt_var=789&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=34Qbw7BYhs4pGUaCzDQ%2FDSUuF1k3CfcuK6XlsCfHQ1T%2FmxnSV4Jok27JjlYbDhXtlbf0myoRx6fYlyLB5ZqHoAaOa%2BP%2FmjUtE7NBH3pKLDPJ5%2FduGMd28ErqZKQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61416d3442aa-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1682&min_rtt=1682&rtt_var=841&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRhJDCDuZ3%2BwI3WCdaNG34bdxnpHZTGZ%2BAYvVCL9UZBYrEsYtvBgJx2afkdV2U9wS5qH8iXabRDsuhIij22PMPJxcoGBvG2ko57EavuBWXoCxsYyPT1SYxOWitY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61475f31438a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1836&min_rtt=1836&rtt_var=918&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=anmjk8QbttNWIrR%2FHHacPNB5cKEXFKFNJohj19Nmhto5EA6J5PLNAL%2BlY5HZxla2LkAPge%2BEfpFC1R5yItZGAUjs4fVdL4sRnL5GikJ80Nt%2BFWbW0obiiTgeNEM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d6158786515c3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1635&min_rtt=1635&rtt_var=817&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yg58R0xqOL%2FNXJ%2FTeYDz%2FtmXy%2FtLImBuhue4ebPVb7jynBDcdmbNl9%2BG2m5YuIpBjhs6qyxyh%2FVXd6ry%2BlbWMnYk7NSJPhzGBspuaP5%2BzdwjGIoy4VhDWfUv0OU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d615f2a794304-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1732&min_rtt=1732&rtt_var=866&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o4pBWefUBGbC0oi3pslCczyutPhXakQ6y%2FjdnGt8Slpq9kOfbD36nT97pYNEHtULqwRVKZk581vMUU6t9kX5bu6W1i1DT2kk9hUMFULL89TJpdo3s3DuZE5X1hw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d6164fe3b4372-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1689&min_rtt=1689&rtt_var=844&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=px3Bs5UntCeej9LKWgzofbeeL%2F2flQ9LE7MV8%2Ff8iIEztHtCpdqL1f9OD7M4f41ivGLwFAmXpCeDV6aHsbVjAeXrgDmVrVPqPG2FcWdHHTcI0s5%2BRxqRKtrTVcE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d616adfc77cab-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2238&min_rtt=2238&rtt_var=1119&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=196&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JGsICwKVMNTrI7kl6RWY63f7Z4DurzoNlzKxGbUe7dy835MplTL10MX9avZgASPRNUI02zcY%2BhGcZx%2BQ%2Fnte6W1Fsm1A15OM7C6I7pi8TcavKOD9R8x%2Bm6o%2B5a8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61766d8942dd-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1771&min_rtt=1771&rtt_var=885&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zxPQC65py3KUNMW3SQEsEJ78zrp0ejroFzPSLbNAlFScl7Gs%2Bak0tRbmo7KeHI6Gc2NEYPwHGhIV6EvitkpjVcGaYcHNK0RQu%2FN6y5LDUskplniIMCeIC4QIXoE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d617c1b2d6a5e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1680&min_rtt=1680&rtt_var=840&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=193&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O7J%2FsRHAZP1z%2BTvUFc6ORp9lONtQpSWiHmlCxsjiH3%2F32rYonYFbIc%2BXCG4Cp8esqnMnHTAkPGyk80wOF4CBBNbBE70jVmiz64mU1F0vo5MVJPdm9sFXfpdqfVE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d618cfc704357-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1712&min_rtt=1712&rtt_var=856&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qmKjMI9lA1vqdcetwkgpZ7kg01U5el1UarAkJmBYLHG5PicFqn13bhaKNPPGHM%2FXWvPhUAT00hU9IDulu2J6FudDwz77poviiLtXZijPtdxHY5QjmBCI0B%2BLTNg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61a9da5a4286-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1639&min_rtt=1639&rtt_var=819&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LbZ%2FKeabDYisyWXEYrX5adHFLb4dR0C9ADAL5XpuuyZcL06tiidHVae3PnZNo2QvhFZJ8hwbU5VVANiqeZAaV%2F04ZH7Op4RBTiIfARwi%2FWv1aIpw0WAhzeAIv3E%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61afbe800f63-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1505&min_rtt=1505&rtt_var=752&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8yh4zeALUpTFQLF4Sjwn4fxzbFB32Co4NhsTyizlTt6afrLJYUb0umpgwfSEl%2Bs%2B4Dzim4HWLQxQ7zYjjaaFepl6tflnVrIfI1mTrcjTMAP3ybe2AnVmQdMINVI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61b5ae6941a1-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1722&min_rtt=1722&rtt_var=861&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OnW6P8NVPHcKrHVRMWdcSYAMT1UMF%2BqtGyErosgUfxfmSzQPrRbraHpjhcw8AS8j7scaC7hlw%2B%2FwR1zWLXKb%2BFSp69miUJm%2BoluJtaXydeUpZci3szbaqOuj2tM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61c05baf43a7-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1691&min_rtt=1691&rtt_var=845&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k0fEnlpujtd35eFGbPmS7bpmzg2Wwd4nUIM7xBCB67mfA4osfjU%2FVv3kiiV%2FdeOykxu7TdfwDiSOo5Z11vHjNmlSlxSVN7zH2XBd4trAjHdGhYAiog4ZDIAZSEs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61c56b744314-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1701&min_rtt=1701&rtt_var=850&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NEAXF40ISWs6lKOQNrno5jU6%2FGK%2BnVHpGUGu5JiMn0KXMCetO%2FvUCkZz%2Fu3EZi%2BNItjSQYlO%2BZtV0XRzvc7muMF3OG%2BdAPR8tH7b62%2FgLrvn%2FDTOsN2LHgMJfDk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61cb2f546a5c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1678&min_rtt=1678&rtt_var=839&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AvY1eVuKzCvThAhd1piKNXyrII9jVH6mxwOBaaEU%2FwiIVRjM0al5YFwXvMOBlfEgtZkrICPtZw0ZznTDZheiNWjQzQldoTZkgZLAdkn%2FbU8GSVGmvBihuduRbh4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61d6dff50f71-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1649&min_rtt=1649&rtt_var=824&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AvY1eVuKzCvThAhd1piKNXyrII9jVH6mxwOBaaEU%2FwiIVRjM0al5YFwXvMOBlfEgtZkrICPtZw0ZznTDZheiNWjQzQldoTZkgZLAdkn%2FbU8GSVGmvBihuduRbh4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61d6dff50f71-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1649&min_rtt=1649&rtt_var=824&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WkYqSfInuRhVdRE6mzdFisR45ByRX7BndGzGTVHEkSKdOKnxQr9HXYNP7lHZ9YDngOzejTKqFpuW2doOqDBYqmwgeGpbs8ithrDigkNbPZkEyC6EtYAX%2BP3fjWk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61e4f98d4385-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1626&min_rtt=1626&rtt_var=813&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AQzm%2FCdtcPFfo1VJHQEdjpMTJUsXwDgDU0iQT8UY0LAuWP3R3OCxy%2BhPtx8s%2B0dveG%2BWGYQ%2FbPyHirxQF2%2FKA2mKqzs8O6hA3V1sD%2FN2UYUh1uXFn1wCaZX3Jkk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61eb49f24346-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1707&min_rtt=1707&rtt_var=853&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ckw9SoEZUBSuYBQzXSvMwX1C0ApYrFzgxCbxgQ1ZWnCcOfHyQWr12RoepfdTGV1zEkRKyxUXVf1Q%2FZV%2FKS927XOh5DeY1SABp8UgTmnHdEeLGbA1bU9m5lW%2Bfv0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61f14f2642d5-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1934&min_rtt=1934&rtt_var=967&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vShzej3z8SprNHUIut7NYzmf%2FdyxtlZSr6ujuIQA4P2MbRQrx31P8rPLHAK%2B2FuIoEfjkhcnyU4QrQhOw1yi6%2B8Ri6Yh7JxbRl6vzYka3AekVQafgJHsPoagz%2BI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61f6f99e42dd-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1738&min_rtt=1738&rtt_var=869&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=twxBdLg6g7dV1L8R9thvwA5XB%2F1%2FKXFQ7CGxMg2z2eRXsBCVTVd0jDEIAdExn69%2FS8XDq%2FlMPHu7j2sPJoEeOP6Wp4lw8r1g5rX%2FPu%2FH%2Btiq0Ul7pK0PheVdzrU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d61fcfe97440e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1618&min_rtt=1618&rtt_var=809&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jTGV0VQKTtUSvmNZY8ElSHR9kJoQTxmV7I4xu%2B7HfzMRZuYnvxY0ri%2FaGOTXOoYuI1zOC5l%2BBJXwP1fQcAu3ZNv9mIdHV5Bo85nTtflotqzyIvD5tr2e4ne5qZg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d620dcb0343ec-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1612&min_rtt=1612&rtt_var=806&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gXOgy%2BcMwpkT9vx0%2BbXecX%2Bb%2BfM5RxhOdOvl5eksCSclzj3zTcmhVKAAAciertDBYE7xpJLW%2BZDcRVAZ7SlJUgsuvquLtmD8G8ZgqO3ixI8x%2BiylLfdmbm278Rw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d621f28374398-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1674&min_rtt=1674&rtt_var=837&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b0yiKWE7sHPqiPJ7UhzZx%2B0SJLoM7uIidSPaGzvtxXV3utC%2Fl639CSLIc3JYOWnutSJY1oHflbc2%2FGb5QMN2rOtZZ3pwX6NaJFBCob0cvfV39BPkPJNaIYnmnTI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d6224fe1a5e7a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1777&min_rtt=1777&rtt_var=888&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xLeXCx1K9%2BhS8YoT7ZhCZr3YgR1kmzXtW7U9D1qCaaigZaJSmQTOl2OSrPfJuwnE7Ubu7D9kEi%2Beld5yhSaEeZVsaqk6ZT%2BMezi6qbucpnICGKFY%2Fzt390Nvlro%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d622abf2ec402-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1669&min_rtt=1669&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=181&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PD3k8rdOM7lqp1XokgIT%2Bj0sVyY6ukBjksHQCF%2Bo7OhkH5OuSm5fMIuYe1EKlcKBHTQeCjxDTaT830lM%2Bn9JBfXoY0e2wJi8hVcnlU4wy4w4oW%2BM%2BdMkij5%2BoeQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d6230cf77c32b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1608&min_rtt=1608&rtt_var=804&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9GbbfGJOkvNqLjsRCu7Zx6iDgf005Jsk6dENMQbwikJxCgt5CLoIPxUg9mlmCIpq7InDtlirWYJv3TUnN%2FKuVmsZ%2FsAhywnCsbEBbGpcNp%2Fbzw8huDhDvz1uG88%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62375f037c96-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2158&min_rtt=2158&rtt_var=1079&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vlD%2Ff2nLtUPAV99S13uRo3c%2BfFwUiRpQYXqqUf%2BYNe7ukE%2FQFwAGPryf786s5KLeWtgptzPixP8JVNklKywFzQe%2BbCt6wXTOkJ%2F3F5O2gtMAbiSRq7Rq4DXE1E4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d623d594642db-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1678&min_rtt=1678&rtt_var=839&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:13:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wc5f4r4AjxbwyNT8AMYsj0RtCcdQqfD1B7bNEuZQIAU0znNlVP0wK5DrE73lPIug3%2FZdg%2B5Mj9a2pIRdWrWQ0j73lqu%2BxNlNEF88j3w38V%2BlCwQw1uRbjXfeNI0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62431d8943f3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1638&min_rtt=1638&rtt_var=819&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hVCVcuwfb%2F2Q9OlFKq%2F%2Fy4RwgWanVlYBSSgqXeYUO%2FfbNrHAwDu2yTUVKdjNpPWXKvxHZdibwGMNFhKV%2Bo5g6wxTksIGajpT4LpASZoO7vQvO1M%2BFSyHz%2FK%2Bhq0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d624eae6541bb-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1720&min_rtt=1720&rtt_var=860&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R3g3EhxPtbkDepylKantxikzh3RkC1hoeroQToSrSLG3tCngt7H8yWopd71cakCt4K8kxURtPiyHzWUrUBoQSzmx5idRiSteKgW3v%2FrmJTtfWOeA6vsgeOmgJZw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62549d3342b9-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1852&min_rtt=1852&rtt_var=926&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=196&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UxoTMgwcwcj0%2FIwnE6pRkKzSBhFxrmsF7Vp7qr%2BgeINOeKxyxHa5sjcCVaRecNCQEsZqMpOXdPa8cpoDOXL3XR4jxMHwIn2KNVFZf6SHW5szCH%2FGkrzjkgqCiyA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d625a696043a4-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1725&min_rtt=1725&rtt_var=862&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=31yJVLLxmDWgDuUIlu3zQgqwHU5nThCP3I6Qh6%2FUXR2rqaR5i4k3PSnENPUDC4akL83Y3dJGdxlkceBGSYigGIINXTAOQI1qhmyfFam7q%2BKWR5TbJertnM1UFew%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62603b3b41e6-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1830&min_rtt=1830&rtt_var=915&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dfQTI7%2BVJYZ49d1LEuKnyZrUUUaVWIwZT9ZZMFpmqnqyt%2FsIT1KKy9hAkmUeRv%2B18SQNyMU3BBaHPSg55OYvcCB0CTPgvk%2FES15R%2BrEvAJ608lE8ovjo9AMun7A%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d626aeb2772b6-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2234&min_rtt=2234&rtt_var=1117&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nGtIzokV6CFMTv2K1590V4VbcF8ipo%2FRLKJQzD%2BKX7KKmHsHSL1uNv0LEBDJnRlLJ2tav%2Fyp5oQWR3TBKl8vZFXHX9FxGV47Y%2FAHYHIx45hwDcnLd5ITrqEGaXI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d6270effb42b5-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1674&min_rtt=1674&rtt_var=837&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hV35CIxNBn%2BfsIGJUUok1WALHXwEIhWw0OshjbNd5N29gMxuZ8OnLU2whF0AeNMyq7GAej3k%2FqH1dMbgYuxhCrkAuFfn3dr%2FaxJGxa9sCjlfT69Rq%2BoQ334SBfc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62774ccdf5fa-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1714&min_rtt=1714&rtt_var=857&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fnydvhq5GWUbmrJbzTOjZb9woRMChW%2Fgworqiu21bFyBzokUuC%2BtNYk6D8pXjqm1xvyKL9BYPRPcl%2FdmmAZsBYzzSwcUgLciOwp5qVUOI49Q2OgrKCjvh9B8fQA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d627c69b5c484-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1609&min_rtt=1609&rtt_var=804&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VFKkYFP2lm1tWXzS%2F96r4Gl9tkG9QXjZgqL33ga7zVIl1yo6%2B0rNOHIWGZC1q6B2%2BF8LWy%2F4mWFNihKPchGDgZkGOebWuseyRpHfnI85gTi5JfJJ%2BWdv8u8BV5o%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62829d2142e5-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1648&min_rtt=1648&rtt_var=824&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lca7%2BcLONmMLJZyzOJkEvh%2F5I4Eh79RK8zi12FODWkgZb3%2BXY9N%2F7g%2BJXzXrTk3atqJOY%2BqCOBksLfUBl%2FZTT8R0EjmkaZ6bcrgTvhVzTEDBTY64kUzoD8O04Zw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d628ebbb64231-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1725&min_rtt=1725&rtt_var=862&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=139&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jkL54A0uiHDo4WeJtULNPIUvx5OCp9Jpwvjfx%2Ft6xhdc%2F%2FJdUHmZYlAkfxr5kUDaiQh%2F2YKREvNoBbn%2BBXsxb9SAi%2FDOSpQ0XcXEGakQsIot5wqh%2Bjr1%2FM2aHBI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62949e66439d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1650&min_rtt=1650&rtt_var=825&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=woMavLL5Q3D8e3lL3dBUtWjP1eZ5dY2tltpY3b4qVK%2FmjbVzgSzog9TSYtO%2BoNbpQywenKaapWdV9cwVLIuT0eYRn1sIGtozdnxaKcGegxPOXmD1STXeciN8L%2Bs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d629b0832c431-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=3404&min_rtt=3404&rtt_var=1702&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UGc7UrW6zZMTAwKG3V5uaNJZbw6%2BiB6NPG6%2B8YBO6%2BrCiJHkDze9RTrRJN3EpwHr5uE%2FK3o9pJwQS48cHGEZp0VvCsFJmK3HJxx4Up2f6jB0SrMRxw1V4uh6NCE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62a018f418f2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1650&min_rtt=1650&rtt_var=825&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UGc7UrW6zZMTAwKG3V5uaNJZbw6%2BiB6NPG6%2B8YBO6%2BrCiJHkDze9RTrRJN3EpwHr5uE%2FK3o9pJwQS48cHGEZp0VvCsFJmK3HJxx4Up2f6jB0SrMRxw1V4uh6NCE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62a018f418f2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1650&min_rtt=1650&rtt_var=825&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UGc7UrW6zZMTAwKG3V5uaNJZbw6%2BiB6NPG6%2B8YBO6%2BrCiJHkDze9RTrRJN3EpwHr5uE%2FK3o9pJwQS48cHGEZp0VvCsFJmK3HJxx4Up2f6jB0SrMRxw1V4uh6NCE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62a018f418f2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1650&min_rtt=1650&rtt_var=825&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7il%2B42G8VJbmVx3Ksb9PUfe6XIE5Dsuc0RlcU3q3OhFKMcVLqisxDh20gNU7FMFX%2BIugSmv8KckPWWed1r4i9xuDfy786Rmd8MYAIwmbCmJIi1pcJJ464kEAlhY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62aaca3ade97-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1645&min_rtt=1645&rtt_var=822&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9AmIwHJ4rB%2Bf4JV64vFJUTmf6EK45x%2FhNkj5X1wcJnt9qICN9Wc3bTiHe07MBH7m5JWluSqsc3S6rGlQ0scZIHjkub0taqfp%2BIxKt%2Br0Ex9jOgzdmbmxpnnu4tE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62b649fa8c09-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2176&min_rtt=2176&rtt_var=1088&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EzvTBmp1Z%2Ff33WH1fJQUEc%2BREnBqn8r3o7vTg8LACB2Nu%2BwF38gkpTmc2ptHM4Y9xSg%2FqSwnr1hdWWeI98IdCWpg5fhHW3nzOgjlSoIJyoYz1suCIi%2BCkrhr0zk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62bf5e4a0f91-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1600&min_rtt=1600&rtt_var=800&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dmQYuP0%2BNvmoLnYBak2g%2FdGJm5a%2BmeRFlDIA1fJ94XNRYsNbV07WxN%2F5UAGUeR5u%2B7nl7GsIJfVjafITm%2FD%2By3%2B2w6mrbLw1MUY2sc0jCoultkPKJ0xEpsMuySk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62d60ff1de95-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1580&min_rtt=1580&rtt_var=790&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pffH0X8jPuiJtXidVuHy3sWopU9XTpyTv52UINlojv8E7xaIwJuhwbgQ%2FIEz09Rz5AlCiqujjQlSeXQwbfQCPMFlc5535qdgztz0GtQbaMJLdw0PFjf65kf6bDg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62dbdce7c42c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1681&min_rtt=1681&rtt_var=840&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eGjPv%2BAzTUiZ7ZbZS%2BlzItMUdOjSQgPGzZ8WVfRyaqKGiyrkzLKtPD2GVCQV59dmKrvAmj1GPB%2BHo1zmHXE%2FtacC%2B54L2aSfkDnWZbKcP1gy1t%2BaaqvKqP9OJXw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62e78f7a4367-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1660&min_rtt=1660&rtt_var=830&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GDSw9zTxWWjeMoRHOjX%2BV6nPtU%2FVH6yIJ6Yp%2FtL9FmhVUhNmI0p2cXVxqNeaaHmB7F1K3ZDfUs0%2F3ThtvKP1E7Hvru8yKPWg0P%2BDSBzgpEi30AF5zM0ZcwNpHM8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62f2190f0f4b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1633&min_rtt=1633&rtt_var=816&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aFsE4pmaXFgkh2PBb9ttQn%2FPGNzjkJXG%2FGWiI53RyZDTd94a4R70cQPSw4CqfFzw2mc%2Be57av2qmIzuAv0dy0BsJ5dwVOfklSR5FjQP9xxAHyZVt8sr%2FYmVuoX4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62f87d7b43aa-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1678&min_rtt=1678&rtt_var=839&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KX8HD%2FSJ79eY5KL%2FFSom21VMO4iAtEjCpZiW6O8iiZzqR5zcdmQaUzNItL4yDoPrZ1fCMnO9tHi9kVpYS2rKLyEpvDsNp%2F%2BKlcL2o84yFMJvV861gIy6xAomEgw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d62fe5d7f4399-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1625&min_rtt=1625&rtt_var=812&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vp0BMuW%2BJnOMT2pLjDDTWYsXOAJWtnx8c8ENIi7rwXkX1NQ5L%2BHfz9cXwAaLzuOKQSSp8oVRb46vjHhtGI%2BgL9OpuBjYXgWYnhBzQGgGnoBRqsOVoM0WnFiEC48%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63045d5e42eb-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1667&min_rtt=1667&rtt_var=833&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZT1aNkG6VquFj4%2FADNbea6sO1CXo6%2B60BlAuNYsuTTV80XQWlbIBVdX3ucYBgvf2%2BBAigNPZQjDAUE8Ew1EwJw2dCSO9%2ByzXOBpFOb5T7%2FZpj%2B%2FNTpyk7oKy1E0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d630b9a794344-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2197&min_rtt=2197&rtt_var=1098&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=135&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XkPt8GfHUfjkXz9JURS%2BRKqo%2BVUJjIHcI7B1EdQrdqOMn3F%2FGYYaUYZYb0OVK2Krp1yF7kbTTbk5Jyeqj3x1J2TeT5%2Bb1vr13Hr2dQWbSyKHlZxVchOP0tFPUB0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63117b7442d7-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2151&min_rtt=2151&rtt_var=1075&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HuW76orf4EqD%2FBSof8I7d%2Fn3C9yGUtp5Q0%2BjsdCjSshrlKiV%2FQzJ1CemrVBXQkw%2FZPAmRA8%2FwqO5s8JJXeHbunIZkvRf7G9pkMliNmDR%2FQI4qDErVulmlHcjDoo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63177c48438d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1714&min_rtt=1714&rtt_var=857&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=18hlkVJpcChhidBWZbRQi6BRAKkmzInGnkv8Wbc5wfFqF%2Ftjd1g4byLhfnfUEvgIExbJiditkffXldInuEfF1oVJmDB4BmxjDrJtrFbjPLM3lZw7igR1D03yFAc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d6321ffed43aa-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1627&min_rtt=1627&rtt_var=813&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R0J%2FZZf2qoV1AnlbcYLT2fqJahZG6u%2B4lohBnyRaU5NQG5GiZ%2FBInywgYvulDPLUf%2FVsNnwXF8NwNtNnGTc0I1EMjJRpi0TVirF7LRXA6%2F6BIN2v5e8JYLjIwDo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d6327ca2fde99-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1684&min_rtt=1684&rtt_var=842&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dU6ew%2F7ctQRU3fWDtt4lUF2P3btO5JLbvtqt84CJ8q9LgqmOeZmtytaWO3u%2F6yAVQMWwrMCe4jgSpyPI1ukGODq2Ty4X%2BxaTlnhYo5GqVLwPFc8ty3YY9NdaYLg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d632cff6a72c2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2201&min_rtt=2201&rtt_var=1100&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qej1yHtWeDd0p%2BUBwcjG0IEmIU4FuAC6%2BirDEtBJ%2BZQArwC4mdkzqvVqHbFHAgV%2Fyb53%2F5eRv7%2FmmT2zbJ1owEEGLK72yttk52QJsz7quSvdwmEwo3Pe0J9Dwo0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63331eb24302-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2144&min_rtt=2144&rtt_var=1072&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jkTaf9gvt8ggTUL4%2BiONh%2BHZJvN2W3neMaXlihFxQJx2yocjnsrA0jY8AVLbRqsDhXkty4T4wTmNEnB8DUXoDyuyl44OQcVBF%2FJqWz%2BRP8W7ywoSvILZXSAn0ek%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d633ebbf0c42a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1707&min_rtt=1707&rtt_var=853&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OkqLYVwwNv9DGAVyWJvq2bHK992yTUtsiBUeV1TWuWpYqP4JTfokkfmb%2B%2BWyHgs%2BnbhGSUHFs6hb1YOJBPsRcgi7t2upGl%2BmFNcqUz%2BgxsCQdiEp9QfyLfhYhMU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d6343cfaf7c88-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2261&min_rtt=2261&rtt_var=1130&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RsDVGntQnANZhqXBKDND5D28tZiK0oI4TMRMr%2FvTMLhUzxZ2HrAASdJVzNZkvXqIhQwNb7lB4l78AdPGDEKIUbXFrSZRq76di3hK8GGU0%2BSblJ4u0yVhl3NxbEU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d634f9bf243ca-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1702&min_rtt=1702&rtt_var=851&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LSQGHopynN7PFOpaCBGVZMSB35zEgfYa0VYdjML7HwI5hXdDqPsfoNj%2BAdAzarjcjD5FNTpvDnMmazjwJZJZy7gkQVSd2KBs9LWeknccCRpX5%2FMxsq%2Bwam%2BIOro%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63558d1f0ca2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1549&min_rtt=1549&rtt_var=774&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=82&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22WrEJC4iceAEnvRh9YxwGx7F9ZXUyGDu1M4MVsBWCZankIjm5HaFEc62BwO5AQLN%2B4dj31sy9Dm%2B246grPHhETBXr%2F51d5EnB6CmVCl4BvhtOu3phkYT%2Be7Sgk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d635b4fee6a52-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1900&min_rtt=1900&rtt_var=950&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EMUsXa4x78YcmSwnoLYfxRyDCTVpStzRxUIJCSNVmZk8vU%2FNv08MY00ln%2B1bYazDK5vCQebi7Vx8rWaPwJDXrvBMkod8Swl5mUPbJSL6ieDJ1shNqI2MtzqINM8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63612b6142cf-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1726&min_rtt=1726&rtt_var=863&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GhYqOReFhLwdeJNiCpFkDc9R26UP48qsQxLGzUKcQJbayXNWGZTic46t7qlYW%2B%2FTz83zyqFhAhHFem0c77Vjc%2Blb14N50g5pLURzsZO33bryAP1QXkb1qTakvV4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d6367497d4264-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1638&min_rtt=1638&rtt_var=819&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pddr4KF4vbD%2BzMdEwuCQhpVQmme2qp9nqJtAqzaXO8jdVlLBqufj7P5cjDLZky6NIJU8Dy7mn3orWlmo4%2FUdcFtuTqy5j25tjQMFB8RZUMwWiuJ3EGWbZm7F03M%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d636c3ef543be-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1666&min_rtt=1666&rtt_var=833&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jj02a4CvCKpdwC6VfplJrvW4h6FplKaknDTmuXptAZU%2FHLrZ%2B895xVL95dFzwDayJFK1Mlxs9X01OpSSWRqzGKMrxLvSJOlK0tMFsi6UZwoc8V6UpAGHQN6qso0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d637159b14319-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1689&min_rtt=1689&rtt_var=844&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E9VEDxlasiMrXO1Wy66E6JRV5PhSLDOpLH9rfsIFVjGGByx56xHYYe1XwQMvJWTktyEAoFasLvj%2Fbt7TNAXs0fv2GeaUyQos7eaXO4Eo1Pdh9IXlb5x%2BKeTbutk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d638f2d0e0f69-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1673&min_rtt=1673&rtt_var=836&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WMiU6rEy31YmcsTflDxB2tJs3WxFLYsbP91WMLYc%2FcXPwZ%2BXdnnhP5kbCQbuvjCV7PLICPnW%2BwKbHuOnXC4J1B3MT%2Bev3v%2F7fauTKPHU%2FFe7yN9p5Md4VkbReOw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63951e9a426d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1600&min_rtt=1600&rtt_var=800&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ziak7BuzYGI18NGiILLcdRHQ25fIUGUuD4kaEGjLjedFCNMWg8jXvSPza9unLYNvRF2j1l5nVW13W9%2BpuwRVFrHvbHSQPxyEpOxI3ATENngkRZNkQT2rM9qeTwY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d639b8af95e5f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1671&min_rtt=1671&rtt_var=835&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nMaCu3hP%2BBuvTGYYyRJbJNCPQ7so9oxfOjV6wP01mGccHXDQWc4Gb9qiUomMuvJGeMi5aNUYJn3w85%2FiBIVQ3K1uDCP2c6mETUjW%2FhfqmxKpAjL%2FbHtiGe00hos%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63ad0cb1c434-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1639&min_rtt=1639&rtt_var=819&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:14:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2FsmJXsuGKQagtRj57Ekp9SENbDEIzRi3rYsnCqx3UCZbFOsBp5BI3JnWf3qiCIV7E2iu%2F3vXcADq88dhwFa1bHMsl%2Fo3nmfjfTnoT7kT%2FcsGP2f8f7flX1CSsc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63b32ce842ab-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1691&min_rtt=1691&rtt_var=845&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:15:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QKf6Uvo4lLg8oKwynKIJXV7JCRi4ccj7%2BsN1VufF5umPUu%2FR2MpQtqhZI5PTNvKnCL86NV2ET%2FBcKg6tzM%2Frwj1OYZaU%2B7PkWUj00a3dorMLztUq5HaRgKaEj0w%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63c53dd94367-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1951&min_rtt=1951&rtt_var=975&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:15:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ae5i%2FHT%2FOGh%2Frh8qaw8f7gJ9I2Jzt55wlinWGN3LHEeeQtXZDbMIMQmTwLrQCEo%2FZoNzL%2BBmfp4wlvCnoBE%2Bkg6U3pVW3OwOWA%2FZQIrPTm%2FjxIQPtHF%2F7wnRB70%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63cb79a40f9f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1706&min_rtt=1706&rtt_var=853&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:15:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KIXChAvYqw1Lj%2FxjN4nRwyf15zo5RhQYFI8eMQkNX2jaQkGiAHgvSx6Qb8skjJmDBCJpX4uTRHLHw89rans%2BZIMlF0cM33jdQobTe4uMRkpuKbzK2t2WWFQvHpw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d63e2bd9a4217-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1643&min_rtt=1643&rtt_var=821&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:15:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oKRTkSmCHx%2FaITqATOGA892QjLUI2Vcq4UPvnROYLqGcEWoktoBMz0o3TI2ziINW2P8spOIcGGrAaLxNXxdYcKlyTsd%2Bn2rKKsqECxZgHtjTmR7pd3dK8uyBZGE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d64023f3b41d3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1689&min_rtt=1689&rtt_var=844&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=155&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:15:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TLf4aI1KlHYmq355OZq%2F9iTwAzefUATM28mP0JWANWktxZRZKa1QwVszDHUt9ayXnUQMztjJbcRuGgypKNkbdRnXeg9eYc6z0ZdAgh80OyP1%2BugdK6Bxa0lw0p4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d64074eed43a5-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1627&min_rtt=1627&rtt_var=813&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:15:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gPW1JWl9ayd64tYv4P%2BVDTqUsvPB%2Fud4%2Fc1fURqLcZhwokz1f30h7F6LRg0FM7Bqk3Dm1wtrypQcpgVqXHfvQzbPKRuVVu8jB9C3913n0luZiiyiHMaOhW9FsHw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d64196ce3433a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1867&min_rtt=1867&rtt_var=933&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=146&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:15:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R8iuiGpRACynqUmowwLGmwpM6xLLYy9NV5LBBWLsB0d0xWYcFLRSCo1rxblWreuCcC4v58c2fVzeVkrmghUigNggmJ7DVsoSQt2HLrXR3ZiO1cl7nMLQ3PN1ksQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d641f69e2c344-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1665&min_rtt=1665&rtt_var=832&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Feb 2025 09:15:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=di7ja%2Fn%2FIMnkK8RkRw0ZInd3pZjCmtJT%2Bg6zn6FA%2BAGuznXTOPX%2FBji2AoateWeHy7qqaEARDJ%2FD9fr%2Fef%2BhJdsYCI3WWTL7Q%2FsHwI1pWIuU254PtUaCKI0wKaU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 914d642528a94239-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1696&min_rtt=1696&rtt_var=848&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: svchost.exe, svchost.exe, 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp

String found in binary or memory: http://www.ibsensoftware.com/

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_0062425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_0062425A

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_00624458 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00624458

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

0_2_0062425A

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_00610219 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,

0_2_00610219

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_0063CDAC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_0063CDAC

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: Process Memory Space: Request for quotation -6001845515-XLSX.exe PID: 5588, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: svchost.exe PID: 4672, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Binary is likely a compiled AutoIt script file

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: This is a third-party compiled AutoIt script.	0_2_005B3B4C
Source: Request for quotation -6001845515-XLSX.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: Request for quotation -6001845515-XLSX.exe, 00000000.00000002.2035263958.0000000000665000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_cb9efca6-7
Source: Request for quotation -6001845515-XLSX.exe, 00000000.00000002.2035263958.0000000000665000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_ac41fc84-8
Source: Request for quotation -6001845515-XLSX.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_f5b162ee-3
Source: Request for quotation -6001845515-XLSX.exe	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_03d9b22b-9

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Request for quotation -6001845515-XLSX.exe

Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A2720 RegOpenKeyExW,RegOpenKeyExW,RegOpenKeyExW,RegCloseKey,RegCloseKey,HeapAlloc,RegQueryValueExW,ExpandEnvironmentStringsW,LCMapStringW,RegQueryValueExW,HeapFree,AcquireSRWLockShared,ReleaseSRWLockShared,HeapAlloc,memcpy,memcpy,AcquireSRWLockExclusive,ReleaseSRWLockExclusive,RegGetValueW,ActivateActCtx,LoadLibraryExW,MultiByteToWideChar,RtlRunOnceExecuteOnce,NtQuerySystemInformation,GetProcAddress,DeactivateActCtx,ActivateActCtx,MultiByteToWideChar,RtlRunOnceExecuteOnce,NtQuerySystemInformation,GetProcAddress,DeactivateActCtx,ActivateActCtx,MultiByteToWideChar,RtlRunOnceExecuteOnce,NtQuerySystemInformation,GetProcAddress,DeactivateActCtx,RegCloseKey,HeapAlloc,RegGetValueW,WideCharToMultiByte,HeapAlloc,WideCharToMultiByte,HeapFree,ExpandEnvironmentStringsW,HeapFree,CreateActCtxW,GetLastError,HeapFree,HeapFree,GetLastError,CreateActCtxW,GetLastError,ReleaseActCtx,GetLastError,GetLastError,RtlNtStatusToDosError,GetLastError,LoadLibraryExW,RtlNtStatusToDosError,LoadLibraryExW,RtlNtStatusToDosError,HeapFree,ReleaseActCtx,	2_2_001A2720
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A3540 RtlImageNtHeader,RpcMgmtSetServerStackSize,I_RpcServerDisableExceptionFilter,RtlSetProcessIsCritical,SetProcessMitigationPolicy,SetProcessMitigationPolicy,SetProcessMitigationPolicy,SetProtectedPolicy,HeapSetInformation,NtSetInformationProcess,	2_2_001A3540
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A33C0 NtSetInformationProcess,SetUnhandledExceptionFilter,SetErrorMode,GetProcessHeap,InitializeSRWLock,InitializeSRWLock,RegDisablePredefinedCacheEx,EtwEventRegister,GetCommandLineW,memset,GetCurrentProcess,NtSetInformationProcess,HeapFree,HeapFree,ExitProcess,GetCurrentProcess,SetProcessAffinityUpdateMode,	2_2_001A33C0

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_00614021: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00614021

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_00608858 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00608858

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_0061545F ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_0061545F

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005BE800	0_2_005BE800
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005DDBB5	0_2_005DDBB5
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0063804A	0_2_0063804A
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005BE060	0_2_005BE060
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005C4140	0_2_005C4140
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005D2405	0_2_005D2405
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005E6522	0_2_005E6522
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00630665	0_2_00630665
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005E267E	0_2_005E267E
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005C6843	0_2_005C6843
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005D283A	0_2_005D283A
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005E89DF	0_2_005E89DF
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005C8A0E	0_2_005C8A0E
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00630AE2	0_2_00630AE2
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005E6A94	0_2_005E6A94
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0060EB07	0_2_0060EB07
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00618B13	0_2_00618B13
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005DCD61	0_2_005DCD61
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005E7006	0_2_005E7006
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005C710E	0_2_005C710E
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005C3190	0_2_005C3190
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005B1287	0_2_005B1287
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005D33C7	0_2_005D33C7
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005DF419	0_2_005DF419
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005D16C4	0_2_005D16C4
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005C5680	0_2_005C5680
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005D78D3	0_2_005D78D3
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005C58C0	0_2_005C58C0
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005D1BB8	0_2_005D1BB8
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005E9D05	0_2_005E9D05
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005BFE40	0_2_005BFE40
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005D1FD0	0_2_005D1FD0
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005DBFE6	0_2_005DBFE6
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_012E4710	0_2_012E4710
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A2720	2_2_001A2720
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0040549C	2_2_0040549C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_004029D4	2_2_004029D4

Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 00405B6F appears 42 times
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: String function: 005D0D27 appears 70 times
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: String function: 005B7F41 appears 35 times
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: String function: 005D8B40 appears 42 times

Source: Request for quotation -6001845515-XLSX.exe, 00000000.00000003.2031616756.0000000003B13000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Request for quotation -6001845515-XLSX.exe
Source: Request for quotation -6001845515-XLSX.exe, 00000000.00000003.2033333763.0000000003D6D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Request for quotation -6001845515-XLSX.exe

Source: Request for quotation -6001845515-XLSX.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: Process Memory Space: Request for quotation -6001845515-XLSX.exe PID: 5588, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: svchost.exe PID: 4672, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/6@1/1

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_0061A2D5 GetLastError,FormatMessageW,

0_2_0061A2D5

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00608713 AdjustTokenPrivileges,CloseHandle,	0_2_00608713
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00608CC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,	0_2_00608CC3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,	2_2_0040650A

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_0061B59E SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_0061B59E

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_0062F121 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_0062F121

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_0061C602 CoInitialize,CoCreateInstance,CoUninitialize,

0_2_0061C602

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005B4FE9 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_005B4FE9

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_001A3360 I_RegisterSvchostNotificationCallback,StartServiceCtrlDispatcherW,ExitProcess,

2_2_001A3360

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_001A3360 I_RegisterSvchostNotificationCallback,StartServiceCtrlDispatcherW,ExitProcess,

2_2_001A3360

Source: C:\Windows\SysWOW64\svchost.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06

Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

File created: C:\Users\user\AppData\Local\Temp\aut5966.tmp

Jump to behavior

Source: Request for quotation -6001845515-XLSX.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: svchost.exe, 00000002.00000003.2034327995.0000000004E55000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Request for quotation -6001845515-XLSX.exe	ReversingLabs: Detection: 57%
Source: Request for quotation -6001845515-XLSX.exe	Virustotal: Detection: 34%

Source: unknown	Process created: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe"
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe"
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: Request for quotation -6001845515-XLSX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Request for quotation -6001845515-XLSX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Request for quotation -6001845515-XLSX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Request for quotation -6001845515-XLSX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Request for quotation -6001845515-XLSX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Request for quotation -6001845515-XLSX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Request for quotation -6001845515-XLSX.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wntdll.pdbUGP source: Request for quotation -6001845515-XLSX.exe, 00000000.00000003.2033614224.0000000003AA0000.00000004.00001000.00020000.00000000.sdmp, Request for quotation -6001845515-XLSX.exe, 00000000.00000003.2032780991.0000000003C40000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Request for quotation -6001845515-XLSX.exe, 00000000.00000003.2033614224.0000000003AA0000.00000004.00001000.00020000.00000000.sdmp, Request for quotation -6001845515-XLSX.exe, 00000000.00000003.2032780991.0000000003C40000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: svchost.exe, svchost.exe, 00000002.00000002.3266806929.00000000001A1000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: svchost.pdbUGP source: svchost.exe, 00000002.00000002.3266806929.00000000001A1000.00000020.00000001.01000000.00000005.sdmp

Source: Request for quotation -6001845515-XLSX.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Request for quotation -6001845515-XLSX.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Request for quotation -6001845515-XLSX.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Request for quotation -6001845515-XLSX.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Request for quotation -6001845515-XLSX.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Yara detected aPLib compressed binary

Source: Yara match	File source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Request for quotation -6001845515-XLSX.exe PID: 5588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost.exe PID: 4672, type: MEMORYSTR

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_0062C304 LoadLibraryA,GetProcAddress,

0_2_0062C304

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005D8B85 push ecx; ret	0_2_005D8B98
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00402AC0 push eax; ret	2_2_00402AD4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00402AC0 push eax; ret	2_2_00402AFC

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_001A3360 I_RegisterSvchostNotificationCallback,StartServiceCtrlDispatcherW,ExitProcess,

2_2_001A3360

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005B4A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_005B4A35
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_006355FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_006355FD

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005D33C7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_005D33C7

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

API/Special instruction interceptor: Address: 12E4334

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_0-100564

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

API coverage: 4.6 %

Source: C:\Windows\SysWOW64\svchost.exe TID: 6368

Thread sleep time: -480000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00614696 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00614696
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061C93C FindFirstFileW,FindClose,	0_2_0061C93C
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	0_2_0061C9C7
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0061F200
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0061F35D
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0061F65E
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00613A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00613A2B
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00613D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00613D4E
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_0061BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0061BF27
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,	2_2_00403D74

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005B4AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_005B4AFE

Source: C:\Windows\SysWOW64\svchost.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: svchost.exe, 00000002.00000002.3267257014.0000000002E00000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

API call chain: ExitProcess graph end node

graph_0-97734

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_006241FD BlockInput,

0_2_006241FD

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005B3B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_005B3B4C

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005E5CCC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_005E5CCC

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_0062C304 LoadLibraryA,GetProcAddress,

0_2_0062C304

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_012E45A0 mov eax, dword ptr fs:[00000030h]	0_2_012E45A0
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_012E4600 mov eax, dword ptr fs:[00000030h]	0_2_012E4600
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_012E2F90 mov eax, dword ptr fs:[00000030h]	0_2_012E2F90
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A4610 mov eax, dword ptr fs:[00000030h]	2_2_001A4610
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A4610 mov eax, dword ptr fs:[00000030h]	2_2_001A4610
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A4610 mov eax, dword ptr fs:[00000030h]	2_2_001A4610
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A4610 mov eax, dword ptr fs:[00000030h]	2_2_001A4610
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A4410 mov eax, dword ptr fs:[00000030h]	2_2_001A4410
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A4410 mov eax, dword ptr fs:[00000030h]	2_2_001A4410
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A56A0 mov eax, dword ptr fs:[00000030h]	2_2_001A56A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A56A0 mov ecx, dword ptr fs:[00000030h]	2_2_001A56A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A3540 mov eax, dword ptr fs:[00000030h]	2_2_001A3540
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A3540 mov eax, dword ptr fs:[00000030h]	2_2_001A3540
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A3540 mov eax, dword ptr fs:[00000030h]	2_2_001A3540
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A3060 mov eax, dword ptr fs:[00000030h]	2_2_001A3060
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A3060 mov eax, dword ptr fs:[00000030h]	2_2_001A3060
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A3060 mov eax, dword ptr fs:[00000030h]	2_2_001A3060
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A3060 mov eax, dword ptr fs:[00000030h]	2_2_001A3060
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0040317B mov eax, dword ptr fs:[00000030h]	2_2_0040317B

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_006081F7 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,

0_2_006081F7

Source: C:\Windows\SysWOW64\svchost.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005DA364 SetUnhandledExceptionFilter,	0_2_005DA364
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_005DA395 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_005DA395
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A5848 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_001A5848
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A33C0 NtSetInformationProcess,SetUnhandledExceptionFilter,SetErrorMode,GetProcessHeap,InitializeSRWLock,InitializeSRWLock,RegDisablePredefinedCacheEx,EtwEventRegister,GetCommandLineW,memset,GetCurrentProcess,NtSetInformationProcess,HeapFree,HeapFree,ExitProcess,GetCurrentProcess,SetProcessAffinityUpdateMode,	2_2_001A33C0

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\svchost.exe

Network Connect: 104.21.64.1 80

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Section loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and write

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Memory written: C:\Windows\SysWOW64\svchost.exe base: 2AD2008

Jump to behavior

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_00608C93 LogonUserW,

0_2_00608C93

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005B3B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_005B3B4C

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005B4A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,

0_2_005B4A35

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_00614EF5 mouse_event,

0_2_00614EF5

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe"

Jump to behavior

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

0_2_006081F7

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_00614C03 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00614C03

Source: Request for quotation -6001845515-XLSX.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: Request for quotation -6001845515-XLSX.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005D886B cpuid

0_2_005D886B

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005E50D7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_005E50D7

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005F2230 GetUserNameW,

0_2_005F2230

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005E418A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_005E418A

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe

Code function: 0_2_005B4AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_005B4AFE

Source: C:\Windows\SysWOW64\svchost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Request for quotation -6001845515-XLSX.exe PID: 5588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost.exe PID: 4672, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000002.00000002.3267274948.0000000002E12000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\SysWOW64\svchost.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\svchost.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\SysWOW64\svchost.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\svchost.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Windows\SysWOW64\svchost.exe	Code function: PopPassword		2_2_0040D069
Source: C:\Windows\SysWOW64\svchost.exe	Code function: SmtpPassword		2_2_0040D069

Source: Request for quotation -6001845515-XLSX.exe	Binary or memory string: WIN_81
Source: Request for quotation -6001845515-XLSX.exe	Binary or memory string: WIN_XP
Source: Request for quotation -6001845515-XLSX.exe	Binary or memory string: WIN_XPe
Source: Request for quotation -6001845515-XLSX.exe	Binary or memory string: WIN_VISTA
Source: Request for quotation -6001845515-XLSX.exe	Binary or memory string: WIN_7
Source: Request for quotation -6001845515-XLSX.exe	Binary or memory string: WIN_8
Source: Request for quotation -6001845515-XLSX.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 5USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

Source: Yara match	File source: 0.2.Request for quotation -6001845515-XLSX.exe.3600000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2038105122.0000000003600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3266863226.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00626596 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,	0_2_00626596
Source: C:\Users\user\Desktop\Request for quotation -6001845515-XLSX.exe	Code function: 0_2_00626A5A socket,WSAGetLastError,bind,WSAGetLastError,closesocket,	0_2_00626A5A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A6BB0 RpcServerUnregisterIfEx,EnterCriticalSection,RpcMgmtStopServerListening,RpcMgmtWaitServerListen,LeaveCriticalSection,I_RpcMapWin32Status,	2_2_001A6BB0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A6AF0 EnterCriticalSection,RpcServerListen,LeaveCriticalSection,I_RpcMapWin32Status,	2_2_001A6AF0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_001A6B60 RpcServerUnregisterIf,EnterCriticalSection,RpcMgmtStopServerListening,RpcMgmtWaitServerListen,LeaveCriticalSection,I_RpcMapWin32Status,	2_2_001A6B60

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	2 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	2 Service Execution	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	2 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	3 Windows Service	2 Valid Accounts	2 Obfuscated Files or Information	2 Credentials in Registry	1 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	117 System Information Discovery	Distributed Component Object Model	21 Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	3 Windows Service	1 Masquerading	LSA Secrets	131 Security Software Discovery	SSH	3 Clipboard Data	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	312 Process Injection	2 Valid Accounts	Cached Domain Credentials	11 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Virtualization/Sandbox Evasion	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	21 Access Token Manipulation	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	312 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Request for quotation -6001845515-XLSX.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
Request for quotation -6001845515-XLSX.exe