Edit tour

Windows Analysis Report
Z6hL5LKAX4.exe

Overview

General Information

Sample name:	Z6hL5LKAX4.exe renamed because original name is a hash value
Original sample name:	35eb283a5c0de6121bff7240d4b18b1f.exe
Analysis ID:	1621690
MD5:	35eb283a5c0de6121bff7240d4b18b1f
SHA1:	9e52d60910a938cadbedf32601fe135392e7213f
SHA256:	2f048f2a0606486cabeeaf6950807615b77d2897c02791f2e76bc0d63e31a619
Tags:	exeLokiuser-abuse_ch
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Lokibot

C2 URLs / IPs found in malware configuration

Joe Sandbox ML detected suspicious sample

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Yara detected aPLib compressed binary

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Z6hL5LKAX4.exe (PID: 2080 cmdline: "C:\Users\user\Desktop\Z6hL5LKAX4.exe" MD5: 35EB283A5C0DE6121BFF7240D4B18B1F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://0xmrmagnezi.github.io/malware%20analysis/LokiBot/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Z6hL5LKAX4.exe	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Z6hL5LKAX4.exe	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Z6hL5LKAX4.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Z6hL5LKAX4.exe	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Z6hL5LKAX4.exe	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
Z6hL5LKAX4.exe	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
Z6hL5LKAX4.exe	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Z6hL5LKAX4.exe	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
Click to see the 3 entries

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.1706955457.0000000000401000.00000020.00000001.01000000.00000003.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x43bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.2961697572.0000000000401000.00000020.00000001.01000000.00000005.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x43bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.2961716717.0000000000415000.00000002.00000001.01000000.00000005.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.2961716717.0000000000415000.00000002.00000001.01000000.00000005.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.2961716717.0000000000415000.00000002.00000001.01000000.00000005.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2961716717.0000000000415000.00000002.00000001.01000000.00000005.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x37f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000000.1706982278.0000000000415000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000000.1706982278.0000000000415000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000000.1706982278.0000000000415000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000000.1706982278.0000000000415000.00000002.00000001.01000000.00000003.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x37f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.2961825798.000000000067E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: Z6hL5LKAX4.exe PID: 2080	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: Z6hL5LKAX4.exe PID: 2080	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: Z6hL5LKAX4.exe PID: 2080	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: Z6hL5LKAX4.exe PID: 2080	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x6396:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x9a36:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 10 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.Z6hL5LKAX4.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.0.Z6hL5LKAX4.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.0.Z6hL5LKAX4.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.Z6hL5LKAX4.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.0.Z6hL5LKAX4.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.0.Z6hL5LKAX4.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.0.Z6hL5LKAX4.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.0.Z6hL5LKAX4.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.Z6hL5LKAX4.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.Z6hL5LKAX4.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Z6hL5LKAX4.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Z6hL5LKAX4.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Z6hL5LKAX4.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Z6hL5LKAX4.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.Z6hL5LKAX4.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Z6hL5LKAX4.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
Click to see the 11 entries

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-22T08:21:19.097566+0100	2024312	1	A Network Trojan was detected	192.168.2.4	49731	172.67.186.47	80	TCP
2025-02-22T08:21:20.664051+0100	2024312	1	A Network Trojan was detected	192.168.2.4	49732	172.67.186.47	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-22T08:21:18.416954+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49731	172.67.186.47	80	TCP
2025-02-22T08:21:19.542515+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49732	172.67.186.47	80	TCP
2025-02-22T08:21:20.742356+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49733	172.67.186.47	80	TCP
2025-02-22T08:21:21.556777+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49734	172.67.186.47	80	TCP
2025-02-22T08:21:22.380103+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49735	172.67.186.47	80	TCP
2025-02-22T08:21:23.664348+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49736	172.67.186.47	80	TCP
2025-02-22T08:21:24.506386+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49737	172.67.186.47	80	TCP
2025-02-22T08:21:25.364782+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49738	172.67.186.47	80	TCP
2025-02-22T08:21:26.193601+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49739	172.67.186.47	80	TCP
2025-02-22T08:21:27.097505+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49740	172.67.186.47	80	TCP
2025-02-22T08:21:27.920624+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49741	172.67.186.47	80	TCP
2025-02-22T08:21:28.754765+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49742	172.67.186.47	80	TCP
2025-02-22T08:21:29.615303+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49743	172.67.186.47	80	TCP
2025-02-22T08:21:30.919136+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49744	172.67.186.47	80	TCP
2025-02-22T08:21:31.945819+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49745	172.67.186.47	80	TCP
2025-02-22T08:21:32.764985+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49746	172.67.186.47	80	TCP
2025-02-22T08:21:34.758306+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49748	172.67.186.47	80	TCP
2025-02-22T08:21:36.652614+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49753	172.67.186.47	80	TCP
2025-02-22T08:21:37.544416+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49755	172.67.186.47	80	TCP
2025-02-22T08:21:38.835849+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49756	172.67.186.47	80	TCP
2025-02-22T08:21:39.663696+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49757	172.67.186.47	80	TCP
2025-02-22T08:21:41.022292+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49758	172.67.186.47	80	TCP
2025-02-22T08:21:42.360021+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49759	172.67.186.47	80	TCP
2025-02-22T08:21:43.678082+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49760	172.67.186.47	80	TCP
2025-02-22T08:21:44.561522+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49761	172.67.186.47	80	TCP
2025-02-22T08:21:45.848888+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49762	172.67.186.47	80	TCP
2025-02-22T08:21:46.675526+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49763	172.67.186.47	80	TCP
2025-02-22T08:21:47.958157+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49764	172.67.186.47	80	TCP
2025-02-22T08:21:49.255799+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49765	172.67.186.47	80	TCP
2025-02-22T08:21:50.083561+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49766	172.67.186.47	80	TCP
2025-02-22T08:21:52.009432+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49767	172.67.186.47	80	TCP
2025-02-22T08:21:53.306805+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49768	172.67.186.47	80	TCP
2025-02-22T08:21:54.643549+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49769	172.67.186.47	80	TCP
2025-02-22T08:21:55.475286+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49770	172.67.186.47	80	TCP
2025-02-22T08:21:56.305186+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49771	172.67.186.47	80	TCP
2025-02-22T08:21:57.602365+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49772	172.67.186.47	80	TCP
2025-02-22T08:21:58.417313+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49773	172.67.186.47	80	TCP
2025-02-22T08:21:59.243592+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49774	172.67.186.47	80	TCP
2025-02-22T08:22:00.540301+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49775	172.67.186.47	80	TCP
2025-02-22T08:22:01.835795+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49776	172.67.186.47	80	TCP
2025-02-22T08:22:02.686289+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49777	172.67.186.47	80	TCP
2025-02-22T08:22:03.543583+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49778	172.67.186.47	80	TCP
2025-02-22T08:22:04.426265+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49779	172.67.186.47	80	TCP
2025-02-22T08:22:05.759377+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49780	172.67.186.47	80	TCP
2025-02-22T08:22:06.621894+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49781	172.67.186.47	80	TCP
2025-02-22T08:22:07.476803+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49782	172.67.186.47	80	TCP
2025-02-22T08:22:08.342052+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49783	172.67.186.47	80	TCP
2025-02-22T08:22:09.142158+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49784	172.67.186.47	80	TCP
2025-02-22T08:22:10.979768+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49785	172.67.186.47	80	TCP
2025-02-22T08:22:11.834247+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49787	172.67.186.47	80	TCP
2025-02-22T08:22:12.660602+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49794	172.67.186.47	80	TCP
2025-02-22T08:22:13.498248+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49800	172.67.186.47	80	TCP
2025-02-22T08:22:14.515932+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49807	172.67.186.47	80	TCP
2025-02-22T08:22:15.853194+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49817	172.67.186.47	80	TCP
2025-02-22T08:22:17.489265+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49828	172.67.186.47	80	TCP
2025-02-22T08:22:18.300941+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49835	172.67.186.47	80	TCP
2025-02-22T08:22:19.131794+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49844	172.67.186.47	80	TCP
2025-02-22T08:22:20.000180+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49850	172.67.186.47	80	TCP
2025-02-22T08:22:21.365771+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49859	172.67.186.47	80	TCP
2025-02-22T08:22:22.199879+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49866	172.67.186.47	80	TCP
2025-02-22T08:22:23.026196+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49872	172.67.186.47	80	TCP
2025-02-22T08:22:23.850252+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49877	172.67.186.47	80	TCP
2025-02-22T08:22:24.908463+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49884	172.67.186.47	80	TCP
2025-02-22T08:22:26.757072+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49896	172.67.186.47	80	TCP
2025-02-22T08:22:27.561924+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49901	172.67.186.47	80	TCP
2025-02-22T08:22:29.486702+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49915	172.67.186.47	80	TCP
2025-02-22T08:22:30.327290+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49922	172.67.186.47	80	TCP
2025-02-22T08:22:31.178538+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49928	172.67.186.47	80	TCP
2025-02-22T08:22:32.530880+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49935	172.67.186.47	80	TCP
2025-02-22T08:22:33.367595+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49941	172.67.186.47	80	TCP
2025-02-22T08:22:34.208276+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49948	172.67.186.47	80	TCP
2025-02-22T08:22:35.495290+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49955	172.67.186.47	80	TCP
2025-02-22T08:22:36.789577+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49966	172.67.186.47	80	TCP
2025-02-22T08:22:37.633157+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49972	172.67.186.47	80	TCP
2025-02-22T08:22:38.949865+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49982	172.67.186.47	80	TCP
2025-02-22T08:22:40.612011+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49994	172.67.186.47	80	TCP
2025-02-22T08:22:41.428640+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50000	172.67.186.47	80	TCP
2025-02-22T08:22:42.756832+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50011	172.67.186.47	80	TCP
2025-02-22T08:22:43.559491+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50016	172.67.186.47	80	TCP
2025-02-22T08:22:44.819742+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50025	172.67.186.47	80	TCP
2025-02-22T08:22:45.806137+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50034	172.67.186.47	80	TCP
2025-02-22T08:22:47.636573+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50045	172.67.186.47	80	TCP
2025-02-22T08:22:48.464981+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50052	172.67.186.47	80	TCP
2025-02-22T08:22:49.335599+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50058	172.67.186.47	80	TCP
2025-02-22T08:22:50.185761+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50065	172.67.186.47	80	TCP
2025-02-22T08:22:51.685093+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50074	172.67.186.47	80	TCP
2025-02-22T08:22:52.504147+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50081	172.67.186.47	80	TCP
2025-02-22T08:22:53.374206+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50088	172.67.186.47	80	TCP
2025-02-22T08:22:54.694830+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50091	172.67.186.47	80	TCP
2025-02-22T08:22:55.540452+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50092	172.67.186.47	80	TCP
2025-02-22T08:22:56.399811+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50093	172.67.186.47	80	TCP
2025-02-22T08:22:58.995896+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50094	172.67.186.47	80	TCP
2025-02-22T08:22:59.802124+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50095	172.67.186.47	80	TCP
2025-02-22T08:23:01.105035+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50096	172.67.186.47	80	TCP
2025-02-22T08:23:01.928840+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50097	172.67.186.47	80	TCP
2025-02-22T08:23:02.769025+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50098	172.67.186.47	80	TCP
2025-02-22T08:23:04.147378+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50099	172.67.186.47	80	TCP
2025-02-22T08:23:04.968168+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50100	172.67.186.47	80	TCP
2025-02-22T08:23:05.816556+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50101	172.67.186.47	80	TCP
2025-02-22T08:23:09.251560+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50102	172.67.186.47	80	TCP
2025-02-22T08:23:10.058035+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50103	172.67.186.47	80	TCP
2025-02-22T08:23:11.342268+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50104	172.67.186.47	80	TCP
2025-02-22T08:23:12.165688+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50105	172.67.186.47	80	TCP
2025-02-22T08:23:13.053262+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50106	172.67.186.47	80	TCP
2025-02-22T08:23:14.354446+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50107	172.67.186.47	80	TCP
2025-02-22T08:23:15.175730+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50108	172.67.186.47	80	TCP
2025-02-22T08:23:16.445428+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50109	172.67.186.47	80	TCP
2025-02-22T08:23:17.269911+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50110	172.67.186.47	80	TCP
2025-02-22T08:23:19.575195+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50111	172.67.186.47	80	TCP
2025-02-22T08:23:20.386052+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50112	172.67.186.47	80	TCP
2025-02-22T08:23:21.230426+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50113	172.67.186.47	80	TCP
2025-02-22T08:23:22.090188+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50114	172.67.186.47	80	TCP

ET MALWARE LokiBot Fake 404 Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-22T08:21:21.408627+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49733	TCP
2025-02-22T08:21:22.227839+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49734	TCP
2025-02-22T08:21:23.515872+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49735	TCP
2025-02-22T08:21:24.356836+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49736	TCP
2025-02-22T08:21:25.214912+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49737	TCP
2025-02-22T08:21:26.045616+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49738	TCP
2025-02-22T08:21:26.950171+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49739	TCP
2025-02-22T08:21:27.758163+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49740	TCP
2025-02-22T08:21:28.591056+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49741	TCP
2025-02-22T08:21:29.459905+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49742	TCP
2025-02-22T08:21:30.760583+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49743	TCP
2025-02-22T08:21:31.779897+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49744	TCP
2025-02-22T08:21:32.613999+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49745	TCP
2025-02-22T08:21:34.595536+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49746	TCP
2025-02-22T08:21:36.476155+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49748	TCP
2025-02-22T08:21:37.384979+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49753	TCP
2025-02-22T08:21:38.681303+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49755	TCP
2025-02-22T08:21:39.508219+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49756	TCP
2025-02-22T08:21:40.871595+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49757	TCP
2025-02-22T08:21:42.143025+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49758	TCP
2025-02-22T08:21:43.523683+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49759	TCP
2025-02-22T08:21:44.397225+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49760	TCP
2025-02-22T08:21:45.697367+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49761	TCP
2025-02-22T08:21:46.522451+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49762	TCP
2025-02-22T08:21:47.815297+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49763	TCP
2025-02-22T08:21:49.100263+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49764	TCP
2025-02-22T08:21:49.931634+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49765	TCP
2025-02-22T08:21:51.819037+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49766	TCP
2025-02-22T08:21:53.153532+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49767	TCP
2025-02-22T08:21:54.450343+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49768	TCP
2025-02-22T08:21:55.334048+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49769	TCP
2025-02-22T08:21:56.155684+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49770	TCP
2025-02-22T08:21:57.445415+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49771	TCP
2025-02-22T08:21:58.270784+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49772	TCP
2025-02-22T08:21:59.098785+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49773	TCP
2025-02-22T08:22:00.383066+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49774	TCP
2025-02-22T08:22:01.672382+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49775	TCP
2025-02-22T08:22:02.521902+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49776	TCP
2025-02-22T08:22:03.354601+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49777	TCP
2025-02-22T08:22:04.267272+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49778	TCP
2025-02-22T08:22:05.601638+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49779	TCP
2025-02-22T08:22:06.463413+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49780	TCP
2025-02-22T08:22:07.320086+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49781	TCP
2025-02-22T08:22:08.185799+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49782	TCP
2025-02-22T08:22:08.990429+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49783	TCP
2025-02-22T08:22:10.824182+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49784	TCP
2025-02-22T08:22:11.689065+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49785	TCP
2025-02-22T08:22:12.499173+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49787	TCP
2025-02-22T08:22:13.345138+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49794	TCP
2025-02-22T08:22:14.218771+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49800	TCP
2025-02-22T08:22:15.688914+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49807	TCP
2025-02-22T08:22:17.337269+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49817	TCP
2025-02-22T08:22:18.156437+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49828	TCP
2025-02-22T08:22:18.975903+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49835	TCP
2025-02-22T08:22:19.808660+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49844	TCP
2025-02-22T08:22:21.219951+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49850	TCP
2025-02-22T08:22:22.051187+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49859	TCP
2025-02-22T08:22:22.873278+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49866	TCP
2025-02-22T08:22:23.698252+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49872	TCP
2025-02-22T08:22:24.765862+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49877	TCP
2025-02-22T08:22:26.601451+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49884	TCP
2025-02-22T08:22:27.411760+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49896	TCP
2025-02-22T08:22:29.319186+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49901	TCP
2025-02-22T08:22:30.142557+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49915	TCP
2025-02-22T08:22:31.013737+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49922	TCP
2025-02-22T08:22:32.350215+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49928	TCP
2025-02-22T08:22:33.204161+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49935	TCP
2025-02-22T08:22:34.055357+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49941	TCP
2025-02-22T08:22:35.340782+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49948	TCP
2025-02-22T08:22:36.647173+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49955	TCP
2025-02-22T08:22:37.481337+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49966	TCP
2025-02-22T08:22:38.794421+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49972	TCP
2025-02-22T08:22:40.458815+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49982	TCP
2025-02-22T08:22:41.285572+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	49994	TCP
2025-02-22T08:22:42.606694+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50000	TCP
2025-02-22T08:22:43.403427+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50011	TCP
2025-02-22T08:22:44.673397+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50016	TCP
2025-02-22T08:22:45.614993+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50025	TCP
2025-02-22T08:22:47.477681+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50034	TCP
2025-02-22T08:22:48.317740+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50045	TCP
2025-02-22T08:22:49.183949+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50052	TCP
2025-02-22T08:22:50.025995+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50058	TCP
2025-02-22T08:22:51.350277+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50065	TCP
2025-02-22T08:22:52.356938+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50074	TCP
2025-02-22T08:22:53.223749+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50081	TCP
2025-02-22T08:22:54.524962+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50088	TCP
2025-02-22T08:22:55.389883+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50091	TCP
2025-02-22T08:22:56.219423+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50092	TCP
2025-02-22T08:22:58.836333+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50093	TCP
2025-02-22T08:22:59.657743+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50094	TCP
2025-02-22T08:23:00.948548+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50095	TCP
2025-02-22T08:23:01.779986+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50096	TCP
2025-02-22T08:23:02.630009+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50097	TCP
2025-02-22T08:23:03.914104+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50098	TCP
2025-02-22T08:23:04.810745+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50099	TCP
2025-02-22T08:23:05.647434+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50100	TCP
2025-02-22T08:23:09.089382+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50101	TCP
2025-02-22T08:23:09.912212+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50102	TCP
2025-02-22T08:23:11.181366+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50103	TCP
2025-02-22T08:23:12.017216+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50104	TCP
2025-02-22T08:23:12.900630+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50105	TCP
2025-02-22T08:23:14.195990+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50106	TCP
2025-02-22T08:23:15.030235+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50107	TCP
2025-02-22T08:23:16.300583+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50108	TCP
2025-02-22T08:23:17.121043+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50109	TCP
2025-02-22T08:23:19.416477+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50110	TCP
2025-02-22T08:23:20.240368+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50111	TCP
2025-02-22T08:23:21.075839+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50112	TCP
2025-02-22T08:23:21.937410+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50113	TCP
2025-02-22T08:23:22.795375+0100	2025483	1	A Network Trojan was detected	172.67.186.47	80	192.168.2.4	50114	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-22T08:21:21.403537+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49733	172.67.186.47	80	TCP
2025-02-22T08:21:22.222679+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49734	172.67.186.47	80	TCP
2025-02-22T08:21:23.509071+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49735	172.67.186.47	80	TCP
2025-02-22T08:21:24.351754+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49736	172.67.186.47	80	TCP
2025-02-22T08:21:25.209737+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49737	172.67.186.47	80	TCP
2025-02-22T08:21:26.040466+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49738	172.67.186.47	80	TCP
2025-02-22T08:21:26.945096+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49739	172.67.186.47	80	TCP
2025-02-22T08:21:27.752998+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49740	172.67.186.47	80	TCP
2025-02-22T08:21:28.585933+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49741	172.67.186.47	80	TCP
2025-02-22T08:21:29.454694+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49742	172.67.186.47	80	TCP
2025-02-22T08:21:30.755427+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49743	172.67.186.47	80	TCP
2025-02-22T08:21:31.774707+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49744	172.67.186.47	80	TCP
2025-02-22T08:21:32.608838+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49745	172.67.186.47	80	TCP
2025-02-22T08:21:34.590347+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49746	172.67.186.47	80	TCP
2025-02-22T08:21:36.470990+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49748	172.67.186.47	80	TCP
2025-02-22T08:21:37.379991+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49753	172.67.186.47	80	TCP
2025-02-22T08:21:38.676249+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49755	172.67.186.47	80	TCP
2025-02-22T08:21:39.503103+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49756	172.67.186.47	80	TCP
2025-02-22T08:21:40.866485+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49757	172.67.186.47	80	TCP
2025-02-22T08:21:42.137971+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49758	172.67.186.47	80	TCP
2025-02-22T08:21:43.513836+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49759	172.67.186.47	80	TCP
2025-02-22T08:21:44.392015+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49760	172.67.186.47	80	TCP
2025-02-22T08:21:45.692315+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49761	172.67.186.47	80	TCP
2025-02-22T08:21:46.517363+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49762	172.67.186.47	80	TCP
2025-02-22T08:21:47.810251+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49763	172.67.186.47	80	TCP
2025-02-22T08:21:49.095130+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49764	172.67.186.47	80	TCP
2025-02-22T08:21:49.926147+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49765	172.67.186.47	80	TCP
2025-02-22T08:21:51.785285+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49766	172.67.186.47	80	TCP
2025-02-22T08:21:53.148352+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49767	172.67.186.47	80	TCP
2025-02-22T08:21:54.443112+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49768	172.67.186.47	80	TCP
2025-02-22T08:21:55.328750+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49769	172.67.186.47	80	TCP
2025-02-22T08:21:56.150664+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49770	172.67.186.47	80	TCP
2025-02-22T08:21:57.440422+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49771	172.67.186.47	80	TCP
2025-02-22T08:21:58.265767+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49772	172.67.186.47	80	TCP
2025-02-22T08:21:59.093770+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49773	172.67.186.47	80	TCP
2025-02-22T08:22:00.378000+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49774	172.67.186.47	80	TCP
2025-02-22T08:22:01.667334+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49775	172.67.186.47	80	TCP
2025-02-22T08:22:02.516747+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49776	172.67.186.47	80	TCP
2025-02-22T08:22:03.349391+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49777	172.67.186.47	80	TCP
2025-02-22T08:22:04.261964+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49778	172.67.186.47	80	TCP
2025-02-22T08:22:05.596473+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49779	172.67.186.47	80	TCP
2025-02-22T08:22:06.458175+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49780	172.67.186.47	80	TCP
2025-02-22T08:22:07.314984+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49781	172.67.186.47	80	TCP
2025-02-22T08:22:08.180624+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49782	172.67.186.47	80	TCP
2025-02-22T08:22:08.983331+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49783	172.67.186.47	80	TCP
2025-02-22T08:22:10.818582+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49784	172.67.186.47	80	TCP
2025-02-22T08:22:11.683916+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49785	172.67.186.47	80	TCP
2025-02-22T08:22:12.492809+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49787	172.67.186.47	80	TCP
2025-02-22T08:22:13.340077+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49794	172.67.186.47	80	TCP
2025-02-22T08:22:14.213595+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49800	172.67.186.47	80	TCP
2025-02-22T08:22:15.683776+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49807	172.67.186.47	80	TCP
2025-02-22T08:22:17.332169+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49817	172.67.186.47	80	TCP
2025-02-22T08:22:18.151379+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49828	172.67.186.47	80	TCP
2025-02-22T08:22:18.970820+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49835	172.67.186.47	80	TCP
2025-02-22T08:22:19.803418+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49844	172.67.186.47	80	TCP
2025-02-22T08:22:21.214805+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49850	172.67.186.47	80	TCP
2025-02-22T08:22:22.045891+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49859	172.67.186.47	80	TCP
2025-02-22T08:22:22.868231+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49866	172.67.186.47	80	TCP
2025-02-22T08:22:23.693110+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49872	172.67.186.47	80	TCP
2025-02-22T08:22:24.760632+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49877	172.67.186.47	80	TCP
2025-02-22T08:22:26.595331+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49884	172.67.186.47	80	TCP
2025-02-22T08:22:27.406422+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49896	172.67.186.47	80	TCP
2025-02-22T08:22:29.314126+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49901	172.67.186.47	80	TCP
2025-02-22T08:22:30.137458+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49915	172.67.186.47	80	TCP
2025-02-22T08:22:31.008667+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49922	172.67.186.47	80	TCP
2025-02-22T08:22:32.345114+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49928	172.67.186.47	80	TCP
2025-02-22T08:22:33.199129+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49935	172.67.186.47	80	TCP
2025-02-22T08:22:34.048902+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49941	172.67.186.47	80	TCP
2025-02-22T08:22:35.335505+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49948	172.67.186.47	80	TCP
2025-02-22T08:22:36.641564+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49955	172.67.186.47	80	TCP
2025-02-22T08:22:37.465551+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49966	172.67.186.47	80	TCP
2025-02-22T08:22:38.788957+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49972	172.67.186.47	80	TCP
2025-02-22T08:22:40.453729+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49982	172.67.186.47	80	TCP
2025-02-22T08:22:41.280447+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49994	172.67.186.47	80	TCP
2025-02-22T08:22:42.601583+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50000	172.67.186.47	80	TCP
2025-02-22T08:22:43.398351+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50011	172.67.186.47	80	TCP
2025-02-22T08:22:44.668327+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50016	172.67.186.47	80	TCP
2025-02-22T08:22:45.609906+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50025	172.67.186.47	80	TCP
2025-02-22T08:22:47.472562+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50034	172.67.186.47	80	TCP
2025-02-22T08:22:48.312655+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50045	172.67.186.47	80	TCP
2025-02-22T08:22:49.178656+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50052	172.67.186.47	80	TCP
2025-02-22T08:22:50.020708+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50058	172.67.186.47	80	TCP
2025-02-22T08:22:51.335795+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50065	172.67.186.47	80	TCP
2025-02-22T08:22:52.351748+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50074	172.67.186.47	80	TCP
2025-02-22T08:22:53.217470+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50081	172.67.186.47	80	TCP
2025-02-22T08:22:54.519740+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50088	172.67.186.47	80	TCP
2025-02-22T08:22:55.384712+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50091	172.67.186.47	80	TCP
2025-02-22T08:22:56.205752+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50092	172.67.186.47	80	TCP
2025-02-22T08:22:58.810946+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50093	172.67.186.47	80	TCP
2025-02-22T08:22:59.652559+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50094	172.67.186.47	80	TCP
2025-02-22T08:23:00.943187+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50095	172.67.186.47	80	TCP
2025-02-22T08:23:01.774672+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50096	172.67.186.47	80	TCP
2025-02-22T08:23:02.624755+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50097	172.67.186.47	80	TCP
2025-02-22T08:23:03.909037+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50098	172.67.186.47	80	TCP
2025-02-22T08:23:04.805597+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50099	172.67.186.47	80	TCP
2025-02-22T08:23:05.642160+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50100	172.67.186.47	80	TCP
2025-02-22T08:23:09.083837+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50101	172.67.186.47	80	TCP
2025-02-22T08:23:09.904496+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50102	172.67.186.47	80	TCP
2025-02-22T08:23:11.175893+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50103	172.67.186.47	80	TCP
2025-02-22T08:23:12.011796+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50104	172.67.186.47	80	TCP
2025-02-22T08:23:12.895453+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50105	172.67.186.47	80	TCP
2025-02-22T08:23:14.190755+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50106	172.67.186.47	80	TCP
2025-02-22T08:23:15.024616+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50107	172.67.186.47	80	TCP
2025-02-22T08:23:16.295365+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50108	172.67.186.47	80	TCP
2025-02-22T08:23:17.115927+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50109	172.67.186.47	80	TCP
2025-02-22T08:23:19.411336+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50110	172.67.186.47	80	TCP
2025-02-22T08:23:20.233856+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50111	172.67.186.47	80	TCP
2025-02-22T08:23:21.070506+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50112	172.67.186.47	80	TCP
2025-02-22T08:23:21.931255+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50113	172.67.186.47	80	TCP
2025-02-22T08:23:22.790224+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50114	172.67.186.47	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-22T08:21:21.403537+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49733	172.67.186.47	80	TCP
2025-02-22T08:21:22.222679+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49734	172.67.186.47	80	TCP
2025-02-22T08:21:23.509071+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49735	172.67.186.47	80	TCP
2025-02-22T08:21:24.351754+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49736	172.67.186.47	80	TCP
2025-02-22T08:21:25.209737+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49737	172.67.186.47	80	TCP
2025-02-22T08:21:26.040466+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49738	172.67.186.47	80	TCP
2025-02-22T08:21:26.945096+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49739	172.67.186.47	80	TCP
2025-02-22T08:21:27.752998+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49740	172.67.186.47	80	TCP
2025-02-22T08:21:28.585933+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49741	172.67.186.47	80	TCP
2025-02-22T08:21:29.454694+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49742	172.67.186.47	80	TCP
2025-02-22T08:21:30.755427+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49743	172.67.186.47	80	TCP
2025-02-22T08:21:31.774707+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49744	172.67.186.47	80	TCP
2025-02-22T08:21:32.608838+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49745	172.67.186.47	80	TCP
2025-02-22T08:21:34.590347+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49746	172.67.186.47	80	TCP
2025-02-22T08:21:36.470990+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49748	172.67.186.47	80	TCP
2025-02-22T08:21:37.379991+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49753	172.67.186.47	80	TCP
2025-02-22T08:21:38.676249+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49755	172.67.186.47	80	TCP
2025-02-22T08:21:39.503103+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49756	172.67.186.47	80	TCP
2025-02-22T08:21:40.866485+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49757	172.67.186.47	80	TCP
2025-02-22T08:21:42.137971+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49758	172.67.186.47	80	TCP
2025-02-22T08:21:43.513836+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49759	172.67.186.47	80	TCP
2025-02-22T08:21:44.392015+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49760	172.67.186.47	80	TCP
2025-02-22T08:21:45.692315+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49761	172.67.186.47	80	TCP
2025-02-22T08:21:46.517363+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49762	172.67.186.47	80	TCP
2025-02-22T08:21:47.810251+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49763	172.67.186.47	80	TCP
2025-02-22T08:21:49.095130+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49764	172.67.186.47	80	TCP
2025-02-22T08:21:49.926147+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49765	172.67.186.47	80	TCP
2025-02-22T08:21:51.785285+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49766	172.67.186.47	80	TCP
2025-02-22T08:21:53.148352+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49767	172.67.186.47	80	TCP
2025-02-22T08:21:54.443112+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49768	172.67.186.47	80	TCP
2025-02-22T08:21:55.328750+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49769	172.67.186.47	80	TCP
2025-02-22T08:21:56.150664+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49770	172.67.186.47	80	TCP
2025-02-22T08:21:57.440422+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49771	172.67.186.47	80	TCP
2025-02-22T08:21:58.265767+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49772	172.67.186.47	80	TCP
2025-02-22T08:21:59.093770+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49773	172.67.186.47	80	TCP
2025-02-22T08:22:00.378000+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49774	172.67.186.47	80	TCP
2025-02-22T08:22:01.667334+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49775	172.67.186.47	80	TCP
2025-02-22T08:22:02.516747+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49776	172.67.186.47	80	TCP
2025-02-22T08:22:03.349391+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49777	172.67.186.47	80	TCP
2025-02-22T08:22:04.261964+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49778	172.67.186.47	80	TCP
2025-02-22T08:22:05.596473+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49779	172.67.186.47	80	TCP
2025-02-22T08:22:06.458175+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49780	172.67.186.47	80	TCP
2025-02-22T08:22:07.314984+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49781	172.67.186.47	80	TCP
2025-02-22T08:22:08.180624+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49782	172.67.186.47	80	TCP
2025-02-22T08:22:08.983331+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49783	172.67.186.47	80	TCP
2025-02-22T08:22:10.818582+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49784	172.67.186.47	80	TCP
2025-02-22T08:22:11.683916+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49785	172.67.186.47	80	TCP
2025-02-22T08:22:12.492809+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49787	172.67.186.47	80	TCP
2025-02-22T08:22:13.340077+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49794	172.67.186.47	80	TCP
2025-02-22T08:22:14.213595+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49800	172.67.186.47	80	TCP
2025-02-22T08:22:15.683776+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49807	172.67.186.47	80	TCP
2025-02-22T08:22:17.332169+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49817	172.67.186.47	80	TCP
2025-02-22T08:22:18.151379+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49828	172.67.186.47	80	TCP
2025-02-22T08:22:18.970820+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49835	172.67.186.47	80	TCP
2025-02-22T08:22:19.803418+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49844	172.67.186.47	80	TCP
2025-02-22T08:22:21.214805+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49850	172.67.186.47	80	TCP
2025-02-22T08:22:22.045891+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49859	172.67.186.47	80	TCP
2025-02-22T08:22:22.868231+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49866	172.67.186.47	80	TCP
2025-02-22T08:22:23.693110+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49872	172.67.186.47	80	TCP
2025-02-22T08:22:24.760632+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49877	172.67.186.47	80	TCP
2025-02-22T08:22:26.595331+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49884	172.67.186.47	80	TCP
2025-02-22T08:22:27.406422+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49896	172.67.186.47	80	TCP
2025-02-22T08:22:29.314126+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49901	172.67.186.47	80	TCP
2025-02-22T08:22:30.137458+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49915	172.67.186.47	80	TCP
2025-02-22T08:22:31.008667+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49922	172.67.186.47	80	TCP
2025-02-22T08:22:32.345114+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49928	172.67.186.47	80	TCP
2025-02-22T08:22:33.199129+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49935	172.67.186.47	80	TCP
2025-02-22T08:22:34.048902+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49941	172.67.186.47	80	TCP
2025-02-22T08:22:35.335505+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49948	172.67.186.47	80	TCP
2025-02-22T08:22:36.641564+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49955	172.67.186.47	80	TCP
2025-02-22T08:22:37.465551+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49966	172.67.186.47	80	TCP
2025-02-22T08:22:38.788957+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49972	172.67.186.47	80	TCP
2025-02-22T08:22:40.453729+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49982	172.67.186.47	80	TCP
2025-02-22T08:22:41.280447+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49994	172.67.186.47	80	TCP
2025-02-22T08:22:42.601583+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50000	172.67.186.47	80	TCP
2025-02-22T08:22:43.398351+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50011	172.67.186.47	80	TCP
2025-02-22T08:22:44.668327+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50016	172.67.186.47	80	TCP
2025-02-22T08:22:45.609906+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50025	172.67.186.47	80	TCP
2025-02-22T08:22:47.472562+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50034	172.67.186.47	80	TCP
2025-02-22T08:22:48.312655+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50045	172.67.186.47	80	TCP
2025-02-22T08:22:49.178656+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50052	172.67.186.47	80	TCP
2025-02-22T08:22:50.020708+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50058	172.67.186.47	80	TCP
2025-02-22T08:22:51.335795+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50065	172.67.186.47	80	TCP
2025-02-22T08:22:52.351748+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50074	172.67.186.47	80	TCP
2025-02-22T08:22:53.217470+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50081	172.67.186.47	80	TCP
2025-02-22T08:22:54.519740+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50088	172.67.186.47	80	TCP
2025-02-22T08:22:55.384712+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50091	172.67.186.47	80	TCP
2025-02-22T08:22:56.205752+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50092	172.67.186.47	80	TCP
2025-02-22T08:22:58.810946+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50093	172.67.186.47	80	TCP
2025-02-22T08:22:59.652559+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50094	172.67.186.47	80	TCP
2025-02-22T08:23:00.943187+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50095	172.67.186.47	80	TCP
2025-02-22T08:23:01.774672+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50096	172.67.186.47	80	TCP
2025-02-22T08:23:02.624755+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50097	172.67.186.47	80	TCP
2025-02-22T08:23:03.909037+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50098	172.67.186.47	80	TCP
2025-02-22T08:23:04.805597+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50099	172.67.186.47	80	TCP
2025-02-22T08:23:05.642160+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50100	172.67.186.47	80	TCP
2025-02-22T08:23:09.083837+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50101	172.67.186.47	80	TCP
2025-02-22T08:23:09.904496+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50102	172.67.186.47	80	TCP
2025-02-22T08:23:11.175893+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50103	172.67.186.47	80	TCP
2025-02-22T08:23:12.011796+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50104	172.67.186.47	80	TCP
2025-02-22T08:23:12.895453+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50105	172.67.186.47	80	TCP
2025-02-22T08:23:14.190755+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50106	172.67.186.47	80	TCP
2025-02-22T08:23:15.024616+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50107	172.67.186.47	80	TCP
2025-02-22T08:23:16.295365+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50108	172.67.186.47	80	TCP
2025-02-22T08:23:17.115927+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50109	172.67.186.47	80	TCP
2025-02-22T08:23:19.411336+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50110	172.67.186.47	80	TCP
2025-02-22T08:23:20.233856+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50111	172.67.186.47	80	TCP
2025-02-22T08:23:21.070506+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50112	172.67.186.47	80	TCP
2025-02-22T08:23:21.931255+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50113	172.67.186.47	80	TCP
2025-02-22T08:23:22.790224+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50114	172.67.186.47	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-22T08:21:18.416954+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49731	172.67.186.47	80	TCP
2025-02-22T08:21:19.542515+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49732	172.67.186.47	80	TCP
2025-02-22T08:21:20.742356+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49733	172.67.186.47	80	TCP
2025-02-22T08:21:21.556777+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49734	172.67.186.47	80	TCP
2025-02-22T08:21:22.380103+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49735	172.67.186.47	80	TCP
2025-02-22T08:21:23.664348+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49736	172.67.186.47	80	TCP
2025-02-22T08:21:24.506386+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49737	172.67.186.47	80	TCP
2025-02-22T08:21:25.364782+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49738	172.67.186.47	80	TCP
2025-02-22T08:21:26.193601+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49739	172.67.186.47	80	TCP
2025-02-22T08:21:27.097505+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49740	172.67.186.47	80	TCP
2025-02-22T08:21:27.920624+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49741	172.67.186.47	80	TCP
2025-02-22T08:21:28.754765+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49742	172.67.186.47	80	TCP
2025-02-22T08:21:29.615303+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49743	172.67.186.47	80	TCP
2025-02-22T08:21:30.919136+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49744	172.67.186.47	80	TCP
2025-02-22T08:21:31.945819+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49745	172.67.186.47	80	TCP
2025-02-22T08:21:32.764985+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49746	172.67.186.47	80	TCP
2025-02-22T08:21:34.758306+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49748	172.67.186.47	80	TCP
2025-02-22T08:21:36.652614+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49753	172.67.186.47	80	TCP
2025-02-22T08:21:37.544416+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49755	172.67.186.47	80	TCP
2025-02-22T08:21:38.835849+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49756	172.67.186.47	80	TCP
2025-02-22T08:21:39.663696+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49757	172.67.186.47	80	TCP
2025-02-22T08:21:41.022292+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49758	172.67.186.47	80	TCP
2025-02-22T08:21:42.360021+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49759	172.67.186.47	80	TCP
2025-02-22T08:21:43.678082+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49760	172.67.186.47	80	TCP
2025-02-22T08:21:44.561522+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49761	172.67.186.47	80	TCP
2025-02-22T08:21:45.848888+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49762	172.67.186.47	80	TCP
2025-02-22T08:21:46.675526+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49763	172.67.186.47	80	TCP
2025-02-22T08:21:47.958157+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49764	172.67.186.47	80	TCP
2025-02-22T08:21:49.255799+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49765	172.67.186.47	80	TCP
2025-02-22T08:21:50.083561+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49766	172.67.186.47	80	TCP
2025-02-22T08:21:52.009432+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49767	172.67.186.47	80	TCP
2025-02-22T08:21:53.306805+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49768	172.67.186.47	80	TCP
2025-02-22T08:21:54.643549+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49769	172.67.186.47	80	TCP
2025-02-22T08:21:55.475286+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49770	172.67.186.47	80	TCP
2025-02-22T08:21:56.305186+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49771	172.67.186.47	80	TCP
2025-02-22T08:21:57.602365+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49772	172.67.186.47	80	TCP
2025-02-22T08:21:58.417313+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49773	172.67.186.47	80	TCP
2025-02-22T08:21:59.243592+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49774	172.67.186.47	80	TCP
2025-02-22T08:22:00.540301+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49775	172.67.186.47	80	TCP
2025-02-22T08:22:01.835795+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49776	172.67.186.47	80	TCP
2025-02-22T08:22:02.686289+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49777	172.67.186.47	80	TCP
2025-02-22T08:22:03.543583+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49778	172.67.186.47	80	TCP
2025-02-22T08:22:04.426265+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49779	172.67.186.47	80	TCP
2025-02-22T08:22:05.759377+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49780	172.67.186.47	80	TCP
2025-02-22T08:22:06.621894+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49781	172.67.186.47	80	TCP
2025-02-22T08:22:07.476803+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49782	172.67.186.47	80	TCP
2025-02-22T08:22:08.342052+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49783	172.67.186.47	80	TCP
2025-02-22T08:22:09.142158+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49784	172.67.186.47	80	TCP
2025-02-22T08:22:10.979768+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49785	172.67.186.47	80	TCP
2025-02-22T08:22:11.834247+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49787	172.67.186.47	80	TCP
2025-02-22T08:22:12.660602+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49794	172.67.186.47	80	TCP
2025-02-22T08:22:13.498248+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49800	172.67.186.47	80	TCP
2025-02-22T08:22:14.515932+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49807	172.67.186.47	80	TCP
2025-02-22T08:22:15.853194+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49817	172.67.186.47	80	TCP
2025-02-22T08:22:17.489265+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49828	172.67.186.47	80	TCP
2025-02-22T08:22:18.300941+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49835	172.67.186.47	80	TCP
2025-02-22T08:22:19.131794+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49844	172.67.186.47	80	TCP
2025-02-22T08:22:20.000180+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49850	172.67.186.47	80	TCP
2025-02-22T08:22:21.365771+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49859	172.67.186.47	80	TCP
2025-02-22T08:22:22.199879+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49866	172.67.186.47	80	TCP
2025-02-22T08:22:23.026196+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49872	172.67.186.47	80	TCP
2025-02-22T08:22:23.850252+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49877	172.67.186.47	80	TCP
2025-02-22T08:22:24.908463+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49884	172.67.186.47	80	TCP
2025-02-22T08:22:26.757072+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49896	172.67.186.47	80	TCP
2025-02-22T08:22:27.561924+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49901	172.67.186.47	80	TCP
2025-02-22T08:22:29.486702+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49915	172.67.186.47	80	TCP
2025-02-22T08:22:30.327290+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49922	172.67.186.47	80	TCP
2025-02-22T08:22:31.178538+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49928	172.67.186.47	80	TCP
2025-02-22T08:22:32.530880+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49935	172.67.186.47	80	TCP
2025-02-22T08:22:33.367595+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49941	172.67.186.47	80	TCP
2025-02-22T08:22:34.208276+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49948	172.67.186.47	80	TCP
2025-02-22T08:22:35.495290+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49955	172.67.186.47	80	TCP
2025-02-22T08:22:36.789577+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49966	172.67.186.47	80	TCP
2025-02-22T08:22:37.633157+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49972	172.67.186.47	80	TCP
2025-02-22T08:22:38.949865+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49982	172.67.186.47	80	TCP
2025-02-22T08:22:40.612011+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49994	172.67.186.47	80	TCP
2025-02-22T08:22:41.428640+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50000	172.67.186.47	80	TCP
2025-02-22T08:22:42.756832+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50011	172.67.186.47	80	TCP
2025-02-22T08:22:43.559491+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50016	172.67.186.47	80	TCP
2025-02-22T08:22:44.819742+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50025	172.67.186.47	80	TCP
2025-02-22T08:22:45.806137+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50034	172.67.186.47	80	TCP
2025-02-22T08:22:47.636573+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50045	172.67.186.47	80	TCP
2025-02-22T08:22:48.464981+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50052	172.67.186.47	80	TCP
2025-02-22T08:22:49.335599+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50058	172.67.186.47	80	TCP
2025-02-22T08:22:50.185761+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50065	172.67.186.47	80	TCP
2025-02-22T08:22:51.685093+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50074	172.67.186.47	80	TCP
2025-02-22T08:22:52.504147+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50081	172.67.186.47	80	TCP
2025-02-22T08:22:53.374206+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50088	172.67.186.47	80	TCP
2025-02-22T08:22:54.694830+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50091	172.67.186.47	80	TCP
2025-02-22T08:22:55.540452+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50092	172.67.186.47	80	TCP
2025-02-22T08:22:56.399811+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50093	172.67.186.47	80	TCP
2025-02-22T08:22:58.995896+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50094	172.67.186.47	80	TCP
2025-02-22T08:22:59.802124+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50095	172.67.186.47	80	TCP
2025-02-22T08:23:01.105035+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50096	172.67.186.47	80	TCP
2025-02-22T08:23:01.928840+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50097	172.67.186.47	80	TCP
2025-02-22T08:23:02.769025+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50098	172.67.186.47	80	TCP
2025-02-22T08:23:04.147378+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50099	172.67.186.47	80	TCP
2025-02-22T08:23:04.968168+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50100	172.67.186.47	80	TCP
2025-02-22T08:23:05.816556+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50101	172.67.186.47	80	TCP
2025-02-22T08:23:09.251560+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50102	172.67.186.47	80	TCP
2025-02-22T08:23:10.058035+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50103	172.67.186.47	80	TCP
2025-02-22T08:23:11.342268+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50104	172.67.186.47	80	TCP
2025-02-22T08:23:12.165688+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50105	172.67.186.47	80	TCP
2025-02-22T08:23:13.053262+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50106	172.67.186.47	80	TCP
2025-02-22T08:23:14.354446+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50107	172.67.186.47	80	TCP
2025-02-22T08:23:15.175730+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50108	172.67.186.47	80	TCP
2025-02-22T08:23:16.445428+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50109	172.67.186.47	80	TCP
2025-02-22T08:23:17.269911+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50110	172.67.186.47	80	TCP
2025-02-22T08:23:19.575195+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50111	172.67.186.47	80	TCP
2025-02-22T08:23:20.386052+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50112	172.67.186.47	80	TCP
2025-02-22T08:23:21.230426+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50113	172.67.186.47	80	TCP
2025-02-22T08:23:22.090188+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50114	172.67.186.47	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-22T08:21:18.416954+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49731	172.67.186.47	80	TCP
2025-02-22T08:21:19.542515+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49732	172.67.186.47	80	TCP
2025-02-22T08:21:20.742356+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49733	172.67.186.47	80	TCP
2025-02-22T08:21:21.556777+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49734	172.67.186.47	80	TCP
2025-02-22T08:21:22.380103+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49735	172.67.186.47	80	TCP
2025-02-22T08:21:23.664348+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49736	172.67.186.47	80	TCP
2025-02-22T08:21:24.506386+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49737	172.67.186.47	80	TCP
2025-02-22T08:21:25.364782+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49738	172.67.186.47	80	TCP
2025-02-22T08:21:26.193601+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49739	172.67.186.47	80	TCP
2025-02-22T08:21:27.097505+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49740	172.67.186.47	80	TCP
2025-02-22T08:21:27.920624+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49741	172.67.186.47	80	TCP
2025-02-22T08:21:28.754765+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49742	172.67.186.47	80	TCP
2025-02-22T08:21:29.615303+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49743	172.67.186.47	80	TCP
2025-02-22T08:21:30.919136+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49744	172.67.186.47	80	TCP
2025-02-22T08:21:31.945819+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49745	172.67.186.47	80	TCP
2025-02-22T08:21:32.764985+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49746	172.67.186.47	80	TCP
2025-02-22T08:21:34.758306+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49748	172.67.186.47	80	TCP
2025-02-22T08:21:36.652614+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49753	172.67.186.47	80	TCP
2025-02-22T08:21:37.544416+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49755	172.67.186.47	80	TCP
2025-02-22T08:21:38.835849+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49756	172.67.186.47	80	TCP
2025-02-22T08:21:39.663696+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49757	172.67.186.47	80	TCP
2025-02-22T08:21:41.022292+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49758	172.67.186.47	80	TCP
2025-02-22T08:21:42.360021+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49759	172.67.186.47	80	TCP
2025-02-22T08:21:43.678082+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49760	172.67.186.47	80	TCP
2025-02-22T08:21:44.561522+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49761	172.67.186.47	80	TCP
2025-02-22T08:21:45.848888+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49762	172.67.186.47	80	TCP
2025-02-22T08:21:46.675526+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49763	172.67.186.47	80	TCP
2025-02-22T08:21:47.958157+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49764	172.67.186.47	80	TCP
2025-02-22T08:21:49.255799+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49765	172.67.186.47	80	TCP
2025-02-22T08:21:50.083561+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49766	172.67.186.47	80	TCP
2025-02-22T08:21:52.009432+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49767	172.67.186.47	80	TCP
2025-02-22T08:21:53.306805+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49768	172.67.186.47	80	TCP
2025-02-22T08:21:54.643549+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49769	172.67.186.47	80	TCP
2025-02-22T08:21:55.475286+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49770	172.67.186.47	80	TCP
2025-02-22T08:21:56.305186+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49771	172.67.186.47	80	TCP
2025-02-22T08:21:57.602365+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49772	172.67.186.47	80	TCP
2025-02-22T08:21:58.417313+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49773	172.67.186.47	80	TCP
2025-02-22T08:21:59.243592+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49774	172.67.186.47	80	TCP
2025-02-22T08:22:00.540301+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49775	172.67.186.47	80	TCP
2025-02-22T08:22:01.835795+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49776	172.67.186.47	80	TCP
2025-02-22T08:22:02.686289+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49777	172.67.186.47	80	TCP
2025-02-22T08:22:03.543583+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49778	172.67.186.47	80	TCP
2025-02-22T08:22:04.426265+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49779	172.67.186.47	80	TCP
2025-02-22T08:22:05.759377+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49780	172.67.186.47	80	TCP
2025-02-22T08:22:06.621894+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49781	172.67.186.47	80	TCP
2025-02-22T08:22:07.476803+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49782	172.67.186.47	80	TCP
2025-02-22T08:22:08.342052+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49783	172.67.186.47	80	TCP
2025-02-22T08:22:09.142158+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49784	172.67.186.47	80	TCP
2025-02-22T08:22:10.979768+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49785	172.67.186.47	80	TCP
2025-02-22T08:22:11.834247+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49787	172.67.186.47	80	TCP
2025-02-22T08:22:12.660602+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49794	172.67.186.47	80	TCP
2025-02-22T08:22:13.498248+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49800	172.67.186.47	80	TCP
2025-02-22T08:22:14.515932+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49807	172.67.186.47	80	TCP
2025-02-22T08:22:15.853194+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49817	172.67.186.47	80	TCP
2025-02-22T08:22:17.489265+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49828	172.67.186.47	80	TCP
2025-02-22T08:22:18.300941+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49835	172.67.186.47	80	TCP
2025-02-22T08:22:19.131794+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49844	172.67.186.47	80	TCP
2025-02-22T08:22:20.000180+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49850	172.67.186.47	80	TCP
2025-02-22T08:22:21.365771+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49859	172.67.186.47	80	TCP
2025-02-22T08:22:22.199879+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49866	172.67.186.47	80	TCP
2025-02-22T08:22:23.026196+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49872	172.67.186.47	80	TCP
2025-02-22T08:22:23.850252+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49877	172.67.186.47	80	TCP
2025-02-22T08:22:24.908463+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49884	172.67.186.47	80	TCP
2025-02-22T08:22:26.757072+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49896	172.67.186.47	80	TCP
2025-02-22T08:22:27.561924+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49901	172.67.186.47	80	TCP
2025-02-22T08:22:29.486702+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49915	172.67.186.47	80	TCP
2025-02-22T08:22:30.327290+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49922	172.67.186.47	80	TCP
2025-02-22T08:22:31.178538+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49928	172.67.186.47	80	TCP
2025-02-22T08:22:32.530880+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49935	172.67.186.47	80	TCP
2025-02-22T08:22:33.367595+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49941	172.67.186.47	80	TCP
2025-02-22T08:22:34.208276+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49948	172.67.186.47	80	TCP
2025-02-22T08:22:35.495290+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49955	172.67.186.47	80	TCP
2025-02-22T08:22:36.789577+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49966	172.67.186.47	80	TCP
2025-02-22T08:22:37.633157+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49972	172.67.186.47	80	TCP
2025-02-22T08:22:38.949865+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49982	172.67.186.47	80	TCP
2025-02-22T08:22:40.612011+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49994	172.67.186.47	80	TCP
2025-02-22T08:22:41.428640+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50000	172.67.186.47	80	TCP
2025-02-22T08:22:42.756832+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50011	172.67.186.47	80	TCP
2025-02-22T08:22:43.559491+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50016	172.67.186.47	80	TCP
2025-02-22T08:22:44.819742+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50025	172.67.186.47	80	TCP
2025-02-22T08:22:45.806137+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50034	172.67.186.47	80	TCP
2025-02-22T08:22:47.636573+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50045	172.67.186.47	80	TCP
2025-02-22T08:22:48.464981+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50052	172.67.186.47	80	TCP
2025-02-22T08:22:49.335599+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50058	172.67.186.47	80	TCP
2025-02-22T08:22:50.185761+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50065	172.67.186.47	80	TCP
2025-02-22T08:22:51.685093+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50074	172.67.186.47	80	TCP
2025-02-22T08:22:52.504147+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50081	172.67.186.47	80	TCP
2025-02-22T08:22:53.374206+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50088	172.67.186.47	80	TCP
2025-02-22T08:22:54.694830+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50091	172.67.186.47	80	TCP
2025-02-22T08:22:55.540452+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50092	172.67.186.47	80	TCP
2025-02-22T08:22:56.399811+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50093	172.67.186.47	80	TCP
2025-02-22T08:22:58.995896+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50094	172.67.186.47	80	TCP
2025-02-22T08:22:59.802124+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50095	172.67.186.47	80	TCP
2025-02-22T08:23:01.105035+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50096	172.67.186.47	80	TCP
2025-02-22T08:23:01.928840+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50097	172.67.186.47	80	TCP
2025-02-22T08:23:02.769025+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50098	172.67.186.47	80	TCP
2025-02-22T08:23:04.147378+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50099	172.67.186.47	80	TCP
2025-02-22T08:23:04.968168+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50100	172.67.186.47	80	TCP
2025-02-22T08:23:05.816556+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50101	172.67.186.47	80	TCP
2025-02-22T08:23:09.251560+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50102	172.67.186.47	80	TCP
2025-02-22T08:23:10.058035+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50103	172.67.186.47	80	TCP
2025-02-22T08:23:11.342268+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50104	172.67.186.47	80	TCP
2025-02-22T08:23:12.165688+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50105	172.67.186.47	80	TCP
2025-02-22T08:23:13.053262+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50106	172.67.186.47	80	TCP
2025-02-22T08:23:14.354446+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50107	172.67.186.47	80	TCP
2025-02-22T08:23:15.175730+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50108	172.67.186.47	80	TCP
2025-02-22T08:23:16.445428+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50109	172.67.186.47	80	TCP
2025-02-22T08:23:17.269911+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50110	172.67.186.47	80	TCP
2025-02-22T08:23:19.575195+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50111	172.67.186.47	80	TCP
2025-02-22T08:23:20.386052+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50112	172.67.186.47	80	TCP
2025-02-22T08:23:21.230426+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50113	172.67.186.47	80	TCP
2025-02-22T08:23:22.090188+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50114	172.67.186.47	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Z6hL5LKAX4.exe

Avira: detected

Found malware configuration

Source: 00000000.00000000.1706982278.0000000000415000.00000002.00000001.01000000.00000003.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Multi AV Scanner detection for submitted file

Source: Z6hL5LKAX4.exe

ReversingLabs: Detection: 97%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: Z6hL5LKAX4.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Code function: 0_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

0_2_00403D74

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49743 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49748 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49748 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49748 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49755 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49755 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49755 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49740 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49740 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49740 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49753 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49743 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49745 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49743 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49745 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49745 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49731 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49753 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49731 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49753 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49738 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49731 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49748 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49738 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49732 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49738 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49732 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49766 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49779 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49766 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49779 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49782 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49766 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49732 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49800 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49763 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49779 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49782 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49772 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49800 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49772 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49758 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49800 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49807 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49748 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49744 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49758 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49744 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49758 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49782 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49744 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49734 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49773 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49737 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49763 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49737 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49731 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49779 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49767 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49779 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49736 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49780 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49736 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49732 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49739 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49755 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49737 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49755 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49733 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49741 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49766 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49741 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49773 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49766 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49741 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49773 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49772 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49739 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49807 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49758 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49739 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49745 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49807 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49758 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49737 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49737 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49773 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49773 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49739 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49770 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49739 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49770 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49760 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49770 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49800 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49760 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49760 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49800 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49733 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49733 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49745 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49782 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49770 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49782 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49763 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49772 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49772 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49740 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49744 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49740 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49744 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49760 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49760 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49763 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49763 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49733 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49738 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49741 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49850 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49850 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49736 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49733 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49738 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49741 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49850 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49807 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49734 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49767 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49807 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49767 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49734 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49850 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49736 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49850 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49775 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49734 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49775 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49775 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49734 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49767 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49767 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49781 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49736 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49781 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49775 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49775 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49748
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49770 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49781 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49779
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49781 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49781 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49763
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49733
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49780 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49766
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49866 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49780 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49866 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49784 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49755
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49817 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49780 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49758
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49734
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49783 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49783 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49783 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49866 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49800
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49753 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49753 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49772
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49735 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49735 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49739
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49735 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49780 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49866 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49775
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49783 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49866 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49762 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49783 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49850
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49817 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49784 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49781
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49735 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49735 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49744
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49768 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49817 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49768 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49785 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49741
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49784 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49785 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49773
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49828 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49767
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49785 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49760
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49877 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49877 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49762 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49743 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49738
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49817 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49768 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49828 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49785 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49757 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49757 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49762 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49757 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49736
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49768 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49768 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49972 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49817 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49828 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49807
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49762 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49770
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49785 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49762 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49877 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49743 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49784 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49784 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49757 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49757 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49761 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49761 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49761 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49828 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49777 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49828 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49746 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49777 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49764 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49735
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49782
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49753
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49746 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49746 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49740
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49783
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49780
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49764 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49817
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49877 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49761 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49764 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49746 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49737
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49877 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49866
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49859 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49859 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49859 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49966 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49972 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49761 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49966 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49746 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49828
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49764 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49764 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50045 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49955 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49742 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49742 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49742 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49785
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49745
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49835 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49972 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49922 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50045 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49955 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50045 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49955 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49742 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49768
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49777 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49922 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49835 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49922 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49835 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49966 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50045 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49884 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49774 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49884 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49884 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49774 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49774 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49776 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49776 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50052 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49901 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49742 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50045 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49901 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49901 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49784
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49966 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49966 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49835 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49835 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49928 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49777 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49774 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49777 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49859 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49757
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49776 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50052 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50052 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49922 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49972 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49776 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49982 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49776 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49743
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49928 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49759 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49762
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49759 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50052 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49774 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50052 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49901 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49901 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49972 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49764
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49955 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49928 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49982 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49759 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49746
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49771 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49771 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49794 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49955 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49982 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49922 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49771 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49742
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49928 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50081 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50081 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49928 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49835
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49982 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49982 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50081 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49769 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49765 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49759 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49771 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49776
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49859 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49765 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49756 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:50045
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49794 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49765 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50098 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49777
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50091 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49771 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:50052
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49756 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49877
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50098 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50081 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50091 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50091 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49756 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50091 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49769 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49769 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49765 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49972
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49794 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49761
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50114 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49769 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50104 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50104 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50091 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49759 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50081 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49982
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50098 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50114 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50114 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49769 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50114 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49948 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50114 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49948 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49922
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49794 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49794 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49756 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49765 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49955
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50000 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50098 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49774
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49928
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50098 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50104 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49872 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49884 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49948 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50000 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49884 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49756 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49935 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49935 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49948 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49935 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49872 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50000 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49941 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49941 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49941 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49935 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49935 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50000 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49994 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49771
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:50081
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49948 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49872 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49794
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49778 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49994 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50104 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50102 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49872 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50104 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49872 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50101 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50092 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49941 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49778 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50092 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49941 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:50091
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49994 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50102 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50000 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49778 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:50114
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49994 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49884
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50102 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49994 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49778 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49765
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49778 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49966
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50102 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50102 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49769
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50092 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49948
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49759
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49901
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50092 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50099 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49787 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50092 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50074 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50099 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49872
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50074 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50099 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50074 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49756
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49859
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:50104
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50099 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50074 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50099 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50074 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49941
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49787 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:50000
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:49994
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50101 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 172.67.186.47:80 -> 192.168.2.4:50102
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49896 -> 172.67.186.47:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49787 -> 172.67.186.47:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 149Connection: close

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Code function: 0_2_00404ED4 recv,

0_2_00404ED4

Source: global traffic

DNS traffic detected: DNS query: sebel.sbs

Source: unknown

HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: sebel.sbsAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: D5279B40Content-Length: 176Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=moVnMxDho9Nbaow9FbFXvTNO2VIVqNRcIsXhG1Tzgc5mengBs5Fr4aMoHPl05%2FMznz6VV7ILXZjthCFFLo4HeZoN8aw6Pcgwe8gzVz%2BsTWLP%2F1EL8Bz42ThSFSI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d37f4aceb727b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1782&min_rtt=1782&rtt_var=891&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=415&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FG3TvzevoIO7MYqVpTRQC5nT5DsuF6NfH%2BpORtHaUdUW9PzhuglNRQbsbCxKNSsrH3ebUhY3KIeJAFXFOaH2P8zHabD5%2BgFWJvfBdPB0ZHb2%2FmZlFbV4TyuT1SA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d37fbcbfd4255-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1586&min_rtt=1586&rtt_var=793&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=415&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LMpWjHxO4BJhfmsPjP52ZGr039oLFT2lvpB2jS1ZgMa9dTpTyiG%2BXt1As8VXQUhF5wJGrMJBtSgte85OT25nU50RRqLNFsIKoCRB9TjvXhRaaTlyWRojPiWMPko%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38032d7e43fe-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1718&min_rtt=1718&rtt_var=859&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FSTEC5p4BcjVc5PEAc3WYLK16eQmtt11nUr4J57BlYb2FcyQN41SYoQFpnYFUi%2BpdbYOqKLLq5MI12QS8PO2%2BC83Z%2Fh0N3kpNF8eOw4kRxiP9Q3G8CB0zYUwJiE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38085f1b0c96-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1458&min_rtt=1458&rtt_var=729&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=155&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RqeOhwokGxaWP0YSdalPapV2ncVeBHM4QcTvSUq1Njuj0c1aspD0ZYQ1ltM8gVefe5uO1Hocn7%2BAxZ2oZ38s1CbQG8xEmLKWKk1H5AmzgIodqb3maYdvq3mfJGo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d380d7b49ef9d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1772&min_rtt=1772&rtt_var=886&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=165&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aF%2F3TNmZ8fZ1HzSLgSPRbn%2F5Fivk5O9ACQX3qZenZWalC4a6E8Kch%2BCtK9iqyp63xwC9OU4IeYMFkTb1SaXfkEIo7TPRUlWq%2Fhd6k7dCeV9D%2Fhq9oQK%2Frv%2FeAXk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d381569c3435e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1703&min_rtt=1703&rtt_var=851&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f7xacAPKhTHFqvk%2FLwuz%2BeHcsOA2CU1DHtaf0IrrevpWN0Xw1V2%2Bp8RfGksafRPUgiq4hrkEmbHqLHTzSxh7b4hmN8BblM9umfnxU%2FGm5%2FumjjAzskOZejCyExs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d381aad0642d1-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1587&min_rtt=1587&rtt_var=793&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=739RbFEym3vtf1tPdsqq9zB7X1S596NdAe9p7nKnX9uE%2FUxA7VnEHPVqZxjAVVEUhyLTYP5sP4tYWvUxcGdyVb0OYjWLgaD%2BaR3483BXekAmNjqJlqQ4kKjlG%2BY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3820186242e4-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2057&min_rtt=2057&rtt_var=1028&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ze1gpwAmdrWV3Yq3feoBi6yYhwUj4EaFvTCPRqqAjsnAODquHi51R2HTqUE%2FjufJnwgYlMzNTNZC0bL4B0bhcpxGgt88QkiuHPMaUn9oGOuPJBs%2FQtgofuQ9Ukw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3825c8868cc5-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=33808&min_rtt=33808&rtt_var=16904&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jzNNrMWUh7OgETJLcd08s03CkhXtatXAb9axxPjSa%2BHOJFTfb1K1VB5pe5CHl1QrcGqo4vGLJw%2FFXxD735UYE%2FggaAf6p3GxXpDgO8IYzpjYQyBiFCHjkHJ1KiY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d382add5042da-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2050&min_rtt=2050&rtt_var=1025&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oPPXHShWIgwIfxyzkmQ0zL3tiRFw0uridceG9k8sY7uwCiOy%2FAt6N%2B3Zh8TsxsVKHB11ycihaTiyU8kPC4siZmJiZyLP40kezT34H9D%2BDYB4QAYdiWRCIjiYnQ8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d382ffbefde92-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1595&min_rtt=1595&rtt_var=797&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N7SHHml7ehRNI%2FuQOy4sU64QiB0Zc2%2BN%2Fm%2FdnisKdAK%2FDKfOGRlIn5oZEiMtP9FOgk5MGhHPbLC8JvWOVYOpZ%2BbNi%2FMDVUCEQ6WE3Pwv1Ge5u9TZzFeJhmKRLnw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38354948438b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2431&min_rtt=2431&rtt_var=1215&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=176&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xIN%2FMZwlHMu7iodWNL6zU4VKleZQIEOcgsUL6EQqv46clOv62MpjxwOBLDYo%2FM23Ndd%2FOABXCamEq2X36UUr7SD4FvHPcEA5i9YrWUpSxkJ5ftUrZTXHK4VcR7c%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d383aad4ec42a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1666&min_rtt=1666&rtt_var=833&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rBeRRgx%2BogVe7lgEjm8BRZhx0GQd2cCHfGUGa5I5wmuhC8gMFYXjpltJZYRx1Q8kQE3MD%2FkfN%2FmIe23IlVqFQCLTx3lWGPGW7xctzVv8diItPGOdvTospmRAY1s%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3842b8a84362-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2148&min_rtt=2148&rtt_var=1074&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s3PXh%2FrNbl3PvL987WpjUBCEQPTn7Kp0bjsQIoK0pN2hDcDXKNgNmAWIrdSCO7Ldvh5amp7gQvFuXQqV6h6eZ9nL9ki%2B4vdxDhE9dzpgnZLh85CjN%2F0sfSjBwG4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38492dcc3320-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1775&min_rtt=1775&rtt_var=887&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ZdbjBuTqGq9hC%2FVgfPbIME8gVB6xa%2Bi8oYv22FHowiUpu8lNvFX%2BGhSwGGFQc5XquBu1PgkSqTbrFgYWqByJ9GBqkcMAdgsiNF3vpkpCWTaxAquAHL3kGrjciA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d384e4c60424d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1567&min_rtt=1567&rtt_var=783&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vAVlcfG0vfp3yN7%2Fvbr5bw5opX01q%2FQ1x%2F%2BnnkBCLTC2HX7ik3BVKAdHDBZYRdIo1EBNq8ntxKuK%2Fv3lIRHYecAXiM2pJXbmaClcP5DcSiT2HyciBQce1KG0VmI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d385acb35189d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1664&min_rtt=1664&rtt_var=832&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b65w2VjrIBR%2Fwtk3WTKv%2Fy7Apt8KDtA11uH7WTYm3TRJgWECZXyWRKXqoBhaetFOQHIABnYW67waBzZHcoWocFeALQR5A9bp1ToM9ShTBUojTbR54CXxoIIgfr4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3866e9234333-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=30738&min_rtt=30738&rtt_var=15369&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HscqiY1d2SZV6IJfPFG3xvAep9YKZZeT9iuczaA9k%2Br5hVZGRTFb6Y1lN%2F22hh%2BzuGnLTT37Ea1%2F3IHTCD2Pek1MnhflXBaGMQfa1IFgq5I3uROkZbroZ7GjBno%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d386c3b6ac356-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1463&min_rtt=1463&rtt_var=731&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gmLfzxNjbePG%2BAl6WTug4hn1su%2BNHaVIfcGXCNP1qmTN93UerDst8JypEMSaVVWVqYn1P6riqRMzNKy9GqANIhB6XHpZJeoO5XlW%2BH9Nv8s7%2Fmcskf5gaunuPJE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38743f9780e2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1460&min_rtt=1460&rtt_var=730&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=118&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1QxflIwsCct1v%2ByiEuXDUjyUZexJwcE%2BW5C%2BKz1jStpt6ajFdlLXLmp%2BrtTq%2B9B5voEgUG5wd6%2BhHJthIW7NyG05X9mV7RdlCiMJvuZg1efNvWvESOtGPV3DMM4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38797b2b78ed-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1746&min_rtt=1746&rtt_var=873&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4wk%2Fe%2FAhK1wZOmkTE1sqPWHfd8lF9bSdEUGDoPZCL8cVPOZBWHEjiEgpyAffX9YwJ5CczIwmPGQJYGEeX5J0UQRYg6lfXjFUXsGCUmzgBdjImU6MnJa6i4avJZI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3881ebff8c8a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1794&min_rtt=1794&rtt_var=897&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=huTKG7cC6B%2Bj3lUkGOeBse2476B4VpiTBH0oVz%2BnNUVLxL%2FSFprhwM9FCHm77HGY9cZ8P6HG7x3GPHroshA1ilt6E73ezh%2BOPkt8F8qSFE1WItLIWwISYR6WPPw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d388a4bd95e7d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2023&min_rtt=2023&rtt_var=1011&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t5Htoc58kq9GJNcN%2BQ9zrMUFr4NH99qiQDwFDpqP5cOLfmmX3LtgTuWvikPJXmOYdmbEIkT53%2Fgsw%2BRTBsYWI11BZf7ev78FLZHbdP1Et4DgWddMC3XY%2FBrCTnE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3892c82c435b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1868&min_rtt=1868&rtt_var=934&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BvNRCRjnPy%2FkhohGb4OvfqWWJf%2BIiN8JGIbHji7kS8tdDzO%2Bi9cdezW2nsHfBeQBXev0VrmEfsbg7PXtN83ymvdKS1QcWZVsfCi1nEAmS7yFKRgQAisfYin%2Fw5s%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38981e677cac-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1803&min_rtt=1803&rtt_var=901&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bYkFLQ45cjz6Zy38FAm385mf5xfqC3V1qBeuqcw8M08p6SUfXpb0VYFRKbwWWifgDC%2Be5Wgkr65k%2BN1zP160mGWY5yO9iIB%2FqFmmcHDm8Gf03yvhjdiu7%2B0cmno%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38a00cbdc33e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1461&min_rtt=1461&rtt_var=730&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=26ueF4MnQH%2F3CM5kWz5tvqBYdw10WqJdulHwRtjzQQGI7L9yrhGHa8dYgOZLMtbWwiubzH0%2FF6dzkZxeY6FLAwF0SHYp%2B1g7qpPICzGWtqfjdIQKpVWvWKk3fWE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38a53a964204-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1564&rtt_var=782&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aETFDZ0u%2F4m701tnxEZovT2PVyLKggJVXTs%2F1ep3FGF21kzXcnL1khVgE0NDkWUHhdunoJ9zf%2F3Q%2BU2EccC6DwOK6ENXuytLvF7akduZMg2N53EoMOGZ%2B00nuTg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38ad5e5f0f68-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1757&min_rtt=1757&rtt_var=878&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8q6H8e925CvOE4oY3BD0ItbSwpNwXni9EDsrDiADBUDwKwa0rEErrc3OWHGQWtWGdgkgNs7%2FwIbHvir05uc%2BwAy0%2FwG7hkSuesWITGYpod40Nl%2BoKAOK%2B%2BoE3dQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38b56f85440e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1999&min_rtt=1999&rtt_var=999&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DX8pV%2BCfu%2FAJ9YczA2UfAB2AQ%2BXsbrgOoCZGTU1kLr0V4V1Q7Q9QxIX1GojLqb9doCwtsM%2FUO8lbx1Y4s69Q7A841LjTfdYUw5ORrK2OlfxNXZOQTDkFJNsPBs8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38ba8f8718ea-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1676&min_rtt=1676&rtt_var=838&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HHMHO4boqtkyQr7faju5Pb5ETODuCBW2S3jI4Ck%2Bpa3LGfHM8XVheQ2Jq%2Fn4douNSg%2Bmobod8%2FxKqCV4KBVm7OvnEbISWW%2BhN6Np2OAfRQU%2Bhdg%2FhuFlLbgQjYU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38c6a85b0f67-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1571&min_rtt=1571&rtt_var=785&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=83&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n8mhr3NO3NpLOXowdmjL6cMMwIeo%2BhWV8vxv0dXSXO%2FeRmg5FVSrMBvGXbmwvSaGSzX6KqTUmFqwaK1VBwqudWDvcWbkS%2Bgzf3YjaZryf2v1i7SdyyXMa5QTArA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38ceb9500f9c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1499&min_rtt=1499&rtt_var=749&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UC0xEQkfKPeCXjI6FN3le7x2%2BVGt%2BR2y%2Fk%2BpvdnLWY1JaDsjw%2B2MVu44RQaDcChgA9vIuM65Qd4vdkqqJyd%2FoBML4E8bYLMsme%2BRq0%2Bm8YmBqQOfHhUrVN6SNOg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38d70db60c8a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=3943&min_rtt=3943&rtt_var=1971&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=111&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6knxYZQUIyHPEnLxxp8U5CqOut%2BIu2V61alFFRmWHAc4lL9k8iIaq9%2BjRUkGMzpkT44ySOyJ%2BRyLQwEDjHNImqP95kE7ut0LzPcdjl8hKskBwkLviH3NCuiMmK0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38dc5bd1ef9f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1811&min_rtt=1811&rtt_var=905&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8267K%2FEZD0wAvi%2FaxmjaB1G36OP125wh6HNfCEmjAezWdbwOdmtsHqeQ%2BLBmw2HkZKBOeYuemT8i%2BSXzmnp%2FChYYhrdjZFQSVQKxNDkGz2NPofD5XGLpXtNoa3Q%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38e16c9a335a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1757&min_rtt=1757&rtt_var=878&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8AHbtvospkGBV%2FQh1eGWiHUOhfVIPMPf9zRJJ6%2BtD1CNCkzyQYRtFH%2BOU10ObA0iCe8LCwSzmT8PlBgNWC6KbNw%2BR5pXZXgBa9SuBcHybz6XLLVVrChheFIgbsw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38e98864c448-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1591&min_rtt=1591&rtt_var=795&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:21:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oY%2FucWtzaXaIzGv9fqfN%2FeugD%2Fe%2FDF8jb0ljCefABPdn1KlvrV8hihVoCP1k6Nm8fPpCW5YsZOs%2Bo0LSZsoCYqr2vSQLubyG5UcAum4ZhWfFBUO23erzO6OFv8A%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38eeb80b19bb-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1757&min_rtt=1757&rtt_var=878&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rGXWrNNCiR1olFteGpBCFcFmnp0QRWN3e59FtmB3oS8Dbz27CtqRraSGI5PzKVZoT3LVu5FkIZmBunEMx04smBo2jLr2k9nvV6%2FfH1cwAiu%2F1gNuzLFJb7KWrh4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38f3ca907281-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1776&min_rtt=1776&rtt_var=888&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZqE2M%2FOhH%2Fpfej%2BsTLGddEj2LuB86INsg79p9dA9JIMoUirPa%2F%2BNwHfiLnrxPiqzYhJ%2B1EZdlaSb7G87j22iGIsPfp5MXPIervpQrIfbujTUFlkiCLSoHaTeyAA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d38fbd84f7ce2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1792&min_rtt=1792&rtt_var=896&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tR22BJukUEbO%2Fh2XPuiOI1mzCMQ49UkfPOnahVaYBumFNbak1AkFh5WrzQ9ArGvenqKeUA5LcR6UzzCqmPOeZFU7%2BqkK%2BJWK3zLiM9KksyNk43PXzN6IscuzbS4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3904093e330c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1848&min_rtt=1848&rtt_var=924&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZzH2LyF0OC8CxjcxhTY7vQQ1R%2B7GG%2B0wetw8jRHDvX5755K9xjhHNzkMi8%2BVyLno4jRmKvesBMykn10%2Bjm17KN1xTCa0FaBgSGahITqxGy%2FKf3AB7l41jXILS2Y%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3909584841e0-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1569&min_rtt=1569&rtt_var=784&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WA1gaW5ZfEMKKLl3OwzDCRwP5QDFUHH94dXwXTyFwn2XEppxTWjIamLtnn%2FR30gTwciLgRTjtCN6SDWdIVp3dBzuXduB1QXK5P5Q7P984DUQCV6FN038JLc6BbQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d390eccff4400-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1731&min_rtt=1731&rtt_var=865&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=163&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fYWDjWp7KLvqutPbk733swDV13u663nRtWk4PiNbHSFj8B%2BrF052eAyfc4h58KVkdbLQH76OjmED4nhZ7v000WJw%2FwymHFUNfCYPoek6Gn3dhc4BLGu3tsSoHhI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39142fb142ef-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1559&min_rtt=1559&rtt_var=779&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T5T0QLOFEJiWrZJ1IcuhCQ2Oub5lyL94oS4CbwL56lZMG2CPLRL8%2FZRAkgd%2FoVN1lcT%2FCN%2FSu9%2BNcliKx%2BT05V0yGv3LhBXtIuzGkkm%2BA0wpgQqBOn5hH0o194Y%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d391c8fb79e02-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1794&min_rtt=1794&rtt_var=897&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KLIgTqVo13RzVBauISZSylXbXe41aWzPwWhafSAkqYoPyfqtW%2FDHGw9dD80eW4XDWKenkPOmewCT5KETJODj4qagggIy9xo1yCyy%2BhxyuGJanGXkBsW3T0fVnuY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3921ef7043bb-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1632&min_rtt=1632&rtt_var=816&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3xSsCVBgLZ8yulU75E8CnSLqBD2Hp13eNuTa0hQINahcWVCWidcR3aR5MxSG8aXWDzS1VQaJjZx2%2Fr%2B5qPAwo48n3AuSUXTBGHq8lBPgWtvqMX9C%2B5jT5LFShYg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39275fed436c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2427&min_rtt=2427&rtt_var=1213&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nDPEM%2B7ya1P7VvRBnamZQKe78YLudg80fsEUjVrt3FieBFjKzkAcnUpxC22ZJb3tJtkBMqXiKTHBF8WDMHDTsXbN8olRMzhq%2FgUxqvNfVZbAOEsiyCI%2FNDBhB8c%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d392c98224390-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1700&min_rtt=1700&rtt_var=850&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nbkr8cos8P%2B89Dcl9wIgcDVXW8AZ02ZGbV6A4imbsFAU9WThlOqMMt%2BesOEucYpjeyZjNQLc0A%2F7%2BjDHgauSG63XYyjmQRUOxIPs5teryZqeqZ0rAIQB372tQWI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3931bd2e4258-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2303&min_rtt=2303&rtt_var=1151&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=idGo22zCdBfTFeSg01MgKbTtyL6No6VoLfMrBNuMNBqz6Aui5jExmBU79Pa%2FDpkdgtpKyJQ0LDVMURnWjV8BiEZDXD%2FlSu96qsbJgjn4e3GQyMj32JDrps9oer4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d393d4d7141cf-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1584&rtt_var=792&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=183&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FAivfqPg%2BNQMMfTK0TXzZcEb5wXcHmnHmmUzTQqzx7kpDoYePesgS%2F7SOpejpkKht%2BS8EI76qI8O%2BZdiJIVdUiKljS3lBq625b0KAcF7YD2ypZJ6kBU1kKkr2js%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39427c3c1891-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1645&min_rtt=1645&rtt_var=822&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2BVereycsvFMGbzWUOAFJNYAVjo8DRpqFFatioxJvMvYcSGMuLCBjRIPsTaMNIMwKLklh7OkJo6XRDfrvXe7zQlTBiK3f%2FKJyrBZJX0x5vfsgTtmGA7Gze1tiKU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3947ac5842bd-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1588&min_rtt=1588&rtt_var=794&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LtDlHUih3NDs2ERlvmiizcW%2FkWXJHjDIdPXUL2lm25vOEenoDdIW8o7zWE4mA2E0xzBdeRdoATXN0cyDR7OoXUR5ZbEwrD0eL5Hvo7TiaHECceQ0O3tED9qlVbE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d394cdf05de9b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1597&min_rtt=1597&rtt_var=798&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Syz60kmhmbJ9yPzQfEwvkoCHQfFDTgrTiaZFeN45kpSdRuAS1OsE%2FqC0dovWSQ1tIJZOb%2FM3A0A%2F%2Fy1vj0%2BskLy%2B%2B7uH6cK4GWV0JasHmR8HIYQKD45pp4ozQFM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39533bf68c0b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1777&min_rtt=1777&rtt_var=888&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SeFqpYjry8FjjtZIsYo51y%2Fkqd%2FC%2FA7Gs1pPh6cz0%2FWpBWAD1h5cqE08tfPjA8kb2%2FR%2BEa2f75ezNusNWyM7OVsGkI7mmVuRVX1jpKCjMafKHjV0cNwjh2N4KqA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d395b8d828cdc-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1798&min_rtt=1798&rtt_var=899&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hjJBKn3nZZYAlKlpSbJU9G8EgTD55I5AM580NcxbFjhSO4beaINDMjZ79kYxjZ2BB1GbNxSo8WjYXmJZTXlPmVzchuuMFweVVjDuuBv930f142ROqQk7rIbMncY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3965ccea4398-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1681&min_rtt=1681&rtt_var=840&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fmNmYSJEG29o1xEzSm5GR6RB6IQ79HEIkPjslQBv103frn6E4SIoTy10I%2BNPKj2BuIkLaXbBJSSrF%2Bin2%2Fa30mfv2AfVJkXsThLDmBrmcAA6RHIO89PdE5u3PkM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d396aef070fa7-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1458&min_rtt=1458&rtt_var=729&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6OpaDeR79yIKZ3225tdHd9b9v5PfbejQ9et%2BuqpkJ0Jv8D%2BUT2zFwO691DQf5g0TMb6Hkg7rREBf07rnsL9yMSwTubnAuWFc2Rrqk04%2BkLJB7Ib7tw5ZH90k7Ew%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39702ae542c8-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1537&min_rtt=1537&rtt_var=768&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dPYtu5Q3OwCDBcaCA4cdIl4M8ceReZXcdBKUCkFdc6r1dj02Xm0JW5UHZ4MOfNnoX%2Fzm0pRdkyJHayyEQgALk7PvgjAB59tQyC%2F%2B8t28W3%2F%2FHOJMk%2FmD9MnZIKM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39758ed143df-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1655&min_rtt=1655&rtt_var=827&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SYconaKY%2B%2FLkfNJBppRSavxq%2Be%2Br87dr5S2CsLsXP8KBt%2FEyqdYx5pxSbg49zQzeNuxp4StZ9IHXU%2FWCuiKI%2Fyr6CiMFJzSdW1hPY1d8U51hvecVsN7Ot5PtjRU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d397e1a6b728d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1752&min_rtt=1752&rtt_var=876&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BkTWV9TjKA1BuQR%2F0LtiDtbdxa4gifpRopiTKpyAnyxcTmhNQ0k9c7Jn3y%2FOOFw9oLEE0amFH4%2BD3X169cpsdY96XNVkTD0%2FAOcWwsk0yfd4n7cF5eiJ7eIKvh0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39833bfc43e6-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1688&min_rtt=1688&rtt_var=844&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XTAT0m8voSR%2BGjZkUX9jMnCyG7jJz2a0QyzlSjc4362J%2BJW6jVufRi2nYmHXd7AZB9S0MyVVK9afbLYme32QrpNSUa5rKV4%2F2o5o31Ggt0VHNrGVwsl4uABfSrE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d398878d54399-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2151&min_rtt=2151&rtt_var=1075&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VeLM3Mt9mufKEI33Os0jMDJNZrO0Dr2De5lAdKHH05XN13izN2f71DvBszmR1k4Mm6lFPqwgbS5Ptb1GX1DFdWJ0ty8n13hcy2rKJn8rJEp8z5D8cop7gjUHnY0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d398d8a5342ad-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1557&min_rtt=1557&rtt_var=778&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AUR0maoPINxsoYgDn%2Fl%2FzL87wAXN5dM0hAmojyJPjfzkZtQClvrXpEtYrvOhZcGwzWnZPCChjpJr78NZMI3jx9DQNgcz9uvq8qYF4mpzl4cuRydQ9Zhhj9b71pY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3994497e0cac-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1478&min_rtt=1478&rtt_var=739&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VZGR9GfGFIN8zGw8qlD1qlBEgIFTmASquugH9OvEi2ktie1ID%2BzpZ3tDEDi2Oe5VHI39tk%2BoYphFqErqPATHtWedVTDLiXGtyHspzOsIY%2BCf9wzTImyS6XNNrD0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d399fbf6e7ca5-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1857&min_rtt=1857&rtt_var=928&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RcRksb1XZ6GQ4uJKQaIm2Se1VnHFXKYeMXLvi0tAQ01k9FCkZIfIfUs4KQX7H0njtX74kiBW%2BFNfFQ7UjpVXKWLtXaC4JLI3NX5AlmRdcn0q6abgiAQQOE%2BzIHU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39a4ce6941df-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2023&min_rtt=2023&rtt_var=1011&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fFST%2FSTjLcL57eZeCPnF8c1EJ8F6lKlxZji1CsK8HHvMOeFyAU2nXAQ4ArySRX0jV8WKBH7L3qEKlP3kUZjqlNXzvcfHJXOGaQRhhy1WbKq1LArp8%2ByivrVkX4o%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39b0ce704258-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1564&rtt_var=782&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vka80HzhEO4pVGhliFGiBimvH8KwZ7KzB0fPjmrAGCQcQfEd4ZBY1bQl9%2BGSMNa1MJ3VcFXr%2B5cu%2FNR7Ocy%2FJ7rwUL%2B0LAXruHCl9hNYAIjcJ9Sj53A80V07Fik%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39b60fac420d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1709&min_rtt=1709&rtt_var=854&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BrrIUxRgQ4GZubfOlG3ViSdhG6fNjzZ3sX%2FjrMkm60%2FG%2BSFwPl9y5bMmyh%2FSdOr2wswDjDEMKow9qrM4%2Fb9q2E5I7q1%2FQ2d7B8ex4MAX2bG%2FcSpXdVGw5pWgoSg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39bb5d2c0f42-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1469&min_rtt=1469&rtt_var=734&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rDm0BJyjhGgcU5K96ZOPrM0PykRopHspSJAYwRKY8sEb3rYHqRuE6G0aA2YKEUj%2BmvC9dsanenXCG5TvJ4rSvkUhsF4TAOWsCzUN2okAMDHp0o%2FbsM4WYxfM4Ws%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39c3ced74345-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1902&min_rtt=1902&rtt_var=951&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vwJGPfxS%2BnYKRMJkFUDy6jF91hGM6AYE8Qb1wkzMj7N6raK3YIk6V1S2ygZr%2BdeBYNBh%2BK8bJTGcgHIseEngoK0IAZt8kADPiaCW478B4HBDfx9ZnVBcWse1%2F%2Fo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39c91a0d440e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1654&rtt_var=827&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FwJ%2FwDhfhp4FUCiryKwejE71wGCE%2FMA4Ae%2FAQuL3FYwrZ%2FfGbnNduF1SqL12hHm%2BIXuPoZnJjss62WPaFyaMAYApP7I0IdE0jrWlJEURZ0xBkNN3TuPbGyobjMM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39ce4e7f4363-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1739&min_rtt=1739&rtt_var=869&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QVrgE2iLnqb0h2sgWxLzDJ5Se3whSJ7hsoznODQ9atkU%2B%2FAEvEG1T3xTi7f2CgRGyjsZ9usPT1xxQF1VWEiMB%2FGqhwP3zooVDyM%2FKqr85sX2GJTuMD7B3sxZ71A%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39d65ac68ccc-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1766&min_rtt=1766&rtt_var=883&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hj7uz0QbEfBO3zKVlimYHPJbDTJydYeWZKDir%2FRsY23KQxYJSteJ2MZjGVB9qMJBSHJUq%2BK7US93zW6%2BCp42Kb5Ta%2FfeItXXvU7ldhOq6p9CYlLViBZgxHOyDVU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39de897ef78d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1652&min_rtt=1652&rtt_var=826&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dFIm9VbO%2FtLoI3BPN1fxnYQOB6Wazmg4UYybaA1zft4upDRcG6pVAdHzJUEzK4ltDRg10tFOnAMCsKlrbrjYtB0997y6pDFiJDwuCFaOWFqq%2Bu0Xmw3som%2BFcP4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39e3bfad72ad-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1931&min_rtt=1931&rtt_var=965&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nekl575ZwboLnMVEtaxgFq6NvfMIjDQwSKx8JhgPBUctBrSlFD%2FdUYoq1P9cHOu42qzs6Fbq2MZbfcb5w3m6z%2BlsKsMvQlgNSwawgyn2LvRhlfKwO%2FFqLb4M80w%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39ebe86f4273-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1522&min_rtt=1522&rtt_var=761&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u0pG8yG5oEQ4Zcowouc%2FvLBkxLZIJ6FpBkb1m0Ze9lYkaclUGT7megSwlobvcvx1mW5Jy%2FXVuVIsODgWjwMhQa7SNH9EM6aIFri%2BBBMaE%2BZek3UcjSyvf1QqNt0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39f66fb6437b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1646&min_rtt=1646&rtt_var=823&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VHlio9FAM4BMMiIjGf%2BhaFPBNo%2FQ7KZeBwbrTW5600qMEfa6Q1ULHnDrsRminfEgdsVllhV5KDdNFtU6BY%2FT5NAQd1EQONM4a8HhAKLT0Snfs4hdjRMWarbkiaQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d39fb8ad8c359-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1478&min_rtt=1478&rtt_var=739&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cDCQAApc5udsQYimiX%2FUwTgBLPApdY5B25nKTWrjHWryb0wqz1AYPMkAoHsAIJJYeh%2BI%2BiUk946poO8z7s5ZX2%2BjZ%2Fwu8ODeV00sPwXGzmw4NUXo%2FcT7v2035ZA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a03ba240c88-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1477&min_rtt=1477&rtt_var=738&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NAVRzvks4qj91Nt4vpN%2FvyktCVAnFA3PaBbsE76m4DDYNrOd%2FaBLf%2BT1ilIsXoJSeic%2BF%2FvXA14G2kc8tr5pQdtAcylG5yHlfwIlybpQ9NX1jxfDDEaJhWBM2bg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a08bc15c44d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1765&min_rtt=1765&rtt_var=882&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JXaH3avgVpe6oRwAnFSUYnY08vh%2FhzlnaCLzHYNuwy7OBlOCJru9rSaz%2FxB0%2FU%2FvNhOJrKLIAMM8%2Ft4qw2mE%2FxwtEs70TrMImyYZCcJF8jpgyfPA81LrYFnb5Vg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a10bcbe6a56-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1637&min_rtt=1637&rtt_var=818&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y5PYvfJ1sGZnbaS8BIxnCNZFsJ%2FBef6btHa%2BFXfaMmapYvBS%2FHUgOir9pGlDIIJ03wHY33Q2qpqrYMk%2FEm28s8cewUkAQb%2Fd0yLqrLFzgn588fmoTw2iEtV904s%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a16cf9942d2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1547&min_rtt=1547&rtt_var=773&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WBtktQjm6xaB2oFdLzbGymcS6iP4e9QanfDVWEjQFXWY0VQhUOAoVbgyBxTviYQuNXhuFOabmm2SofEAdzoRY1Gq%2FF%2FxaqR2Hb5ZuflGqGcoU4vwqEGn43nwHwA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a223a218cc5-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1772&min_rtt=1772&rtt_var=886&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FmFcsh7AbQLmB59xrPLQDOCTqwmSmwhnf13bhbUlVp%2Fl3Qp%2BQaWx37I1fae9nRIFiTrDn7e9qIVS17bhAOmQhm8AsDWUAeKri%2FCb1q2vC6SGSZI4HOS%2BPxj7TKs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a277e107293-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1804&min_rtt=1804&rtt_var=902&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GJxA9GXYEbAxaWXzMoE48r00D2WGEFyRQzF%2BOXHPx6wNpec%2BQ%2Bad9bRuSL%2B%2FB8FY7bDWCWzDYQpTUzVJ%2BLh3wu7ch4zCbh7ddh1YtPZU8BYtF15nkI9fE%2BiAzz8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a2cecd34396-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1690&min_rtt=1690&rtt_var=845&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w3JXTX5xrI%2Foj9%2BRWUhqgc6aaV8wNSDjrFiRaDY91Fuz3O02RSnptBe7Mky32%2BZgDvuH5ZCcL7I4fpikjSN5WfTfL35e9h4sdhAjn6xVuzGmKOQdaE2KEaXODSg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a32385b8ca1-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1787&min_rtt=1787&rtt_var=893&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K31Oova%2FGOdolbO7NKZARXfi49%2BzOk2hAH3yeAg0cAcIIenCtXgyv3Lyife0HDKg38E2H3AsRHwO5PcDBl1Zvfg7%2BA%2F04X1olQw8Nqy6Skd%2F98Mp%2Fh%2FbneTeF%2Fk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a3b8ba842c0-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1583&min_rtt=1583&rtt_var=791&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dUCsOU0vT82chZSUNKgT3DeLzPTD%2FOaewIqYKEnIqMeim9%2FT%2BovQ0sDh3t2Q3cqcmT8%2FAPnXW23fbF3%2BEcuSAyr2%2BtpyORvPesu2FhV6pmkp1I%2Bl2SjK0%2Fvki38%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a40c9d243df-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1699&min_rtt=1699&rtt_var=849&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oVikcxzUP80Y9pu9HE%2FxBCzBdxkX7oloMaPVRrYh78oY0ZkZAuySqPVxXDqv%2Fsx%2F%2BdsAvB5Zl2Rk3T%2BonDCXiU5bINk90LKFrbhUh96fx3QtXOQ4s%2FHT2RoO1UI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a462d30434f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1734&min_rtt=1734&rtt_var=867&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z0DftTU%2BngfBWzbVn3QZ%2FifAj1lwMH0wlFe0CgT2uKSBz6g5i%2BFs7rkDZtSG3%2FfBgYflln2u3IAXyEGugVZg0ukcwBsKJCspfeiDIpfvQYXqrcALFF22GDn%2BbQ8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a4e6c3b4217-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1735&min_rtt=1735&rtt_var=867&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y8NzXRYfOnrcHZnhZerkl4b8joXQ2k8lSDApUlnYnEId0xBxKxnY8yUXFH1MCiJlK9%2BxmRf5sJlLX%2BUX11JgFcUL8wzVqhGRVA2mACrjYLc4v5cQ6xrRUHlXM8g%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a53983b5e6e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2160&min_rtt=2160&rtt_var=1080&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0d2VAviXM5cwkhRhDzYax%2F2Xfh64asDRMRMX0smShN00C4R73YygRxrlwuHqyd0ZJ1IDCJ%2BX9g82QprUROJX8g4lYI%2BccByjAX%2F0Sd03xg1rWy5MP3cPkN8SIrQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a591e72330c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1825&min_rtt=1825&rtt_var=912&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:22:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lj4N7y7EcPGYvYcic7uGpChvpLwY%2Bi3FnLtkt5TIzjIB%2BqR2uQanXt%2FCX8lkREC9JXS9NCn8yfGxOLoOpeIgn8NVbfDSJGuVFzZg0Vu5d8nRfzjeGjcJvoa7C3g%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a693d0e42ad-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1548&min_rtt=1548&rtt_var=774&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cVv4JpwUNVAZTqeSVpXGxEPV4uy%2BMeeyUx0nqz2jVx%2BYmZaWm4ijuSsYSZLCUGr3qVt4Oygdni%2FTqy4mGRGxWMbuz0WNY1reu4PkL9tg33YR2nKIjx40T1OYt1c%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a6e396a42ad-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1595&min_rtt=1595&rtt_var=797&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2F6rM96joXB%2BYTxO4%2Ff01a%2BSfe46%2FOW6NK87aukHkRsSyjgX68xHGWqCtIeG23dK4Z8hkfX1UueQ17bAkSv%2BOIOvHtXG6RupgYlRMroRCaFkkpRzdgqHqyFvTiE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a76696843c2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2219&min_rtt=2219&rtt_var=1109&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=170&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oaVio6o5w1znWtqzWdlnm%2BYT6IDdZ77Xy9z%2FrMSMrM8CjX%2F5gCSmC2hzLP5RiEFcKenPiwxjLgVXZ7WEMkiDpTnMlODwxVvMmI%2BsYLc7fEGxPH6APVZLB%2FRrva4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a7badad4358-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1645&min_rtt=1645&rtt_var=822&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FAS%2F22ZQ9dj1toUC23JfFDj6ldn5vDiDwQbd%2BzhHoi6GCIjjbWQ62u6bZd%2FyMy0ACuk9tV0MV1BIry2K7BbVgWdr%2F7N0gSBN2YbwIvJphJRunZ%2BRsh1FyJZ5HHM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a80cdfd8c8a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1758&min_rtt=1758&rtt_var=879&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kzuDTYSERsIw8rTqF2go7Ebrczmje3xVF08MxuiALZipNAEHCFqMGXa%2FK0DR4VNLTBdco2Uyhgd3NLcpSotLREIxXn7Q3ZLc%2FwktcmsCM3FQ9lbOKPzt4QRCiwg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a896a217d16-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1796&min_rtt=1796&rtt_var=898&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0yPLAUxvqGqF51Kz%2FNF4yPuBm%2BR06RrGLu2GXadtjOUnyiIiFO%2BAgLwO57I2XQIY2LGa%2Bmeyx%2FO9UqcV37wFBQa31NJVMZPGZbTNU5Pu87Ya8l1dnFX9fVNvVW4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a8e885ac34d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1478&min_rtt=1478&rtt_var=739&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K1pTf6QcWBwvHAwILUzA2PyJ9EXYsYt%2BRF7w8wXENNpVKhznVZGdbCxUNq2h8SzSCwi6hxAciQd0XpwpqQUC%2BjIEHzDSimgLgKrtQukCSRYjeE70xsByJBOGsm0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3a93db6c43a3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1651&min_rtt=1651&rtt_var=825&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y%2B9EQzsb93sc3R%2BtRI0WI1R6aSkhlv49Ge5EDPh6xzslgPk49x4GSCl%2B6vR6vHdoFW2v4zLK0E7Rl9mdCD2dKA52%2BCsqPwv00HZGqIm%2BXO1%2B2LZGnhQbkdUoslg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3aa94f3f4289-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1538&min_rtt=1538&rtt_var=769&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=148&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5wd%2B%2F1Hf7z12IDObLFsVZb8MlfW5%2Bh%2FG0cv9RzgzennQEeB%2BJ0EZIHxo7yaXCcbzcS5jDXMn4GagEN1cIkvXJV5%2BKcqIdoVDRIKZimKgEfwL%2B1MeMbqyOxXhL1Q%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3aae5e4a0f41-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1490&min_rtt=1490&rtt_var=745&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=154&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YkcQ%2FWbdKrlAfAOda9tup4Sh1YT3PX4vuMLP%2B7Yqp%2FlNgq0pUvhxd%2BNnjgoSDVt%2Fc946%2BMVdsiMWFU2dwRlITQ6Dco2i76o2bN3cNzLPmdnKzz5VMtwxiKZRWyE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3ab65a9442d4-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1565&min_rtt=1565&rtt_var=782&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O71psS7vPOyfvZHFB2fz7RBV7v6ZubjgIuq%2Bp8ctXwycNDk6Rh5KIWA9wDYm7v%2BQi2jelDntKuw%2FwAwhU1qCfC%2FKnXdMHOHwpsn5L%2F8Y7Dnc8a4gHsG3uXdBZac%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3abb8e2d7c90-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1746&min_rtt=1746&rtt_var=873&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4OMq6vDoVmr86sMymGZyx7LlG3bMdAfqUpXat4BwuedqKBeBUsJJO0vliXJtJGQ3kK8gpMpB8Sh3m8ljEf6Fr2pikYrAMg0jezJeoe9hfGxg7vegN7Baf0mx8SE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3ac119c87c8d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1780&min_rtt=1780&rtt_var=890&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EZXxu1Wokz0z4e8dlOln%2BLTBFWoZkgMrpLaA8ckSWUwg3vpwQuJRnrc6cW93paetKus3Rafk6sddF6wVv%2FpbgpYVKzJ7eGvzABR8cUZO3dkibfpZHDKbWD4obSY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3ac94b577d16-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1788&min_rtt=1788&rtt_var=894&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hg5wByzjyP1EVR%2FJNDqtu1nKaXJWJq12uvUdAPXRnwhNC3%2Fmr2G5XSZAqArGgcaEwsp%2BTola7agyzQtt35xwsjH%2BmNUrtkdzqJLPVAwu0%2FPqia9wNsFYhnvejbg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3ace592a4349-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1689&min_rtt=1689&rtt_var=844&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bk1BLj4YJ%2FCC72DQAydnZkvlsv1CoN9dsa0%2B%2BdNcR%2BQRkaFynT05FWcnuA8cn%2F8CRfp9c9KshnPsur0BaKUQ7maPs4kabsAMsGgfn01YtWGgsYWAsgP%2F7BrXkb0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3ad64d460f8f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1698&min_rtt=1698&rtt_var=849&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SnAbcPJmSpEG0GbYzLoTmSu7JrPjPGNNvS9ROdqXhFg%2BeiawtU%2FGUrRserlAuVb%2BXA07RHdnfX%2BKA6X1SFa%2BgreEs3SwAX8xXYDEXoHgkavtCcsD3Q4M2UcmCN4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3adb6f0b41ac-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1552&min_rtt=1552&rtt_var=776&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GFfdU%2FOOaktIq8%2B4vy%2BULJpDSg93%2B%2BAC2rPVtHFmzt%2BH9G9tahlj1ny7CbM4QKP2dr3evHlf%2BNWvxaNpu8WF1I%2Bz23OdOxImSV26p82U%2BFjzNQMOrdrg%2B9V14Yc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3ae9defe43d7-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1742&min_rtt=1742&rtt_var=871&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w4Y20PEPLSXXKQ%2BMrPJEZM271YPgFNpt%2BmhvBX263DS9eFxxLW6I%2BcLIDdPQ9N70lyIYJWZvXN9NSpUnLGR9geQySdMeg9WDX5nh6feTbI95Ry1T0z2YzmEthBw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3aef0ec5c344-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1438&min_rtt=1438&rtt_var=719&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U1pMADPdfVmCWcBS%2B2q7OIriOIw3u9KvSZ0y6qj4PyS2EPfZnzuTfaHPE6TqDshb%2FbIKfSQOzdfXSi3AQDNNykfhcXBNy%2FmeiDEvLqbcvuYnWemGM83hPmWHk5s%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3af45e4fc3f5-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1677&min_rtt=1677&rtt_var=838&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 22 Feb 2025 07:23:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXFTrE91FUr%2FgMysFqFlrbayXUQ%2BQ2YP8I3h4NmSrumFSy%2BesNSPnys28Je6DPgbyM9yjk2%2FUbjtWl35Z1aNev63OPgHuIIt2y8ztb9q%2BzjiATBrezYA9RrWsN8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 915d3af99bea42eb-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2049&min_rtt=2049&rtt_var=1024&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=388&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: Z6hL5LKAX4.exe, 00000000.00000002.2961733264.00000000004A0000.00000004.00000001.01000000.00000005.sdmp, Z6hL5LKAX4.exe, 00000000.00000002.2961825798.000000000067E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sebel.sbs/Devil/PWS/fre.php
Source: Z6hL5LKAX4.exe	String found in binary or memory: http://www.ibsensoftware.com/

System Summary

Malicious sample detected (through community Yara rule)

Source: Z6hL5LKAX4.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Z6hL5LKAX4.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: Z6hL5LKAX4.exe, type: SAMPLE	Matched rule: Loki Payload Author: kevoreilly
Source: Z6hL5LKAX4.exe, type: SAMPLE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Z6hL5LKAX4.exe, type: SAMPLE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000000.1706955457.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.2961697572.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.2961716717.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000000.1706982278.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: Z6hL5LKAX4.exe PID: 2080, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Code function: 0_2_0040549C		0_2_0040549C
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Code function: 0_2_004029D4		0_2_004029D4

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Code function: String function: 00405B6F appears 41 times

Source: Z6hL5LKAX4.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Z6hL5LKAX4.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Z6hL5LKAX4.exe, type: SAMPLE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: Z6hL5LKAX4.exe, type: SAMPLE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: Z6hL5LKAX4.exe, type: SAMPLE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Z6hL5LKAX4.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000000.1706955457.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.2961697572.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.2961716717.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000000.1706982278.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: Z6hL5LKAX4.exe PID: 2080, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/2@1/1

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Code function: 0_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

0_2_0040650A

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Code function: 0_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

0_2_0040434D

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Jump to behavior

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C

Source: Z6hL5LKAX4.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Z6hL5LKAX4.exe, 00000000.00000003.1708285577.0000000000665000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Z6hL5LKAX4.exe

ReversingLabs: Detection: 97%

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Data Obfuscation

Yara detected aPLib compressed binary

Source: Yara match	File source: Z6hL5LKAX4.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2961716717.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1706982278.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Z6hL5LKAX4.exe PID: 2080, type: MEMORYSTR

Source: Z6hL5LKAX4.exe

Static PE information: section name: .x

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Code function: 0_2_00402AC0 push eax; ret		0_2_00402AD4
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Code function: 0_2_00402AC0 push eax; ret		0_2_00402AFC

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe TID: 1148

Thread sleep time: -300000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Code function: 0_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

0_2_00403D74

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: Z6hL5LKAX4.exe, 00000000.00000002.2961825798.000000000067E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Code function: 0_2_0040317B mov eax, dword ptr fs:[00000030h]

0_2_0040317B

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Code function: 0_2_00402B7C GetProcessHeap,RtlAllocateHeap,

0_2_00402B7C

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Code function: 0_2_00406069 GetUserNameW,

0_2_00406069

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000002.2961825798.000000000067E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Z6hL5LKAX4.exe PID: 2080, type: MEMORYSTR
Source: Yara match	File source: Z6hL5LKAX4.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2961716717.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1706982278.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Code function: PopPassword		0_2_0040D069
Source: C:\Users\user\Desktop\Z6hL5LKAX4.exe	Code function: SmtpPassword		0_2_0040D069

Source: Yara match	File source: Z6hL5LKAX4.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2961716717.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1706982278.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Lokibot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000002.2961825798.000000000067E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Z6hL5LKAX4.exe PID: 2080, type: MEMORYSTR
Source: Yara match	File source: Z6hL5LKAX4.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Z6hL5LKAX4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2961716717.0000000000415000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1706982278.0000000000415000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	2 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	2 Credentials in Registry	11 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Access Token Manipulation	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	2 Data from Local System	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 System Owner/User Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	3 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Z6hL5LKAX4.exe	97%	ReversingLabs	Win32.Infostealer.LokiBot
Z6hL5LKAX4.exe	100%	Avira	TR/Crypt.XPACK.Gen

Source	Detection	Scanner	Label	Link
http://sebel.sbs/Devil/PWS/fre.php	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
sebel.sbs	172.67.186.47	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://sebel.sbs/Devil/PWS/fre.php	true	Avira URL Cloud: safe	unknown
http://kbfvzoboss.bid/alien/fre.php	false		high
http://alphastand.win/alien/fre.php	false		high
http://alphastand.trade/alien/fre.php	false		high
http://alphastand.top/alien/fre.php	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.ibsensoftware.com/	Z6hL5LKAX4.exe	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.186.47	sebel.sbs	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1621690
Start date and time:	2025-02-22 08:20:21 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Z6hL5LKAX4.exe renamed because original name is a hash value
Original Sample Name:	35eb283a5c0de6121bff7240d4b18b1f.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/2@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 35 Number of non-executed functions: 5
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.60
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:21:20	API Interceptor	109x Sleep call for process: Z6hL5LKAX4.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	PWSW6GK3ZC.exe	Get hash	malicious	DBatLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	Os0Vn1Xaq3.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	172.67.178.244
	na.elf	Get hash	malicious	Unknown	Browse	1.1.1.1
	BUenB12U2a.exe	Get hash	malicious	NetSupport RAT	Browse	172.67.74.152
	BUenB12U2a.exe	Get hash	malicious	NetSupport RAT	Browse	104.26.13.205
	http://orico-partyard.olkiw.cn/eorico/login/	Get hash	malicious	Unknown	Browse	104.21.80.1
	http://orico-rapaciid.xqyrr.cn/eorico/login/	Get hash	malicious	Unknown	Browse	104.21.16.1
	https://staemcomumnity.com/gift/id=95124	Get hash	malicious	Unknown	Browse	104.17.25.14
	http://hub-ledge-live-wallet.webflow.io/	Get hash	malicious	HTMLPhisher	Browse	104.18.160.117
	http://help-s-ledgrralive.webflow.io/	Get hash	malicious	HTMLPhisher	Browse	104.18.161.117

Process:	C:\Users\user\Desktop\Z6hL5LKAX4.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\Z6hL5LKAX4.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	1.0424600748477153
Encrypted:	false
SSDEEP:	3:/lbq:4
MD5:	8CB7B7F28464C3FCBAE8A10C46204572
SHA1:	767FE80969EC2E67F54CC1B6D383C76E7859E2DE
SHA-256:	ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
SHA-512:	9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................user.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.05347694715545
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Z6hL5LKAX4.exe
File size:	106'496 bytes
MD5:	35eb283a5c0de6121bff7240d4b18b1f
SHA1:	9e52d60910a938cadbedf32601fe135392e7213f
SHA256:	2f048f2a0606486cabeeaf6950807615b77d2897c02791f2e76bc0d63e31a619
SHA512:	0041c14a22b38c8a43e4d6886ca7b65b691b16ca198a311762b2ae740dcb32fbea2cc5dcbd6cc0c3228d1a59fef181bab68349e3269a41331f69a8acb17d212f
SSDEEP:	1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
TLSH:	F9A31A42B2A5C030F7B74DB2BB73A5B7857E7C332D22C44E9352459A18215E1EB7AB13
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x.....................K.K.............=2......................................=2......=2......Rich............PE..L.....lW...

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4139de
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x576C0885 [Thu Jun 23 16:04:21 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	0239fd611af3d0e9b0c46c5837c80e09

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push ecx
and dword ptr [ebp-04h], 00000000h
lea eax, dword ptr [ebp-04h]
push esi
push edi
push eax
call 00007FFA4CC2F259h
push eax
call 00007FFA4CC2F236h
xor esi, esi
mov edi, eax
pop ecx
pop ecx
cmp dword ptr [ebp-04h], esi
jle 00007FFA4CC2F416h
push 004188BCh
push dword ptr [edi+esi*4]
call 00007FFA4CC218E5h
pop ecx
pop ecx
test eax, eax
je 00007FFA4CC2F3FDh
push 00002710h
call 00007FFA4CC2219Ah
pop ecx
inc esi
cmp esi, dword ptr [ebp-04h]
jl 00007FFA4CC2F3CEh
push 00000000h
call 00007FFA4CC2F22Eh
push 00000000h
call 00007FFA4CC2F542h
pop ecx
pop edi
xor eax, eax
pop esi
mov esp, ebp
pop ebp
retn 0010h
push ebp
mov ebp, esp
xor eax, eax
push eax
push eax
push E567384Dh
push eax
call 00007FFA4CC1EB89h
push dword ptr [ebp+08h]
call eax
pop ebp
ret
push ebp
mov ebp, esp
push esi
mov esi, dword ptr [ebp+08h]
test esi, esi
je 00007FFA4CC2F454h
push esi
call 00007FFA4CC216B0h
pop ecx
test eax, eax
je 00007FFA4CC2F449h
push esi
call 00007FFA4CC1F6ECh
pop ecx
test eax, eax
je 00007FFA4CC2F43Eh
mov eax, dword ptr [0049FDECh]
cmp dword ptr [ebp+10h], 00000000h
cmovne eax, dword ptr [ebp+10h]
push eax
push dword ptr [0049FDE8h]
call 00007FFA4CC210E4h
push dword ptr [ebp+0Ch]
push dword ptr [0049FDE8h]
call 00007FFA4CC210D6h
push 00000000h
push 00000000h
push esi

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[ASM] VS2003 (.NET) build 3077
[ASM] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[C++] VS2013 UPD5 build 40629
[LNK] VS2013 UPD5 build 40629

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x18ed0	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x15000	0x5c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x136f5	0x13800	94fa411af1cc6bb168a3ea0e66e80f78	False	0.5685096153846154	data	6.49204829439013	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x15000	0x4060	0x4200	15686b489e8ad18c33f8b12a6e57b4ee	False	0.3659446022727273	data	4.255999483050136	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1a000	0x85e24	0x200	955b3a57edf41d6c47c7225e8d847f91	False	0.056640625	OpenPGP Public Key	0.32171607431271465	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.x	0xa0000	0x2000	0x2000	85547a31c7641782d423d552b02afce3	False	0.0184326171875	data	0.1968893631329867	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
WS2_32.dll	getaddrinfo, freeaddrinfo, closesocket, WSAStartup, socket, send, recv, connect
KERNEL32.dll	GetProcessHeap, HeapFree, HeapAlloc, SetLastError, GetLastError
ole32.dll	CoCreateInstance, CoInitialize, CoUninitialize
OLEAUT32.dll	VariantInit, SysFreeString, SysAllocString

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-02-22T08:21:18.416954+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49731	172.67.186.47	80	TCP
2025-02-22T08:21:18.416954+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49731	172.67.186.47	80	TCP
2025-02-22T08:21:18.416954+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49731	172.67.186.47	80	TCP
2025-02-22T08:21:19.097566+0100	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49731	172.67.186.47	80	TCP
2025-02-22T08:21:19.542515+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49732	172.67.186.47	80	TCP
2025-02-22T08:21:19.542515+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49732	172.67.186.47	80	TCP
2025-02-22T08:21:19.542515+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49732	172.67.186.47	80	TCP
2025-02-22T08:21:20.664051+0100	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49732	172.67.186.47	80	TCP
2025-02-22T08:21:20.742356+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49733	172.67.186.47	80	TCP
2025-02-22T08:21:20.742356+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49733	172.67.186.47	80	TCP
2025-02-22T08:21:20.742356+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49733	172.67.186.47	80	TCP
2025-02-22T08:21:21.403537+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49733	172.67.186.47	80	TCP
2025-02-22T08:21:21.403537+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49733	172.67.186.47	80	TCP
2025-02-22T08:21:21.408627+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	172.67.186.47	80	192.168.2.4	49733	TCP
2025-02-22T08:21:21.556777+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49734	172.67.186.47	80	TCP
2025-02-22T08:21:21.556777+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49734	172.67.186.47	80	TCP
2025-02-22T08:21:21.556777+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49734	172.67.186.47	80	TCP
2025-02-22T08:21:22.222679+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49734	172.67.186.47	80	TCP
2025-02-22T08:21:22.222679+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49734	172.67.186.47	80	TCP
2025-02-22T08:21:22.227839+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	172.67.186.47	80	192.168.2.4	49734	TCP
2025-02-22T08:21:22.380103+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49735	172.67.186.47	80	TCP
2025-02-22T08:21:22.380103+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49735	172.67.186.47	80	TCP
2025-02-22T08:21:22.380103+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49735	172.67.186.47	80	TCP
2025-02-22T08:21:23.509071+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49735	172.67.186.47	80	TCP
2025-02-22T08:21:23.509071+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49735	172.67.186.47	80	TCP
2025-02-22T08:21:23.515872+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	172.67.186.47	80	192.168.2.4	49735	TCP
2025-02-22T08:21:23.664348+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49736	172.67.186.47	80	TCP
2025-02-22T08:21:23.664348+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49736	172.67.186.47	80	TCP
2025-02-22T08:21:23.664348+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49736	172.67.186.47	80	TCP
2025-02-22T08:21:24.351754+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49736	172.67.186.47	80	TCP
2025-02-22T08:21:24.351754+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49736	172.67.186.47

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Z6hL5LKAX4.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Windows Analysis Report
Z6hL5LKAX4.exe